What is the best practice for reading values from a URL parameter in PHP?

When reading values from a URL parameter in PHP, it is important to sanitize and validate the input to prevent security vulnerabilities such as SQL injection or cross-site scripting attacks. One common approach is to use the $_GET superglobal array to retrieve the parameter value and then sanitize it using functions like htmlspecialchars() or filter_input(). Additionally, it is recommended to validate the input against expected data types or formats before further processing.

// Retrieve and sanitize the value from the URL parameter
$parameter = isset($_GET[&#039;parameter&#039;]) ? htmlspecialchars($_GET[&#039;parameter&#039;]) : &#039;&#039;;

// Validate the input against expected data types or formats
if (filter_var($parameter, FILTER_VALIDATE_INT)) {
    // Process the parameter value
    echo &quot;Parameter value: &quot; . $parameter;
} else {
    echo &quot;Invalid parameter value&quot;;
}

Keywords

PHP URL parameter $_GET parsing validation

What is the best practice for reading values from a URL parameter in PHP?

Keywords

Related Questions