PHP GET Function

PHP Secure Ways to Pass GET Parameters In URL

Author: Waseem Ahmed
Updated: July 18, 2019

Almost every PHP Programmer use the GET method to pass parameters from one page to other page, but we have to secure GET parameters to prevent XSS attacks, if not, it’s dangerous. Because hackers can easily run harmful codes through GET parameters.

Here i will share how we can secure URL GET parameter’s values, so here it is.

Securely GET Integer Values via URL
If you’re dealing only with integer values in URL parameters you can easily secure them by using is_numeric PHP inbuilt function which is used to check whether a variable is numeric or not.

if(isset($_GET['catid']) && !empty($_GET['catid']) && is_numeric($_GET['catid'])) {
} else {
	// value is not integer or parameter 'catid' is not in url or is empty

Securely GET String via URL
If you are passing string values through URL parameters, you can use strip_tags() inbuilt PHP function which strips a string from HTML, PHP tags and returns a string with all NULL bytes.

if(isset($_GET['catname']) && !empty($_GET['catname'])) {
} else {
	// parameter 'catname' is not in URL or is empty

Note: Use GET parameters in URL for sending non-sensitive values only, Do not pass sensitive information in URL like passwords, bank details etc..!

  1. My relatives every time say that I am wasting my time here at web, but I know I am getting knowledge daily by reading this type of good articles or reviews.

  2. I’m extremely inspired with your writing talents and also with the format for your weblog. Is this a paid subject matter or did you customize it yourself? Either way stay up the excellent high quality writing, it is uncommon to peer a great weblog like this one these days.

  3. You made some decent points there. I looked on the web to
    learn more about the issue and found most people will go along with
    your views on this website.

Leave a Reply

Your email address will not be published. Required fields are marked *