WebRef.eu  - Internet Marketing and Online Business Resources  

Home / Site Map | Blog | TwitterTwitter | Contact

PHP Script Showing How to Check an Id Variable is a Number to Protect Against Cross Site Scripting Attacks

Often you will pass the value of a variable to a script via a querystring. If this value should always be a number, e.g. a ProductId, then you can enhance the security of your PHP script by checking the value of the variable is indeed a number.

//retrieve the value of ProductId
$ProductId = $_GET['ProductId'];

//Protection from hackers.  Check ProductId is just a number
$TestForNumber = is_numeric($ProductId);
If ($TestForNumber == 0) {
echo "Sorry, the Product Id tried is not allowed.";
exit();
}

 

 




Low Prices UK Shopping

Compare Prices
at LowPrices.co.uk


Home / Site Map | TwitterTwitter | Contact

All Content ©2018 WebRef.eu