Links security with variables

Hi, I need som help, please…

I’m using links with variables like this:

<a href="accueil.php?page=Equalizer">Equalizer</a>

With an associative area to secure them:

$checkPage = array('Series_Index' => 'series/series_index.php', 'Series_Record' => 'series/record.php', 'Equalizer' => 'series/equalizer.php'...

And another one to display pages titles:

$checkTitle = array('Series_Index' => 'Séries',
		'Series_Record' => 'Fiche', 'Equalizer' => 'Equalizer'...

But now, I’m using a unique page to display the series details, getting infos from a database.
My links look like this:

<a href="accueil.php?page=Series_Record&series='.$row['seriesId'].'&title='.$row['seriesTitle'].'">'.$row['seriesTitle'].'</a>

to select a series by Id in the database


to be able to display the page title

But I couldn’t put these variables in my includes.php and titles.php files.
Therefore, if one enter a non existing Id in the address bar, that leads to a page
displaying php errors.

I wonder how to avoid these type of crash as I couldn’t use my associative table anymore.

It is not clear from your statement what problem you are actually having.

All input data to a page, should be trimmed, mainly so that you can detect if it is all white-space characters, then validated, before using it. If an input is ‘required’ for the page to work and it is not present or isn’t an expected value, that’s an error and you should setup and display a message for the user letting them know what the problem is and how to correct it. You would display this user error message instead of trying to use the input and display non-existent data. Doing this is just a matter of writing conditional logic.

For the link with a series id in it, if the series title is related to the series id, don’t put the title in the link. When you run the sql query on the page to get the data related to the series id, you would also get the series title.

Sponsor our Newsletter | Privacy Policy | Terms of Service