I'm new to PHP and this question seems stupid.
But I'm really confused with the associative array $_GET, which can help me access the all parameters that has been sent via URL.
Suppose I'm expecting a string of product_ID, and write in the code like this :
$id = $_GET['prod_id'];
Get_Data($id);
While Get_Data() is a function that expects the only parameter to be string, but not array. What if some bad guy type in the url something like this :
.../product.php?prod_id[]=1&prod_id[]=2
The method using $_GET['prod_id'] will return an array(1,2) instead of a string. This can lead to some really bad trouble in my application.
Now, the question : Is there a global way to avoid the case above ?
[EDIT]
Sometimes I want to get array from $_GET['prod_id'] instead of string (ex: getting data from a multi-selectbox, where users can pick more than 1 product)
Is it feasible for me to check if the returning array is in correct structure (1 dimensional array, with innocent data) or has been cheated by some bad guy like this :
.../product.php?prod_id[a]=1&prod_id[b]=2&prod_id[c]=3&prod_id[d]=4
I think it's very easy to pass an array with complex structure to php $_GET, but very hard for coder to check if it's the correct structure they needed.
Can you please enlighten me? Thanks !
