Not very familiar with PHP, is it possible for the user to take advantage of variable interpolation to get the value of secret?
<?php
$secret = 'hidden data';
echo $_GET['id'];
?>
I tried passing in for the id: $secret, %24secret, ${secret}, {$secret}, %7D%24secret%7D, %24%7Dsecret%7D. So far it seems safe, but just want to make sure I am not missing anything. Thanks in advance.