Do i need to filter both $_GET['action']
and both $_GET['id']
??
Normal
if (isset($_GET['action']) && $_GET['action'] == 'delete') {
/* Do Something*/
}
Filtered
if (isset($_GET['action']) && filter_input(INPUT_GET, 'action', FILTER_SANITIZE_STRING) == 'delete') {
/* Do Something*/
}
Normal
if (isset($_GET['id']) && !empty($_GET['id'])) {
/* Do Something*/
}
Filtered
if (isset($_GET['id']) && !empty(filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT))) {
/* Do Something*/
}
Edited Do i need to filter(filter_input) $id or PDO::PARAM_INT do the same thing?
if (isset($_GET['id']) && !empty($_GET['id'])) {
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$query = "SELECT * FROM table WHERE id = :id";
$stmt = $dbh->prepare($query);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
print htmlspecialchars($row['test'], ENT_QUOTES, 'UTF-8');
}