Php preg_match_all ([0-9]) ([% + -. 0-9A-Z _] +) I, $ _ SERVER [QUERY_STRING], $ _ GET); $ _ GET ($ _ GET [0]? Array_combine ($ _ GET [1], $ _ GET [2]): array () + php for url security filtering
Preg_match_all ('/([0-9]) = ([\ % \ + \-\. \/0-9 \ = A-Z \ _] +)/I ', $ _ SERVER ['query _ string'], $ _ GET ); $ _ GET = ($ _ GET [0]? Array_combine ($ _ GET [1], $ _ GET [2]): array () + array_fill (0, 10 ,'');
Now your $ _ GET only accepts 0-9 settings. of course, these URLs are safe.
? 0 = 123 & 1 = 456 invalid URL & 2 = 789 "AND xxx = 1 & 3 = 0ABC & 4 = BASE64_CODE & 5 = URLENCODE
Look
Acceptable URL [\ % \ + \-\. \/0-9 \ = A-Z \ _] +
Can understand and set null for non-existent settings to prevent errors
Generally, the isset ($ _ GET [0]) can be changed to $ _ GET [0] without warning information.
The $ _ GET 0-9 does not exist.
Some people say that direct variables do not have warning information ?? Me ..
Explanation without warning does not mean no warning is generated
Set the highest error reporting level.
Error_reporting (8191 );
Are you sure you have? I have tested PHP error messages well and fast.
See why isset () is used in php ()