I have added the concept of "Sections" to my website, and when my Article Listing script (i.e. "articles/index.php") runs for a selected Section, it dynamically creates a URL for every Article in the Section like this...

http://local.debbie/finance/articles/postage-meters-can-save-you-money

...where the Section is really just "cosmetic".


The actual Ugly URL would be something like this...

http://local.debbie/articles/article.php?slug=postage-meters-can-save-you-money


Now on to my problem...


Recently I discovered that a user can go in and modify the URL above to something like this...

http://local.debbie/BOGUS_SECTION/articles/postage-meters-can-save-you-money

...which kind of freaks me out?!

Ironically, my "articles/article.php" script still runs fine, because it is really just keying off of the "Article Slug" to go query the database and find the actual Article. But this still seems like a hole that needs fixing?!

So, what should I do here?

My "articles/article.php" script was written before I added the concept of "Sections", and so it doesn't do an Validation/Sanitizing of the "Section" part of the URL.

I'm not exactly sure the best way to fix this...

Suggestions??

Thanks,


Debbie