Results 1 to 4 of 4
Oct 27, 2012, 20:57 #1
- Join Date
- Aug 2010
- 2 Post(s)
- 0 Thread(s)
Do I need to sanitize a dynamic URL?
I have added the concept of "Sections" to my website, and when my Article Listing script (i.e. "articles/index.php") runs for a selected Section, it dynamically creates a URL for every Article in the Section like this...
...where the Section is really just "cosmetic".
The actual Ugly URL would be something like this...
Now on to my problem...
Recently I discovered that a user can go in and modify the URL above to something like this...
...which kind of freaks me out?!
Ironically, my "articles/article.php" script still runs fine, because it is really just keying off of the "Article Slug" to go query the database and find the actual Article. But this still seems like a hole that needs fixing?!
So, what should I do here?
My "articles/article.php" script was written before I added the concept of "Sections", and so it doesn't do an Validation/Sanitizing of the "Section" part of the URL.
I'm not exactly sure the best way to fix this...