I’m wondering if I need to try and detect if there something bad going on in the url and if so stop the page loading or take the user somewhere else, as its obviously deliberate and trying to embarrass the website owner.
But not sure how to look at the url and do the test, if all good carry on loading the page, if not move to an error page perhaps
You need to escape the value of Category so for example " becomes ". That way any garbage in the URL will just be displayed as text and not interpreted as HTML.
In PHP you would use the html_entities function that. Other languages probably have something similar.
<?php
if ($selectCategory=="All Inclusive") {
$aInclusive = $pdo->prepare("SELECT DISTINCT(Id_Cntry), Nom_Cntry FROM tbl_countries LEFT JOIN tbl_hotels ON (tbl_countries.Id_Cntry=tbl_hotels.IdCntry_Hot) LEFT JOIN tbl_hotntem ON (tbl_hotels.Id_Hot=tbl_hotntem.Id_Hot) LEFT JOIN tbl_tematics ON (tbl_hotntem.Id_Tem=tbl_tematics.Id_Tem) WHERE (tbl_hotels.Act_Hot='1') AND (tbl_tematics.Id_Tem='7') ORDER BY tbl_countries.Nom_Cntry");
$aInclusive->execute();
while ($q = $aInclusive->fetch()){ ?>
<input type="checkbox" name="countries[]" value="<?php echo $q['Id_Cntry']?>" onClick="javascript:checkRefresh()" <?php if (isset($_REQUEST['countries'])) {if (is_array($_REQUEST['countries'])) echo (in_array($q['Id_Cntry'], $_REQUEST['countries'])) ? 'checked="checked"' : ''; } ?> class="inline" /><?php echo $q['Nom_Cntry']?> <?php
$query1 = $pdo->prepare("select count(tbl_hotels.Id_Hot) as total1 FROM tbl_hotels LEFT JOIN tbl_countries ON (tbl_countries.Id_Cntry=tbl_hotels.IdCntry_Hot) LEFT JOIN tbl_hotntem ON (tbl_hotels.Id_Hot=tbl_hotntem.Id_Hot) LEFT JOIN tbl_tematics ON (tbl_hotntem.Id_Tem=tbl_tematics.Id_Tem) WHERE (tbl_hotels.Act_Hot='1') AND (tbl_tematics.Id_Tem='7') AND (tbl_countries.Id_Cntry=:countryIDa) ORDER by tbl_hotels.Id_Hot");
$query1->bindParam(":countryIDa", $q['Id_Cntry']);
$query1->execute();
while ($result1 = $query1->fetch()) {
$cfamHotels = $result1['total1'];
} ?>
<span class="result_Number_Count">[<?php echo $cfamHotels;?>]</span>
<br/>
<?php } } ?>