query_string test and strip.

Could someone give me the topics to look up on php.net, to be able to work
out how to remove stuff added to a query_string?

I wish to check $QUERY_STRING, and remove any user added extras.

TIA

PhilM

PhilM wrote:
> Could someone give me the topics to look up on php.net, to be able to work
> out how to remove stuff added to a query_string?
>
> I wish to check $QUERY_STRING, and remove any user added extras.

use explode() where & is the divider, then remove the index from the array
that you don't want to keep and the implode the rest of the array back.


//Aho

[alt.* removed from Followup-To header!]
PhilM wrote:
> Could someone give me the topics to look up on php.net, to be able to work
> out how to remove stuff added to a query_string?

The query string parameters are automagically transferred to the super
global array $_GET
http://pt.php.net/manual/en/language...predefined.php

For example, the client asks for "http://server/page.php?id=13&page=8"
and the page.php script can use the $_GET array like this:

<?php
$id = 0;
if (isset($_GET['id'])) $id = int($_GET['id']);

$page = 0;
if (isset($_GET['page'])) $page = int($_GET['page']);

echo "You chose id=$id and page=$page. Thank you.";
?>


Other options include
String management:
http://www.php.net/manual/en/ref.strings.php

Regular expressions:
http://www.php.net/manual/en/ref.pcre.php


--
USENET would be a better place if everybody read:
http://www.expita.com/nomime.html
http://www.netmeister.org/news/learn2quote2.html
http://www.catb.org/~esr/faqs/smart-questions.html

"J.O. Aho" <user@example.net> wrote in message
news:2tq9ctF22i48gU1@uni-berlin.de...
> PhilM wrote:
> > Could someone give me the topics to look up on php.net, to be able to
work
> > out how to remove stuff added to a query_string?
> >
> > I wish to check $QUERY_STRING, and remove any user added extras.
>
> use explode() where & is the divider, then remove the index from the array
> that you don't want to keep and the implode the rest of the array back.
>
>
> //Aho

so, if my url including $QUERY_STRING looks like

/www.webhost/index.php?gallery&

$test=explode('&',$QUERY_STRING);
$QS=$test[0];

and then use $QS to determine, thru a switch statement, which content to
serve, would that be enough to prevent malicious/accidental fiddling?

Or would I be better comparing $QUERY_STRING for known permissible values,
and then setting and using $QS with the value detected?

(it's late 4:10 am... sorry if this is a daft Q)

PhilM wrote:
> "J.O. Aho" <user@example.net> wrote in message
> news:2tq9ctF22i48gU1@uni-berlin.de...
>
>>PhilM wrote:
>>
>>>Could someone give me the topics to look up on php.net, to be able to
>
> work
>
>>>out how to remove stuff added to a query_string?
>>>
>>>I wish to check $QUERY_STRING, and remove any user added extras.
>>
>>use explode() where & is the divider, then remove the index from the array
>>that you don't want to keep and the implode the rest of the array back.
>>
>>
>> //Aho
>
>
> so, if my url including $QUERY_STRING looks like
>
> /www.webhost/index.php?gallery&
>
> $test=explode('&',$QUERY_STRING);
> $QS=$test[0];
>
> and then use $QS to determine, thru a switch statement, which content to
> serve, would that be enough to prevent malicious/accidental fiddling?
>
> Or would I be better comparing $QUERY_STRING for known permissible values,
> and then setting and using $QS with the value detected?
>
> (it's late 4:10 am... sorry if this is a daft Q)
>
>

I guess picking out those statements that are allowed should be easiest, pick
them out from your $test and push them into $QS.


//Aho

Cheers for that

Regards, PhilM