what the best way to keep server information and error messages from appearing if the someone injects incorrect values into GET varialbles in your URL? The way it is set up now , if a variable is not selected on the form it defualts to all values and I would like to keep it that way. Just need a general way if the GET varible in the URL does not match any values in the database or NULL to defualt to different page.
So your saying someting like index.php?var=111 If you only want people to be able to send in a numeric value, you can say. <?php $var = $_GET['var']; if(is_numeric($var)) { echo "ok"; }else{ echo "not ok"; } PHP: And if you actually want to run the query first before you decide if its bad you can just use something like a mysql_fetch_array set that to a $var and state . if($var) { echo "Do it"; }else{ echo "Failed"; } PHP:
If you just want to know if the user sends the correct variables, you can try this: $acceptedVars = array('var1', 'var2', 'var3'); foreach ($acceptedVars as $v){ if (!isset($_GET[$v])) die('Variable '.$v.' not set'); } PHP: