How do i make $_GET more secure.?

Question

I am using the get method to perform some operation like, approve, markasspam, delete, for commenting system. i know it is highly insecure to go this way but i cannot help it ou

Answer 1

You can do it that way, the $_GET is not the unsecure thing in your code. The unsecurity comes from you not checking wether the user is e.g. authorized to delete comments.

In your current code, anyone can delete anything at anytime and as often as they want.

If you have a wrapping code that ensures the if-statements postet by you are not executed if enter good reason here, then it's okay.

But you should try verifying, that the content of the parameters are really integers instead of just int_val'ing them and using them directly on the database.

On your edit

You should check your parameter is really an int. intval("test") will also return an integer, mostly 0.

You might consider regex for that, to verify the string only consists of numbers: preg_match('/[0-9]+/', $_GET['id']);

If so, you can perform the action.