I just wanted to ask a quick question about $_GET parameteres in php and the security of them. Although my get parameter is not visibily shown, it is in my url. I just wondered is there any extra steps I can take to make it even more secure?
I have a $_GET variable named page that determines what page their on, and its got a reqrite rule to check for the first word after slash
I know before you should use mysql_real_escape_string
but that is now deprecated and will be removed in the future?? And updated way..
Example: http://example.com/pagehere
Would be passed as... http://example.com/index.php?page=pagehere
location / {
rewrite ^/(|/)$ /index.php?page=$1;
rewrite ^/([a-zA-Z0-9_-]+)(|/)$ /index.php?page=$1;
rewrite ^/(.*)\.htm$ /$1.php;
}