When passing variables in URL's it's smart to validate that the variables are what you expect them to be.An easy way to do this is to always name your variables passed via url with the rule: they can only be alphanumeric, or only contain numbers and letters. It's hard for people with bad intentions to affect your site with the only option of using alphanumeric characters.
There are many other reasons to want to validate some input is only letters and numbers. Here is some basic code to do it:
<?php
$originaltext = "This isn't a very cle!!@n stre$$*ing.";
$alphanumerictext = ereg_replace("[^A-Za-z0-9]", "", $originaltext );
echo $alphanumerictext;
?>
The code will return "Thisisntaveryclenstreing"
David says on November 4, 2007
You might want to put the output as well as I am not good with ereg and other such functions. Will I get, "This isn't a very clen streing" ?
45n5 (946) says on November 5, 2007:
thanks david. actually you get Thisisntaveryclenstreing which I updated the post above based on your input. I kill even spaces when I'm passing things around as variable data.
sarahG (34) says on November 9, 2007:
A couple of other good points is that if the variable should only contain a number then use (int) to secure it, and if your variable should only contain one of a selection of values (eg. a select list in a form) then build an array of what it could be and check the value against the array using in_array().Of course there's plenty more methods too ;)
Stu @ PMPR in 
