如果我像这样构建我的页面,我是否必须检查 news_id 在 news.php 中是否也是数字?或者这样安全吗?
索引.php:
if (ctype_digit($_GET['news_id'])) include('news.php');
新闻.php:
$query = mysql_query("SELECT * FROM news WHERE news_id = $_GET[news_id]");
$row = mysql_fetch_assoc($query);
if (!mysql_num_rows($query)) exit('The news you're trying to read do not exist.');