TharinduLucky TharinduLucky - 1 year ago 64
PHP Question

Is it safe to show user IDs in the profile URL?

In my website, there's a user's profile page. What I have currently doing is just pass the user

via a
request and use it to query the user's details.

So, the user profile URL is like this...

So, my problem is that, is it safe to show this user's ID (Primary key of the user table) in the URL so, that anyone can see it... ?

Answer Source

It's normal.

But I would suggest you to have a form validation to prevent SQL Injection. Never trust what users give to you

I'd use that kind of expression, but additionally

if (!preg_match('/^[0-9]+$/', $_GET['id']))  { 
    echo 'ID disallowed.';

or have a digits limitation (matches 1 to 999999)

if (!preg_match('/^[0-9]{1,6}$/', $_GET['id']))  {
    echo 'ID disallowed.';
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download