Should I still escape? $_GET and XSS, SQL Injection and other PHP Security Concerns?
If you are not outputting the string or passing it to another program (sql, open file, …) you don't need to escape it.
If you are not using the URL param in a SQL statement it can not be used as a SQL injection.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.
Related Questions
XSS: REQUEST_URI run through htmlspecialchars() - then replacing & with & - enough to prevent XSS injection?
What more can I do to prevent myself from XSS injection & SQL Injection?
Interpolique: transparently preventing SQL Injection and XSS with base64 encoding, what happened?
$_GET['user'] security vulnerability in PHP?
The anti-bribery provisions of the Foreign Corrupt Practices Act (FCPA) refer to "issuers" and "domestic concerns" — who are issuers and domestic concerns under the FCPA?
How to protect this SQL in a PHP from SQL Injection?