It has been a while since I have been on these forums, it feels good to be back :)
Currently I am working for a company and I have their site up and running. I do have a major security issue though that I need to resolve immediatly.
The problem I am having is I have no verification of variables sent from page to page. For example if someone clicks on a link which leads to a product category the addressbar reads details.php?catid=5. Now if they were to go and change the address bar to details.php?catid=5;drop database DBNAME; then that would pose a big security risk for me.
I don't know much on this subject so I need some help on how I could make sure this security risk can be resolved. Another thing which I might as well ask is...... I hear having less php code in the address bar and more of a description of what you are offering is good for search engines. Basically instead of having products.php?product_id=5 having products/networking/linksysrouter/ is best for SEO.
I plan on changing my site to scrap the PHP code, but what I'm wondering is if it would be best to just do it now, while I am doing the changes for the variable verification.
Thanks everyone for your help on this matter :)