how to make php security in the url with the get method
for example as
media.php?hal=detail&id=1

validate, sanitize, check for the referrer.

See OWASP Top Ten especially the A1 - Injection. Probably all the web developer needs to know about the security. It is a lot of stuff to read and you do not have to digest it all at once. But make sure you bookmark it.

Hi guys,Thanks for your informative post.I bookmarked this link.Actually I am beginning learner of web developer so it's really more useful to us.Thanks once again.

Welcome to php and hopefully you will get plenty of joy in programming. If this question is answered please mark the thread as solved.

you can gives me an example

This is a pretty simple ethical hacking for testing purposes only. This may work or may not work.. just bringing the points accross.

for example if you don't sanitize and validate this

media.php?hal=detail&id=1

and if I visited your site and I want to see all of your media. I would put this on my browser

media.php?hal=detail&id=10000000

Hoping that you did not turn off your error reporting. I would probably get an error saying

media_id is not valid or not found.

now, I know one of the column of your database. With this given info. thanks to your server, I can change the url above to

media.php?hal=detail&id=''ORmedia_id REGEXP '^[0-9]'

if we use that on our query, it will spit out all of the media with media_id matching anything from 0 to 9 ..