how to handle a url without any get parameters in PHP

Question

In my web application i am using "example.com/single.php?id=x", grabbing the get parameter and displaying one single record on the page.

What is the best practice/advice for how to handle the url "example.com/single.php" (if someone were to take off the parameters manually)

I am sanitising my inputs, so i'm not asking from a security point of view but a content aspect. What do i display, all the records? At the moment, it doesnt display anything in the area where it would have the single record...

Thanks

Answer 1

What do i display, all the records?

It is completely depends on the page's purpose. If it's intended to show all records without parameters - then show it. (I have many pages that shows a list of records with no parameter and show edit form with parameter passed. It's very handy and practical.)
If not - a 404 response is a strict rule when no page to show found.

a good application would also check for unexpected parameters too ("example.com/single.php?id=x&foo-bar"), and throw 403 in this case.

Answer 2

What you would do is request a minimum set of required parameters for single.php, if one of these parameters are not present then you throw an error saying malformed request.

for example:

//Validate
if(empty($_GET["id"]))
{
    die("Invalid Request");
}

//Sanitation
if(!is_numeric($_GET["id"]))
{
        die("Invalid Request");
}

//Force type's for security
$id = (int)$_GET["id"];

Answer 3

u can put a default id in single.php and if u get any id from GET then replace with this one

$display_id = empty($_GET['id']) ? specific id number : int($_GET['id']) ;

Answer 4

single.php is quite a strong pointer that the URL is there to display one record, so there is no "default" display (like showing all records).

I would have it die() with a nice "record not found" error message, or even throw a 404 like Stack Overflow does.