Use this function to prevent malicious code from being injected into your URLs ```php function sanitizeString($var) { global $pdo; $var = strip_tags($var); $var = htmlentities($var); if(get_magic_quotes_gpc()) $var = stripslashes($var); $result = $pdo->quote($var); // this adds single quotes return str_replace("'", "", $result) // So now remove them } ``` Practical example of how to run the function on URLs ```php if(isset($_GET['path'])){ $path = sanitizeString($_GET['path']); if (!in_array($path, ['games', 'sports', 'technology'])) { $path = 'default'; } else header('Location: news.php?path=$path'); } echo "<a href='news.php?path=games'>go here</a>"; ``` With this simple piece of code you can prevent an attack by injecting code into a URL. Let us know in the comments what other ways you use to prevent attacks.