I got agent_val from here : . And when I try to print agent_val by It give me a Proper value, which is "Leo Joseph"
and the best part is when I write the above query with the static name.......IT WORKS
I dont understand the point, if getParameter is not working then how come it is able to print right value. And if that is not the problem then how come I am able to print correct value through agent_val but the query does not recognize it???
If someone just follows your webpages then it should be safe. However, nothing prevents him from using some command line tool or anything and making a request with his own, harmful, request parameters.
If you're using GET, he doesn't even need a command line tool - he can just modify the address in the address bar!