Its the size that matters - PHP

Lets come back to the variables themselves.  In addition to checking the type of variable, we can also check the size or length as well.  One of the largest exploited issues among all types of software are 'buffer overflow' problems.  This is when more data is passed than the variables expect, and the data starts filling in other memory and variable locations.  If you check the length and size of your data, then you can harden yourself to this kind of exploit.  For example:

<a href = index.php?action=1> Page1 </a>

Use this code to check if the variable content has more than one character.

$length = strlen($_GET['action'] );
if($length>1){
header(" Location:./error.php ");
exit;
}

or

$length = strlen($_GET['action'] );
if($length!=1){
header(" Location:./error.php ");
exit;
}

In the same way you can check text. You can allow as many characters as you wish, and reject the rest.  For example:

$length = strlen($_GET['text1'] );
if($length>3000){
header(" You can send up to 3000 characters ");
exit;
}

Notice that there are 3000 characters allowed including white spaces.