Jump to content

Silverback3

New Members
  • Posts

    1
  • Joined

  • Last visited

Silverback3's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Why use $_GET['username'] in a database query when you have already declared and set a variable called $id ??? Also try to add caution on your code by stripping tags etc <?php $username = ""; if(isset($_POST['submit'])){ $username = htmlspecialchars(strip_tags($_POST['username'])); //clean user in put the assign it to a variable } $SQL = "SELECT * FROM user WHERE username = '$username'"; //atleast here $username is clean on your code you risk injection if($username){ if($db_found){ $result = mysql_query($SQL, $db_handle); if($result){ //the idea goes on } } } ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.