Tutorial system problem

[Rosst]

OK, I will get straight to the point, I made a tutorial system, and when I went to my second tutorial I saw the first one, see the links: http://vexxon.net/index.php?id=tuts&cat=PHP&tutid=2, anyway here is my code:
[code]<?php
include('config.php'); // connect to database
include('includes/bbcode.php');
if ($_GET['cat']) {
if ($_GET['tutid']) {
$tutid = $_GET['tutid'];
$cat = $_GET['cat'];
$query = mysql_query("SELECT * FROM tutorial where id = '$tutid' & tut_type = '$cat'");
$r = mysql_fetch_array($query);
echo "
<table border=\"0\">
<tr>
<td>".$r[tut_name]."</td><td>By ".$r[user]."
</tr>
<tr>
<td>".$r[tut_desc]."</td>
</tr>
<tr>
<td>".bbcode($r[tut])."</td>
</tr>
</table>
";
}
else {
$acat = $_GET['cat'];
$query1 = mysql_query("SELECT * FROM tutorial where tut_type = '$acat'");
if (mysql_num_rows($query1) == 0) {
echo "No tutorials in this category";
}
else {
echo "<table border=\"0\">";
while($s = mysql_fetch_array($query1)) {
echo "
<tr>
<td><a href=\"index.php?id=tuts&cat=".$s[tut_type]."&tutid=".$s[id]."\">".$s[tut_name]."</td><td>By <a href=\"index.php?id=memb&user=".$s[user]."\">".$s[user]."</a></td>
</tr>
";
}
echo "</table>";
}
}
}
else {
$query2 = mysql_query("SELECT * FROM tutorialcats");
echo "<table border=\"0\">";
while($t = mysql_fetch_array($query2)) {
echo "
<tr>
<td>- <a href=\"index.php?id=tuts&cat=".$t['name']."\">".$t['name']."</td>
</tr>
";
}
echo "</table>";
}
?>[/code]

[underparnv]

Change your query to this:

[code]<?php
$query = mysql_query("SELECT * FROM tutorial WHERE id = $tutid AND tut_type = '$cat'");
?>[/code]

Enjoy!

[Rosst]

Thanks, it worked!

[Daniel0]

You would have to use [url=http://php.net/intval]intval[/url] or [url=http://php.net/mysql_real_escape_string]mysql_real_escape_string[/url] on the variable $tutid if you choose not to enclose the value in quotes in the query to ensure that people to not exploit your code inject another query the initial query.