Jump to content

Tutorial system problem

Rosst

By Rosst
in PHP Coding Help

 Share

Recommended Posts

Rosst Member

Rosst

Posted
Posted
OK, I will get straight to the point, I made a tutorial system, and when I went to my second tutorial I saw the first one, see the links: http://vexxon.net/index.php?id=tuts&cat=PHP&tutid=2, anyway here is my code:
[code]<?php
include('config.php'); // connect to database
include('includes/bbcode.php');
if ($_GET['cat']) {
if ($_GET['tutid']) {
$tutid = $_GET['tutid'];
$cat = $_GET['cat'];
$query = mysql_query("SELECT * FROM tutorial where id = '$tutid' & tut_type = '$cat'");
$r = mysql_fetch_array($query);
echo "
<table border=\"0\">
<tr>
<td>".$r[tut_name]."</td><td>By ".$r[user]."
</tr>
<tr>
<td>".$r[tut_desc]."</td>
</tr>
<tr>
<td>".bbcode($r[tut])."</td>
</tr>
</table>
";
}
else {
$acat = $_GET['cat'];
$query1 = mysql_query("SELECT * FROM tutorial where tut_type = '$acat'");
if (mysql_num_rows($query1) == 0) {
echo "No tutorials in this category";
}
else {
echo "<table border=\"0\">";
while($s = mysql_fetch_array($query1)) {
echo "
<tr>
<td><a href=\"index.php?id=tuts&cat=".$s[tut_type]."&tutid=".$s[id]."\">".$s[tut_name]."</td><td>By <a href=\"index.php?id=memb&user=".$s[user]."\">".$s[user]."</a></td>
</tr>
";
}
echo "</table>";
}
}
}
else {
$query2 = mysql_query("SELECT * FROM tutorialcats");
echo "<table border=\"0\">";
while($t = mysql_fetch_array($query2)) {
echo "
<tr>
<td>- <a href=\"index.php?id=tuts&cat=".$t['name']."\">".$t['name']."</td>
</tr>
";
}
echo "</table>";
}
?>[/code]
Link to comment
https://forums.phpfreaks.com/topic/13904-tutorial-system-problem/
Share on other sites
Daniel0 Advanced Member

Daniel0

Posted
Posted
You would have to use [url=http://php.net/intval]intval[/url] or [url=http://php.net/mysql_real_escape_string]mysql_real_escape_string[/url] on the variable $tutid if you choose not to enclose the value in quotes in the query to ensure that people to not exploit your code inject another query the initial query.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.