ludjer Posted September 9, 2006 Share Posted September 9, 2006 OK here is my problemi type in a "file.php"and it does the loo of the sql databasebut now when use this "file.php?newsid=11"a blank screen comes upi want it to echo $newsid but it wontit will echo amount but no id if any1 can help me i would really be happy heres my code[code]<?phprequire_once('config/database.php');$amount = '5';if (isset ($_GET['newsid'])){ $_GET['newsid']= $newsid;$newsid= $_GET['newsid'];echo $newsid;echo $amount; }else {$amount = '5';$result = mysql_query("SELECT * FROM news LIMIT $amount");while ( $row = mysql_fetch_array($result) ) {?> <div style="width:450px;"> <h3><u><?php echo @$row['title']; ?></a></u></h3> <p><?php echo nl2br(@$row['content']); ?></p> <p><b>Posted On:</b><i><?php echo @$row['date']; ?> by <?php echo @$row['user']; ?></i></p><br /><hr /> </div> <?php }}?>[/code]thx ludger Link to comment https://forums.phpfreaks.com/topic/20248-x-solved-xhelp-_get-error/ Share on other sites More sharing options...
onlyican Posted September 9, 2006 Share Posted September 9, 2006 You cant rename a GET method$_GET["newsid"] = $newside?????? Link to comment https://forums.phpfreaks.com/topic/20248-x-solved-xhelp-_get-error/#findComment-89096 Share on other sites More sharing options...
tomfmason Posted September 9, 2006 Share Posted September 9, 2006 lol ^ you beat me to it.Also, you should validate the newsid or at least use something like this.[code=php:0]$newsid = mysql_real_escape_string(trim($_GET['newsid']));[/code]And maybe use a preg_match to make sure that it is has nothing but numbers in it. Otherwise you may find your site getting crackedGood Luck,Tom Link to comment https://forums.phpfreaks.com/topic/20248-x-solved-xhelp-_get-error/#findComment-89098 Share on other sites More sharing options...
ludjer Posted September 9, 2006 Author Share Posted September 9, 2006 i dont get it here is my new codeand its still not getting newsidstill the same problem[code]<?phprequire_once('config/database.php');$amount = '5';if (isset ($_GET['newsid'])){ $_GET['newsid']= $newsid;$newsid = mysql_real_escape_string(trim($_GET['newsid']));echo $newsid;echo $amount; }else {$amount = '5';$result = mysql_query("SELECT * FROM news LIMIT $amount");while ( $row = mysql_fetch_array($result) ) {?> <div style="width:450px;"> <h3><u><?php echo @$row['title']; ?></a></u></h3> <p><?php echo nl2br(@$row['content']); ?></p> <p><b>Posted On:</b><i><?php echo @$row['date']; ?> by <?php echo @$row['user']; ?></i></p><br /><hr /> </div> <?php }}?>[/code] Link to comment https://forums.phpfreaks.com/topic/20248-x-solved-xhelp-_get-error/#findComment-89100 Share on other sites More sharing options...
tleisher Posted September 9, 2006 Share Posted September 9, 2006 You still have: $_GET['newsid']= $newsid;Delete that aprt and just leave this line:$newsid = mysql_real_escape_string(trim($_GET['newsid'])); Link to comment https://forums.phpfreaks.com/topic/20248-x-solved-xhelp-_get-error/#findComment-89103 Share on other sites More sharing options...
onlyican Posted September 9, 2006 Share Posted September 9, 2006 What aboutis_numeric()Or is that not good? Link to comment https://forums.phpfreaks.com/topic/20248-x-solved-xhelp-_get-error/#findComment-89111 Share on other sites More sharing options...
tomfmason Posted September 9, 2006 Share Posted September 9, 2006 I guess that would work fine. Maybe do something like this[code=php:0]if (is_numeric($newsid) == false) { die("Hacking attempt");}[/code]Good Luck,Tom Link to comment https://forums.phpfreaks.com/topic/20248-x-solved-xhelp-_get-error/#findComment-89118 Share on other sites More sharing options...
ludjer Posted September 10, 2006 Author Share Posted September 10, 2006 thx guys it works now Link to comment https://forums.phpfreaks.com/topic/20248-x-solved-xhelp-_get-error/#findComment-89229 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.