Jump to content

Archived

This topic is now archived and is closed to further replies.

ludjer

X--Solved--XHelp !! $_GET error

Recommended Posts

OK here is my problem
i type in a "file.php"
and it does the loo of the sql database
but now when use this "file.php?newsid=11"
a blank screen comes up
i want it to echo $newsid but it wont
it will echo amount but no id
if any1 can help me i would really be happy

heres my code
[code]<?php
require_once('config/database.php');
$amount = '5';
if (isset ($_GET['newsid']))
{
$_GET['newsid']= $newsid;
$newsid= $_GET['newsid'];
echo $newsid;
echo $amount;

}
else {
$amount = '5';
$result = mysql_query("SELECT * FROM news LIMIT $amount");

while ( $row = mysql_fetch_array($result) )
{?>

<div style="width:450px;">

<h3><u><?php echo @$row['title']; ?></a></u></h3>
<p><?php echo nl2br(@$row['content']); ?></p>
<p><b>Posted On:</b><i><?php echo @$row['date']; ?> by <?php echo @$row['user']; ?></i></p><br />
<hr />

</div>
<?php
}
}?>[/code]

thx
ludger

Share this post


Link to post
Share on other sites
lol ^ you beat me to it.


Also, you should validate the newsid or at least use something like this.

[code=php:0]
$newsid = mysql_real_escape_string(trim($_GET['newsid']));
[/code]

And maybe use a preg_match to make sure that it is has nothing but numbers in it. Otherwise you may find your site getting cracked


Good Luck,
Tom

Share this post


Link to post
Share on other sites
i dont get it

here is my new code
and its still not getting newsid
still the same problem
[code]<?php
require_once('config/database.php');
$amount = '5';
if (isset ($_GET['newsid']))
{
$_GET['newsid']= $newsid;
$newsid = mysql_real_escape_string(trim($_GET['newsid']));
echo $newsid;
echo $amount;

}
else {
$amount = '5';
$result = mysql_query("SELECT * FROM news LIMIT $amount");

while ( $row = mysql_fetch_array($result) )
{?>

<div style="width:450px;">

<h3><u><?php echo @$row['title']; ?></a></u></h3>
<p><?php echo nl2br(@$row['content']); ?></p>
<p><b>Posted On:</b><i><?php echo @$row['date']; ?> by <?php echo @$row['user']; ?></i></p><br />
<hr />

</div>
<?php
}
}?>[/code]

Share this post


Link to post
Share on other sites
You still have: $_GET['newsid']= $newsid;

Delete that aprt and just leave this line:
$newsid = mysql_real_escape_string(trim($_GET['newsid']));

Share this post


Link to post
Share on other sites
I guess that would work fine. Maybe do something like this

[code=php:0]
if (is_numeric($newsid) == false) {
    die("Hacking attempt");
}
[/code]

Good Luck,
Tom

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.