Jump to content


Photo

X--Solved--XHelp !! $_GET error


  • Please log in to reply
7 replies to this topic

#1 ludjer

ludjer
  • Members
  • PipPipPip
  • Advanced Member
  • 60 posts
  • LocationSouth Africa-Pretoria

Posted 09 September 2006 - 09:25 PM

OK here is my problem
i type in a "file.php"
and it does the loo of the sql database
but now when use this "file.php?newsid=11"
a blank screen comes up
i want it to echo $newsid but it wont
it will echo amount but no id
if any1 can help me i would really be happy

heres my code
<?php
require_once('config/database.php');
$amount = '5';
if (isset ($_GET['newsid']))
{ 
$_GET['newsid']= $newsid;
$newsid= $_GET['newsid'];
echo $newsid;
echo $amount;
	
}
else {
$amount = '5';
$result = mysql_query("SELECT * FROM news LIMIT $amount");

while ( $row = mysql_fetch_array($result) )
	{?>
	
	<div style="width:450px;">
		
	<h3><u><?php echo @$row['title']; ?></a></u></h3>
	<p><?php echo nl2br(@$row['content']); ?></p>
	<p><b>Posted On:</b><i><?php echo @$row['date']; ?> by <?php echo @$row['user']; ?></i></p><br />
<hr />
	
	</div>
	<?php 
	}
}?>

thx
ludger
:D

#2 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 09 September 2006 - 09:29 PM

You cant rename a GET method

$_GET["newsid"] = $newside??????
Tell me the problem, I will try tell you the solution

#3 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 09 September 2006 - 09:34 PM

lol ^ you beat me to it.


Also, you should validate the newsid or at least use something like this.

$newsid = mysql_real_escape_string(trim($_GET['newsid']));

And maybe use a preg_match to make sure that it is has nothing but numbers in it. Otherwise you may find your site getting cracked


Good Luck,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#4 ludjer

ludjer
  • Members
  • PipPipPip
  • Advanced Member
  • 60 posts
  • LocationSouth Africa-Pretoria

Posted 09 September 2006 - 09:43 PM

i dont get it

here is my new code
and its still not getting newsid
still the same problem
<?php
require_once('config/database.php');
$amount = '5';
if (isset ($_GET['newsid']))
{ 
$_GET['newsid']= $newsid;
$newsid = mysql_real_escape_string(trim($_GET['newsid']));
echo $newsid;
echo $amount;
	
}
else {
$amount = '5';
$result = mysql_query("SELECT * FROM news LIMIT $amount");

while ( $row = mysql_fetch_array($result) )
	{?>
	
	<div style="width:450px;">
		
	<h3><u><?php echo @$row['title']; ?></a></u></h3>
	<p><?php echo nl2br(@$row['content']); ?></p>
	<p><b>Posted On:</b><i><?php echo @$row['date']; ?> by <?php echo @$row['user']; ?></i></p><br />
<hr />
	
	</div>
	<?php 
	}
}?>

:D

#5 tleisher

tleisher
  • Members
  • PipPipPip
  • Advanced Member
  • 88 posts

Posted 09 September 2006 - 09:49 PM

You still have: $_GET['newsid']= $newsid;

Delete that aprt and just leave this line:
$newsid = mysql_real_escape_string(trim($_GET['newsid']));


#6 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 09 September 2006 - 10:09 PM

What about
is_numeric()
Or is that not good?
Tell me the problem, I will try tell you the solution

#7 tomfmason

tomfmason
  • Staff Alumni
  • Advanced Member
  • 1,696 posts
  • Locationstealing your wifi

Posted 09 September 2006 - 10:27 PM

I guess that would work fine. Maybe do something like this

if (is_numeric($newsid) == false) {
    die("Hacking attempt");
}

Good Luck,
Tom

Traveling East in search of instruction, and West to propagate the knowledge I have had gained.

current projects: pokersource

My Blog | My Pastebin | PHP Validation class | Backtrack linux


#8 ludjer

ludjer
  • Members
  • PipPipPip
  • Advanced Member
  • 60 posts
  • LocationSouth Africa-Pretoria

Posted 10 September 2006 - 07:35 AM

thx guys it works now
:D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users