Details display even if category is types wrong in url

$php_mysql$ · August 24, 2011

friends my url is like this

Category=Love&ID=1

now in url if i do something like this

Category4637=Hate19203&ID=1

the details are still showing, how can i fix this? if someone type Capegory instead of Category and a wrong category name which do not exist with that id in db send them to index.php?

WebStyles · August 24, 2011

what details are still showing?

how are you checking the fields?

how are you retrieving them from database?

*need to see more code*

thanks

$php_mysql$ · August 24, 2011

ah got the solution L-)

$match_link = array("Love","Hate");

if (!in_array($_REQUEST['Category'],$match_link)){

header("location: index.php");

}

works great :-)

WebStyles · August 24, 2011

what I was asking, specifically, is how are you grabbing the url variables, and how are you querying the database.

$php_mysql$ · August 24, 2011

oh i was grabbing it like this

$cat = clean($_REQUEST['Category']);

$ID = clean($_REQUEST['ID']);

and for querying the database i made a function and i fetch it by the id which come along with the url

over all it looked like this

$cat = clean($_REQUEST['Category']);

$ID = clean($_REQUEST['ID']);

$details = getDetails($ID);// the query in the function is like select from tbl as d where d.id=$ID

WebStyles · August 24, 2011

the query in the function is like select from tbl as d where d.id=$ID

then the category is not being used ?

$php_mysql$ · August 24, 2011

oh no its getting details just by the id. do i recommend also getting the category name?

WebStyles · August 24, 2011

Your question was:

now in url if i do something like this

Category4637=Hate19203&ID=1

the details are still showing, how can i fix this?

so yes, since you're only using the ID=1 to grab the results, the other variable is not doing anything.

$php_mysql$ · August 24, 2011

thanks gonna do that :-)

$php_mysql$ · August 24, 2011

ok help required

how am i to check if $cat = clean($_REQUEST['Category']); which is Love as in Category=Love?ID=1 the name Love exist in database with the following id 1?

the db structure is like

id

image

title

category

time

$cat = clean($_REQUEST['Category']);

$ID = clean($_REQUEST['ID']);

WebStyles · August 24, 2011

mysql_query("select `field1`,`field2` from `table` where `id` = '$id' and `category`='$cat'");

$php_mysql$ · August 24, 2011

yes that i know but how will i check if $cat exist in $ID if not headers elsewhere?

WebStyles · August 24, 2011

your question was:

how am i to check if (...) the name Love exist in database with the following id 1?

The code I gave you search for rows where id=$id and category=$cat... so, if there's no match, it will return empty.

$php_mysql$ · August 24, 2011

ah solved solution

my function

////////////////////////////////////Check

function detailsCheck($id) {

$id = "";

$sql =" SELECT category FROM tbl WHERE id='$id'";

$rs = executeSql($sql);

$id = mysql_fetch_array($rs);

return $id[0];

}

and did a check

if(detailsCheck($ID) !== $cat){

header("location: index.php");

}

:-) cheers, thanks again \m/

Sign In

Details display even if category is types wrong in url

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information