php - $_GET shows also another page -

- May 15, 2011

i've discoverd bug script. try explain it.

i've made 2 pages category.php

this 1 here below shows content related category:

/category.php?nameid=test

when go first content related category example:

/category.php?nameid=test&id=2 receive information mysql post id 2, posts related category named 'test' below. don't want get. post id

                 <?php             // begin of showing content page             if (isset($_get['id'])){              $naamid = mysql_real_escape_string($_get['nameid']);             $id     = mysql_real_escape_string($_get['id']);             $idnext = $id + 1;             $gn     = (" select * category name='".$naamid."'") or die(mysql_error());             $go     = (" select * post id='".$id."'") or die(mysql_error());             $gnn    = mysql_query($gn) or die(mysql_error());             $goo    = mysql_query($go) or die(mysql_error());             $gnnn   = mysql_fetch_array($gnn);             $gooo   = mysql_fetch_array($goo);             ?>               <?php             echo '<p>';             if(empty($gooo['youtube'])){             } else {             ?>              <h1> <?php echo htmlspecialchars($gooo["title"]); ?> </h1><br />             <?php             $fullurl1 = $gooo['youtube'];             $videoid1=substr($fullurl1,-11);             ?>             <?php             echo '<p><a href="/editpost.php?id='.$gooo['id'].'"><i>edit post</i></a><br />';             echo '<iframe width="560" height="315" src="//www.youtube.com/embed/'.$videoid1.'" frameborder="0" allowfullscreen></iframe><br />';             echo '</p>';              }              if(empty($gooo['pic'])){             } else {             ?> <h1> <?php echo htmlspecialchars($gooo["title"]); ?> </h1><br />             <?php             echo '<p><a href="/editpost.php?id='.$gooo['id'].'"><i>edit post</i></a><br />';             echo '<img src="'.$gooo["pic"].'" style="max-height: auto; max-width: 600px;"/><br></p>';             }             echo '</p>';               }             ?>

i dont know want please specific

but code should ->

$gnn    = mysql_query("select * category name='$naamid'") or die(mysql_error()); $goo    = mysql_query("select * post id= $id ") or die(mysql_error()); $gnnn   = mysql_fetch_array($gnn); $gooo   = mysql_fetch_array($goo);

the above code fetch 1 row each table. had put $id in single quotes makes string comment below if need more help

Search This Blog

XPATH

php - $_GET shows also another page -

Comments

Post a Comment

Popular posts from this blog

PHPMotion implementation - URL based videos (Hosted on separate location) -

javascript - Using Windows Media Player as video fallback for video tag -

c# - Unity IoC Lifetime per HttpRequest for UserStore -