I'll get straight to the point. I'm using this code
$sex = @$_GET['v'] ; $sex= trim($sex); //trim whitespace from the stored variable $sex = htmlentities($sex); $age= @$_GET['age'] ; $age = trim($age); //trim whitespace from the stored variable $age = htmlentities($age);
... to get the age and sex credentials from the url address (example.com/page.php?age=22&sex=Female)
$query = "SELECT * FROM personas WHERE sex LIKE \"%$sex%\" AND age LIKE \"%$age%\" order by id DESC";
... to interogate the database and get the results displayed on page. It is working fine, but I know it is not secure, so my questions are:
- How to make it safer?
- How to make it do nothing if values don't exist in database - for example if there's nobody age 22, do nothing, or popup a message.
- How to make it check if age doesn't contain other characters beside numbers, and again, if it does, do nothing or display a message.
- Same as above, but to check sex for letters and popup the message if anything else is used as sex.
Thanks for your help!