Hello, how do i escape passing parameters to page where you need to give two parameters ID and category?
my sql is like this SELECT ID, Image, imageID, Category FROM gallery WHERE imageID={$imageID} AND Category='$category'
but i have a button which should show all pictures no matter what category they are?

"SELECT ID, Image, imageID, Category
FROM gallery
WHERE imageID="'.$imageID.'"
AND Category="'.$category.'"

Every time you don't use prepared statements , a beaver dies in Narnia ( The case pro prepared statements made long ago many many many … many times no need to repeat it)

Also “GET parameter” ? Is '96 again ? Is coding something like fashion ? Does the early 90s are again in?

@jkon what should i use to securely pass parameter to other page?
@phphp do you mean ?

"SELECT ID, Image, imageID, Category FROM gallery WHERE imageID='".mysqli_real_escape_string($conn, $imageID)."' AND Category='".mysqli_real_escape_string($conn, $category)."'"
Member Avatar
diafol

Your explanation leaves a lot to the imagination.

but i have a button which should show all pictures no matter what category they are?

WHat does this refer to? Does this send a new request to the server? E.g. no params (ID and category).

What should happen when ID is included and category not and vice-versa?

Yup it send new request to the server without params and should display all images in all categories

Member Avatar
diafol

What should happen when ID is included and category not and vice-versa?

@jkon what should i use to securely pass parameter to other page?

Do you have any reason to use the old Get post with "?" sign ?

is that url user friendly or even SEO friendly ?