0

Hello, how do i escape passing parameters to page where you need to give two parameters ID and category?
my sql is like this SELECT ID, Image, imageID, Category FROM gallery WHERE imageID={$imageID} AND Category='$category'
but i have a button which should show all pictures no matter what category they are?

4
Contributors
7
Replies
49
Views
8 Months
Discussion Span
Last Post by jkon
0
"SELECT ID, Image, imageID, Category
FROM gallery
WHERE imageID="'.$imageID.'"
AND Category="'.$category.'"
0

Every time you don't use prepared statements , a beaver dies in Narnia ( The case pro prepared statements made long ago many many many … many times no need to repeat it)

Also “GET parameter” ? Is '96 again ? Is coding something like fashion ? Does the early 90s are again in?

0

@jkon what should i use to securely pass parameter to other page?
@phphp do you mean ?

"SELECT ID, Image, imageID, Category FROM gallery WHERE imageID='".mysqli_real_escape_string($conn, $imageID)."' AND Category='".mysqli_real_escape_string($conn, $category)."'"

Edited by Stefan_1

0

Your explanation leaves a lot to the imagination.

but i have a button which should show all pictures no matter what category they are?

WHat does this refer to? Does this send a new request to the server? E.g. no params (ID and category).

What should happen when ID is included and category not and vice-versa?

0

Yup it send new request to the server without params and should display all images in all categories

0

@jkon what should i use to securely pass parameter to other page?

Do you have any reason to use the old Get post with "?" sign ?

is that url user friendly or even SEO friendly ?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.