PHP GET parameter

"SELECT ID, Image, imageID, Category
FROM gallery
WHERE imageID="'.$imageID.'"
AND Category="'.$category.'"

Every time you don't use prepared statements , a beaver dies in Narnia ( The case pro prepared statements made long ago many many many … many times no need to repeat it)

Also “GET parameter” ? Is '96 again ? Is coding something like fashion ? Does the early 90s are again in?

@jkon what should i use to securely pass parameter to other page?
@phphp do you mean ?

"SELECT ID, Image, imageID, Category FROM gallery WHERE imageID='".mysqli_real_escape_string($conn, $imageID)."' AND Category='".mysqli_real_escape_string($conn, $category)."'"

Your explanation leaves a lot to the imagination.

but i have a button which should show all pictures no matter what category they are?

WHat does this refer to? Does this send a new request to the server? E.g. no params (ID and category).

What should happen when ID is included and category not and vice-versa?

Yup it send new request to the server without params and should display all images in all categories

What should happen when ID is included and category not and vice-versa?

@jkon what should i use to securely pass parameter to other page?

Do you have any reason to use the old Get post with "?" sign ?

is that url user friendly or even SEO friendly ?