PHP URL Variables

[H4CK3R]

I know you've probably sorted it out already but, ALWAYS POST THE ERROR MESSAGES, should be the default!

[Almost]

I should add that the second script is prone to SQL injection, which should just not happen on a forum like this

Let's say you have your pages in a tables (pages) with some fields (url, title, body). You can then navigate to /page.php?url=mypage (or even nicer, use mod rewrite for an url like /mypage) and get the correct page like this:

Code: [Select]

if ( !isset($_GET['url'] ) {
  throw new Exception( 'No page requested' );
  // You could also give a listing here, or the home page, or whatever
}
$connection = mysql_connect('server', 'username', 'password');
if ( false === $connection ) {
    throw new Exception( 'Could not connect to database' );
}

$result = mysql_select_db('db_name', $connection);
if ( false  === $result ) {
    throw new Exception( 'Could not select to database' );
}

$query = "SELECT title, body FROM pages WHERE url='".mysql_real_escape_string( $_GET['url'], $connection )."' LIMIT 1";
$result = mysql_query( $query, $connection );
if ( false === $result ) {
    throw new Exception( 'Malformed query' );
    // You could read out mysql_error() here, and print $query, while debugging.
}
if ( $page = mysql_fetch_assoc($result) ) {
    print 'Title of page: ' . $page['title'] . '<br />';
    print 'Body of the page: <br />';
    print nl2br(htmlspecialchars($page['body']));
}
else {
    throw new Exception( 'URL not found' );
}



[Ginger]

Even if they got into my database there's not there apart from lots of words :p

[Almost]

A leak in he security of your database can lead to a bigger security breach. In theory in any case, I still can not https://ininjas.com/forum/index.php?topic=3226.0