Hello Peeps,
I’m trying to keep my data safe and clean in my database, so anything that i’m using with $_GET to retrieve a URL I want to make sure an int value is passed. IE, say my URL was:
[B]page.php?news_id=123
The page would process fine
But if it was
[B]page.php?news_id=dodgycode
It would send the user away to an errow page. However with my code below if
[B]page.php?news_id=dodgycode
Is entered it does not send the user to the error page. It simply outputs the message Unknown column ‘dodgycode’ in ‘where clause’?
Anyone help?
[code=php]
<?php
//* If the Value is an INT then continue…
if(intval($_GET[‘news_id’] == $_GET[‘news_id’]) || ($_GET[‘news_id’] != 0)) {
$SQL = “SELECT *from test where news_id= “.$_GET[‘news_id’];
$result = mysql_query($SQL) OR die(mysql_error());
$row = mysql_fetch_array($result);
echo $headline = $row[‘headline’];
echo $story = $row[‘story’];
} else {
//* Otherwise appears to be something Dodgy here so get me out of here
header(“Location: take_me_to_error_page.php”);
exit;
}
?>