Home/ Questions/Q 7053997
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T03:34:21+00:00

I have a web page that filtered based on the url path. The address

  • 0

I have a web page that filtered based on the url path. The address is something like this:

http://www.xxx.com/player-profile/?ID=130

The page is filtered using the ID field as follows:

$playerid = $_GET['ID'];

$result = mysql_query("SELECT * FROM tblPlayers Where lng_RecordID_PK LIKE ".$playerid."");

I want to ensure there are not any security issues with this code. I figure someone may try and manipulate the url. Any suggestions?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since the ID is numeric there’s a very easy and very powerful way of making sure the query remains secure!

    $playerid = $_GET['ID'];
if (!is_numeric($playerid)) { die(); }
$playerid = mysql_real_escape_string($playerid); // Just in case

    This code basically makes sure that the ID entered in the URL is numeric, or else it will stop executing the script. If it is numeric, then it will carry on retrieving the data and there is no way of doing any SQL injections.

    Hope that helped! 🙂

    Also, you might want to change your query to this

    $result = mysql_query("SELECT * FROM tblPlayers WHERE lng_RecordID_PK = '".$playerid."' ");
    • 0