Is this ok?

Hi there

i am new in php…

can anyone please check the script below?
Table name: page

id | title | meta_keywords | meta_description | dtl(content)

1 | apples page |apple,red,sweet,green |apples are green | appleas are green,red,blue bla bla bla bla,this iscontent

and whole structure of my page is now

<?php mysql_connect(“localhost”, “ash”, “lash”) or die(“Connection Failed”);
mysql_select_db(“lash”)or die(“Connection Failed”);
$id = isset($_GET[‘id’]) ? filter_var($_GET[‘id’],
if (is_int($id)) { $result = mysql_query(“SELECT title, dtl, meta_description,meta_keywords FROM page WHERE id=‘$id’”) or die(mysql_error());
$row = mysql_fetch_array($result); ?>

<meta name=“description” content=“<?php echo $meta_description; ?>” />
<meta name=“keywords” content=“<?php echo $meta_keywords; ?>” />
<title> - <?php echo $title; ?></title>
</head><body><h1><?php echo $title; ?>
</h1><?php echo $dtl; ?>

What’s wrong with it?

is this script safe from sql injection? please help

MySQL injection is usually more concerning when it comes to INSERT, UPDATE and DELETE as they are all dealing with specific rows within a database and can easily be vulnerable to attacks. SELECT on the other hand isn’t usually a concern but with the variable integer filter_var function it should be fine as far as security.

PS: Sorry i missed your earlier PM, i have been busy at work and forgot to reply back to it.

oh thanks for the help. i have another query

the above code show data from database when it get value from url.

like from the url

but in

there is no value. so no data display from the database. is there any way to when there is no value in url it shows a default one?

Does the default page have an id in the database?

Nope no id for defaulr page/index page. but i can give an id for the index/default page like 1.

Setting an id for the default page would be an easy solution as you could easily change NULL to 1 and then insert the data into your database table.