Is this ok?

abeerbd · June 15, 2011, 1:33pm

Hi there

i am new in php…

can anyone please check the script below?
Table name: page

id | title | meta_keywords | meta_description | dtl(content)

1 | apples page |apple,red,sweet,green |apples are green | appleas are green,red,blue bla bla bla bla,this iscontent

and whole structure of my page is now

<?php mysql_connect(“localhost”, “ash”, “lash”) or die(“Connection Failed”);
mysql_select_db(“lash”)or die(“Connection Failed”);
$id = isset($_GET[‘id’]) ? filter_var($_GET[‘id’],
FILTER_VALIDATE_INT) : NULL;
if (is_int($id)) { $result = mysql_query(“SELECT title, dtl, meta_description,meta_keywords FROM page WHERE id=‘$id’”) or die(mysql_error());
$row = mysql_fetch_array($result); ?>

<html>
<head>
<meta name=“description” content=“<?php echo $meta_description; ?>” />
<meta name=“keywords” content=“<?php echo $meta_keywords; ?>” />
<title>MySite.com - <?php echo $title; ?></title>
</head><body><h1><?php echo $title; ?>
</h1><?php echo $dtl; ?>
</body>
</html>

DarthGuido · June 15, 2011, 1:52pm

What’s wrong with it?

abeerbd · June 15, 2011, 2:16pm

is this script safe from sql injection? please help

chris_upjohn · June 15, 2011, 2:34pm

MySQL injection is usually more concerning when it comes to INSERT, UPDATE and DELETE as they are all dealing with specific rows within a database and can easily be vulnerable to attacks. SELECT on the other hand isn’t usually a concern but with the variable integer filter_var function it should be fine as far as security.

PS: Sorry i missed your earlier PM, i have been busy at work and forgot to reply back to it.

abeerbd · June 15, 2011, 8:09pm

oh thanks for the help. i have another query

the above code show data from database when it get value from url.

like from the url www.mysite.com/index.php/?id=1

but in

www.mysite.com/index.php

there is no value. so no data display from the database. is there any way to when there is no value in url it shows a default one?

chris_upjohn · June 15, 2011, 11:24pm

Does the default page have an id in the database?

abeerbd · June 16, 2011, 2:40am

Nope no id for defaulr page/index page. but i can give an id for the index/default page like 1.

chris_upjohn · June 16, 2011, 8:03am

Setting an id for the default page would be an easy solution as you could easily change NULL to 1 and then insert the data into your database table.