Weird $_GET behaviour
Hi im trying to fix a bug with my script. The problem is my get query
still works with extra letters.
So, edit.php?id=1 works and so does edit.php?id=1hello (obviously it
shouldnt). Whats happening?
$idtoedit = mysql_real_escape_string($_GET["id"]);
//Check if ID exists
$doesidexist = mysql_query("SELECT `id` FROM Data WHERE `id` =
\"$idtoedit\"");
if (mysql_num_rows($doesidexist) == 0) {
die("<div class=\"alert alert-error\"><h4
class=\"alert-heading\">Error</h4><p>ID does not exist.</p><p><a
class=\"btn btn-danger\" href=\"javascript:history.go(-1)\">Go
Back</a></p></div></div></body></html>");
}
No comments:
Post a Comment