BetterPHP

hi.
how are you there this is my first tutorail in this website.
les get start;
we know the id is primerkey we use in database table to count or to make in order
imagen that you want to make a blog
and the url is will be like this

localhost/blog/index.php?topicid=number  like 1  in example 

for example

localhost/blog/index.php?topicid=3 

So it will bring data form the row 3 in database table
the file will be like this

that we make normal

<?php

/**
*   @Author: Muhanned  Mohammed
*   @contry: Oman
*   @email: kaka9909@hotmail.com
*
*/
// contact to databse
mysql_connect("localhost","username","password") or die(mysql_error());
mysql_select_db("dbname") or die(mysql_error());
//make query
$page=$_GET['topicid'];  // ?topicid=

$query=mysql_query("SELECT * FROM table_name WHERE id='$page'") or die("error");
}

?>

but for securty we wil user array

<?php

/**
*   @Author: Muhanned  Mohammed
*   @contry: Oman
*   @email: kaka9909@hotmail.com
*
*/
// contact to databse
mysql_connect("localhost","username","password") or die(mysql_error());
mysql_select_db("dbname") or die(mysql_error());
//make query
// sec  we will use array
$page=$_GET['topicid']; // topicid=
if(is_int($page)){
$array=array("-","+");
$page=str_replace($array,"",$page); // this will delete the - ,+ in the url : localhost/blog/index.php?topicid=2
}
$query=mysql_query("SELECT * FROM table_name WHERE id='$page'") or die("error");

?>

thanks for contributing this,

Slight problem though

if

if(is_int($page)){

is true, it means that there cant be a + or - in the variable, doesn’t it

either way, another effective method would be to do

$id = (int)$_GET['id'];

I agree with him, using (int) is a lot simplier yet just as effective, although your method is just as good. I use (int) in most cases as it's easy, simple, and effective (repeating myself ftw!). int is the best, the web host I use has a older version of PHP and doesn't support php_round_half_down, but then I realised I could use int. I think in most cases int is secure enough.
(Sorry for going off topic, I've just had too much energy drink and it does this to me :S)

jacek wrote:thanks for contributing this,

Slight problem though

if

if(is_int($page)){

is true, it means that there cant be a + or - in the variable, doesn’t it

either way, another effective method would be to do

$id = (int)$_GET['id'];

thanks for your post
and it's nice way

Carbine wrote:I agree with him, using (int) is a lot simplier yet just as effective, although your method is just as good. I use (int) in most cases as it's easy, simple, and effective (repeating myself ftw!). int is the best, the web host I use has a older version of PHP and doesn't support php_round_half_down, but then I realised I could use int. I think in most cases int is secure enough.
(Sorry for going off topic, I've just had too much energy drink and it does this to me :S)

easy becouse i like advice
that will increase my abalities

Thinking about it -8 is an int, so maybe you do need to do the str_replace.

Although, all that would happen with -8 is that mysql would return 0 rows, just the same as if the Id was invalid.

Php does have the abs() function for making sure a number is positive.