justsomeguy Posted March 18, 2014 Share Posted March 18, 2014 That means that the URL does not contain an item called "clientid". Link to comment Share on other sites More sharing options...
Steven Posted March 18, 2014 Share Posted March 18, 2014 Oh my word. Sorry. Turns out I had changed the <a> tag in the resultsClients.php to <a href="viewclient.php?clientid='.$row['clientid'].'">, but never refreshed the viewclient.php page I was on. Ha, well, it works now! Link to comment Share on other sites More sharing options...
Ingolme Posted March 18, 2014 Share Posted March 18, 2014 You have a risk of SQL injection in your code. In simpler terms: that code lets people hack your database. Link to comment Share on other sites More sharing options...
Steven Posted March 18, 2014 Share Posted March 18, 2014 Okay, what parts? How do I fix it? I'm new to both PHP and SQL (if you couldn't tell already ). This is only on a local machine, won't be uploaded to the internet at all. But I do agree, if there are potential threats, they should be avoided. Link to comment Share on other sites More sharing options...
justsomeguy Posted March 18, 2014 Share Posted March 18, 2014 SQL injection happens when you're using user suppled data in a query, and someone writes SQL code into that data. Someone could write SQL code into the clientid variable, and you would add that to your query and execute it. One way to avoid it is to use prepared statements, where your query has placeholders for the values and then you send the values later.http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now