Quote:
Originally Posted by fysiks
FYI, you have an SQL Injection security vulnerability in your code. You need to use prepared queries.
While I commend you for posting your code, you should also have the list or errors that you get when you run your code.
I noticed a couple things in your code after looking at it briefly. 1) You have a SQL Injection vulnerability and you should switch to prepared queries to resolve it. 2) You're hard coding your database connection info in the PDO constructor instead of using your $GLOBALS variable. This is how I do it:
PHP Code:
new PDO(sprintf("mysql:host=%s;dbname=%s;charset=utf8", $dbconfig['host'], $dbconfig['dbname']), $dbconfig['user'], $dbconfig['pass']);
P.S. If the data in your $GLOBALS variable is your real data, you need to change them. If you write your PDO constructor arguments like I've shown, you'll never need to post the $GLOBALS variable when asking for help.
Some other tips: get the actual query string and test it in your database using something like phpMyAdmin to make sure that it works. It looks like it should work but you should verify the actual string that gets passed (i.e. your $_GET parameter might not be what you're expecting).
|
my bad the error im getting is :[Error] Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`Id' at line 1