我尝试使用Google搜索帮助,但这并不像您想象的那么容易。如果有人可以告诉我如何保护SQL,或者甚至给我一个好的网站链接,以了解如何自己做。
如果你能够善意地修复它,告诉我出了什么问题,我一定会注意到,并保护我的其余代码。
<?php
$post = htmlspecialchars($_GET["id"]);
$results = mysql_query("SELECT * FROM tool WHERE id = $post");
$authorr = $_SESSION['Username'];
while($row = mysql_fetch_array($results)){
$capsd = ucfirst($author);
$title= $row['title'];
$details= $row['details'];
$author= $row['author'];
$date= $row['date'];
$img= $row['featuredimage'];
$id= $row['id'];
echo "<table border=1><tr><td width=100px>
<b><u><center>";
echo $title;
echo "</center></u></td> <td width=100px><center>";
echo $date;
echo "</center></td> <td width=100px><b><center>";
echo ucfirst($author);
echo "</center></b></td>";
if (in_array($authorr, $allowedposters)) {
echo "<center><td width=20px><a href=edit.php?id=";
echo $id;
echo "><b>Edit</b></a></center></td>";
}
echo "</tr></table>";
echo "<img src=http://www.removed.com/news/";
echo $img;
echo " height=300 width=400> <br><br>";
echo $details;
}
?>