开发者

Replaced $HTTP_GET_VARS with $_GET, but not working

I have the following code, which is not working for me. I used to have $HTTP_GET_VARS instead of $_GET, but then updated to PHP 5, and now things are broken. Any thoughts on what I'm doing wrong here?

<?php
$_GET['SubCat'];
$_GET['Location'];
$db = mysql_connect("localhost", "xxxx", "xxxx");
mysql_select_db("outdoors",$db);
if ($Location) {
$result = mysql_query("SELECT ID, Longitude, URL, SiteName, Description FROM hunting WHERE SubCategory = '$SubCat' AND Location = '$Location' AND Status <> 'HIDDEN' ORDER BY SiteName",$db);
} else {
$result = mysql_query("SELECT ID, Longitude, URL, SiteName, Description FROM hunting WHERE SubCategory = '$SubCat' AND Status <> 'HIDDEN' ORDER BY SiteName",$db);
<More unrelated stuff after this>
开发者_StackOverflow

The variable will be passed through a link like this :

hunting.php?SubCat=Hunting+Locations


For your first question:

You must store it in any variable such like this

$SubCat = $_GET['SubCat'];
$Location = $_GET['Location']; 

Or refer to it directly.

For your second question:

Any idea on an easy way to change those two lines on several dozen files at one on my server?

Use a global search function to cover your entire directory. You find it in any of the popular editors. The search for $_GET['SubCat']; and replace it by $SubCat = $_GET['SubCat'];. Just make sure it is an unique name.

On a side note:

You donot use any type checking or input escaping and directly put it in your sql statement. IT IS VERY DANGEROUS. Please use PDO or at least an escaping function before you pass it to avoid SQL injection attacks

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜