Accally, I had my main problem fixed before you guys managed to answer
But these last posts has made me uncertain of my code, Suvek did indeed point out my problem, and I accually used that way of fixing it.
Code:
<?php
mysql_connect('localhost','thorbear','xxx')
|| die(mysql_error());
@mysql_select_db('thorbear')
|| die("Unable to select database");
//Skriver ut alt i tabellen
$query = mysql_query('SELECT * FROM gallery');
$num_rows = mysql_num_rows($query);
$i = 0;
if ($num_rows == 0)
{
echo "<b>No galleries in database</b>";
}
else
{
echo "<table border=\"0\" align=\"center\"><tr>";
while ($i < $num_rows)
{ //while
$GID = mysql_result($query,$i,"GID");
$name = mysql_result($query,$i,"name");
echo "\n\t\t<td class=\"center\"><a href=\"pictures.php?galleryid=$GID\"> $name </a></td>";
$i++;
}//while
echo "</tr></table>";
}
mysql_free_result($query);
mysql_close();
mysql_connect('localhost','thorbear','xxx')
|| die(mysql_error());
@mysql_select_db('thorbear')
|| die("Unable to select database");
$query2 = mysql_query("SELECT * FROM `image` WHERE `GID` = '".$_GET['galleryid']."'");
$num_rows2 = mysql_num_rows($query2);
$i2 = 0;
if ($num_rows2 == 0)
{
echo "<br /><br /><b>Please select a category</b>";
}
else
{
while($i2 < $num_rows2)
{
$ImID = mysql_result($query2,$i2,'ImID');
$alt = mysql_result($query2,$i2,'alt');
$adress = mysql_result($query2,$i2,'adress');
echo "\n\t\t<a href=\"$adress\"><img height=\"200px\" src=\"$adress\" alt=\"$alt\"></a>";
$i2++;
} // while
}
mysql_free_result($query2);
//Lukker koblingen til databasen
mysql_close();
echo "\n\t\t<p>© Thorbear Incognito</p>\n";
?>
Now, insecure?
I would like to know how...why?
I haven't really looked innto "secure php" because I was under the impression that none but those with ftp access could view anything but the html output...
PS. The code is still quite messy case I haven't clean-written it yet :P
The script is in use at my homepage www.thorbear.tk under Pictures.
Bookmarks