How work with $_request and send multi id in one page?

Question

I want in one page admin.php do anything like delete users & delete category.

My existing implementation :

<?php 
$res=mysql_query("SELECT * FROM news"); 
while($row=mysql_fetch_object($res)){ 
    if($isadmin==1){
        echo"<tr><td><a href=index.php?nw&id=$row->nid><img width=16 height=16 src=img/del.png></a></tr></td>";
    }
    echo"<tr><td><a href=news.php?id=$row->nid>$row->ntitle</a></td></tr><p></p>";
}
echo "</td></tr>";
?>

and another line

<?php
error_reporting(0);
mysql_query("DELETE FROM news where nid='$_REQUEST[nw&id]'",$cn);
?>

Also do it for category

<?php 
$res=mysql_query("SELECT * FROM category"); 
while($row=mysql_fetch_object($res)){ 
    if($isadmin==1){
        echo"<tr><td><a href=index.php?id2=$row->cid><img width=16 height=16 src=img/del.png></a>";
    }
    echo "<tr><td><a href=templates.php?id=$row->cid>$row->cname</a></tr></td><p></p>";
}
?>

I used id2 and do delete but is it correct ?

I think that i does not make a difference either you use id or id2 — Athafoud, Jul 04 '14 at 18:14
Your code is vulnerable to SQL injections. You should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). — Gumbo, Jul 04 '14 at 18:19
Also once you tell me the link to your website, I can delete since the actual deletion doesn't seem to need authentication, only showing the link to it — kero, Jul 04 '14 at 18:22

How work with $_request and send multi id in one page?

0 Answers0