0

I need to print a message if the $_GET[id] is not in database or do this code:

Header('Location:index.php');

Example: If the people enter in this URL: /index.php?id=100 if there is no page "100" do: 

Header('Location:index.php');
Gumbo
  • 643,351
  • 109
  • 780
  • 844
rixlinux
  • 199
  • 1
  • 3
  • 12
  • 2
    This is impossible to answer well without seeing whatever code you are currently using to access the database. – Pekka Mar 11 '11 at 22:25
  • sample : http://www.lenszone.net/index.php?do=photoview&img_id=192 img_id=192 is OK but when you change to wrong img_id LIKE img_id=1000 i want to do: header('location:index.php'); – rixlinux Mar 11 '11 at 22:32
  • what code are you using to access the database **inside the PHP script**. – Pekka Mar 11 '11 at 22:33

1 Answers1

4

Roughly:

<?php
    $imageid = (isset($_GET['img_id']) && is_numeric($_GET['img_id'])) ? (int)$_GET['img_id'] : false;
    if ($imageid) {
        $sql = "SELECT * FROM images WHERE imageid='$imageid';";
        $result = mysql_query($sql);
        if ($result) {
            // imageid exists
            my_image_display_function($result);
        } else {
            // imageid does not exist
            header("Location: index.php");
        }
    }
?>

Update: Edited to more closely match OP's table/variable names.

drudge
  • 35,471
  • 7
  • 34
  • 45
  • Note that `(int)$_GET['id']` sanitizes the input to prevent SQL injection attacks. That is why there is no need to escape it. (There's also no need to quote it.) – Patrick Fisher Mar 11 '11 at 22:36
  • i'm Use this code for db : $imageid=$_GET['img_id']; $result_img = mysql_query("SELECT * FROM images WHERE imageid='$imageid'"); – rixlinux Mar 11 '11 at 22:41
  • @rixlinux: You're wide open to SQL Injection using that method. – drudge Mar 11 '11 at 22:43
  • @rixlinux better change it to `intval($_GET['img_id'])` or `(int)$_GET['img_id']`quickly, now your whole statement is 'in the wild', see http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain – konsolenfreddy Mar 11 '11 at 22:46
  • @rixlinux: The method I used above is probably one of the safest ways. – drudge Mar 11 '11 at 22:48
  • i did it, but it's same dont do : header function – rixlinux Mar 11 '11 at 23:01
  • @rixlinux: Then you're going to need to post the actual PHP code that you're using. Edit it into your question, rather than posting it as a comment. – drudge Mar 11 '11 at 23:03
  • @rixlinux: Looks fine. One thing to remember: You Can Not use `header()` if there's been ANY output (including whitespace) sent to the browser already. – drudge Mar 11 '11 at 23:27
  • if you have another idea for that tell me look at : http://www.lenszone.net/index.php?do=photoview&img_id=1911 no page but bad browse :( – rixlinux Mar 11 '11 at 23:31
  • @rixlinux: Until you post your entire PHP code, we can only guess. – drudge Mar 12 '11 at 17:34