Possible Duplicate:
Best way to stop SQL Injection in PHP
I've tried googling for help, but it is not as easy as you would have imagined. If someone could just tell me how to secure the SQL, or even give me a link to a good website to learn how to do it myself.
If you could even be kind enough to fix it, and tell me what was wrong, I will definitely take note, and secure the rest of my code.
<?php
$post = htmlspecialchars($_GET["id"]);
$results = mysql_query("SELECT * FROM tool WHERE id = $post");
$authorr = $_SESSION['Username'];
while($row = mysql_fetch_array($results)){
$capsd = ucfirst($author);
$title= $row['title'];
$details= $row['details'];
$author= $row['author'];
$date= $row['date'];
$img= $row['featuredimage'];
$id= $row['id'];
echo "<table border=1><tr><td width=100px>
<b><u><center>";
echo $title;
echo "</center></u></td> <td width=100px><center>";
echo $date;
echo "</center></td> <td width=100px><b><center>";
echo ucfirst($author);
echo "</center></b></td>";
if (in_array($authorr, $allowedposters)) {
echo "<center><td width=20px><a href=edit.php?id=";
echo $id;
echo "><b>Edit</b></a></center></td>";
}
echo "</tr></table>";
echo "<img src=http://www.removed.com/news/";
echo $img;
echo " height=300 width=400> <br><br>";
echo $details;
}
?>
