i have a list of linked thumbnails. Each thumbnail has a link with one variable.
<a href="index.php?id=1"><img src="thumb1.jpg">
<a href="index.php?id=2"><img src="thumb2.jpg">
etc...
now, i've updated site to use url rewriting. Idea is that i have links like this
<a href="gallery/?id=1"><img src="thumb1.jpg">
<a href="gallery/?id=2"><img src="thumb2.jpg">
or something simillar.
On the landing page, i use $id
to execute MySQL
query and show all pictures from gallery with that id.
$pictures = mysql_query("SELECT * FROM t_gallery where id=$id",$db);
Can it be done, and main thing, how can i prevent that passing id poses a security threat?
Cheers, Aleks