--- Mike Tuller <[EMAIL PROTECTED]> wrote: > I click on the link and it adds the id number > to the url like this: > > <td align="left"> > <a href="editsoftwareasset.php?id=$row[asset_id]"> > $row[asset_id] > </a> > </td>
I think you want to have something like: <? echo $row['asset_id']; ?> everywhere you currently have $row[asset_id]. > $query = "select * from assets where asset_id = > '$HTTP_GET_VARS[id]'"; You probably want to use $_GET[] here, unless you are using an older version of PHP. Also, and more importantly, this code looks extremely dangerous. You are basically taking whatever the client decides to send you and using it directly in an SQL statement. This is a very bad practice. Instead, check that $_GET['id'] is an acceptable value. For example, perhaps it should only consist of numerics. Blindly trusting anything gives a lot of creative freedom to potential attackers. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
