Welcome to WebmasterWorld Guest from 188.8.131.52
I have a site that lists football games pulled from a mysql database by the "gameID"
the dynamic url for the page is.
I have added...
to the url so I can pull the opponents name and the date of the game in order to use mod_rewrite urls. that way the address will be something like this.
the problem is you can also change the values I added "opponent" and "date" to whatever you like and the page still loads the same.
is there a way I can force these to match the data from the page it's self?
Thanks in advance for any help.
Just remember to sanitize URL data before you use it in a query and you'll be fine.
EDIT: Sanitize ALL data before you use it (in a query or in output), of course, just pay extra attention to the URL here.
I didn't write the PHP myself, and I have very little php knowledge. I designed the database and I can usually figure out what the php is trying to do, but when you say "transform them to their database formats..." I'm not sure what you mean.
my main concern for this is I just recently had to change a couple of dates for the games. There is a chance for duplicate entries for a single game since both dates would work and the page would load either way. I'm trying to figure out a way to return an error if the date or the opponent doesn't match what is listed by the gameID.