[Bender662]

What can i do to make my website SQLi proof?I don't know that much about php,htmal or other language but i am eager to learn.

{view_realms}
<div style="margin-left:5px;">{realm_world} - <a href="?page=realm&id={view_realms.id}">{view_realms.name} | {view_realms.type}</a></div>
<div class="realm-1">
<div class="realm-2"></div>
<div style="width:{total_number}%; background:#1b1b1b; height:3px; border:1px solid #323232; border-right:1px solid black; float:left;"></div></div>
{/view_realms}

This is the part that is giving me problem.how ca i modify this so that may ID is not shown on the link?

This post has been edited by Bender662: 14 August 2012 - 04:22 AM

[Atli]

When you say "SQLi", what exactly do you mean by that? SQL Injection?

Why do you not want to show the ID in the URL? What problem is it causing, exactly?

[Glorfindal]

Okay if you mean SQL injection proof then you shouldn't be worried about having the ID in the URL. That is usually necessary in many web applications. What you need to do is take the value of the ID and sanitize it before it used in a query to the database. I don't know exactly what language you are using from that code snippet. But there are plently of tutorials on sanitization from SQL injection. If you are using php this could help you:

http://stackoverflow...a-in-get-by-php