i am making a News system for http://red-sec.net
currently i have 3 pages:
- index.php | View the latest News and select which one to read
- article.php | View the actual News post
- post.php | Make a new News post (Admin access required)
now in index.php i am doing the following:
$query = "SELECT * FROM news ORDER BY date DESC LIMIT 20";
$run = mysqli_query($connect,$query);
while($row = mysqli_fetch_array($run)) {
$article_id = $row['article_id'];
$user_id = $row['user_id'];
$title = $row['title'];
$content = $row['content'];
$date = $row['date'];
$query = "SELECT username FROM users WHERE ID = '$user_id'";
$test = mysqli_query($connect,$query);
$row2 = mysqli_fetch_array($test);
$user_name = $row2['username'];
echo '<div class="row">
<div class="col-lg-12"><h3 class="para"><a class="para" href="article.php?id='.$article_id.'">'.$title.'</a></h3>
<p class="para">Written by: '.$user_name.'</p>
</div>
</div>';
}
as you can see i am echoing out the news posts.
when u click on one of them it takes you to article.php?id=post_id
as seen
here
i am trying to find a way to get the info to article.php
without using GET parameters because that makes it Sqli vulnerable. i know i can secure it at article.php but i would prefer not to use GET requests at all.
the way i am looking to do it is either:
- send the information to `article.php` through $_SESSION but i don't know how to set the id of the post to `$_SESSION` on the click of the link
- The way facebook does it, if you go to https://facebook.com/youtube for instance u can see what i mean, they make directories for each user, i know how to make the directories but i have no idea how to make new .php files with the content of the news post.
again, any help appreciated