Categories
Mastering Development

php $_GET in real_escape_string updating mysql to mysqli [duplicate]

i made a simple ucp with a dashboard and poll system, i’m updating it from mysql to mysqli, and i haven’t understood how to update this:

if(isset($_GET['del']))
{
                include_once("config.php");

                $del = mysql_real_escape_string($_GET['del']);
$hhh2 = "SELECT * FROM `inbox` WHERE  `id` = '".$del."'";
$hhh = mysqli_query($connect,$hhh2);
$zzz = mysqli_fetch_array($hhh);
$name = $zzz['destinatario']; 
if($username == $name)
{
$lol = "DELETE FROM inbox WHERE id = '".$del."'"; mysqli_query($connect,$lol);

header("Location: home.php?alert=50");

}
else
{
         header('location: home.php?alert=51');
}

$username declared at the top of page as:
$username = $_SESSION[‘username’];

This is my config:

 <?php

    $connect = mysqli_connect("localhost", "root", "", "ucp") or die("I can't connect to the server!"); //connecting to mysql, change setting if you have to
    //mysqli_select_db("samptest2") or die ("I can't find the database!"); //selecting database, change name to your database name!

    function sanitize($string) //function for sanitize from xss and mysql and csrf... 
    { 
        $string = strip_tags($string); 
        $string = mysqli_real_escape_string($connect, $string); 
        return $string; 
    }

?> 

Can someone help me please ? I have a cheap knowledge :S
Maybe i will need help again with $_POST but not sure. Thank you in advance.

Leave a Reply

Your email address will not be published. Required fields are marked *