Credentials in a URL

NZ_Kiwis

I have a mySQL statement which ends

.... WHERE categories.ID IN ($IDs)

How can I get the ID's from my URL

$IDs =$_GET['IDs']

but

index.php?IDs=14,16,22

bradgrafelman

What have you tried, and what was the result? Based on the few snippets above, it looks like it should work.

An important follow-up question would then be... How have you sanitized $IDs to protect against SQL injection attacks and/or just plain SQL errors due to malformed, user-supplied data?

NZ_Kiwis

It doesn't work

bradgrafelman

Okay... so what have you done to debug the problem? What does the resulting SQL query string look like? What are the errors returned by the SQL server when you attempt to execute that query?

Altala

I think that your problem is in the SQL query. It seems to be completely fine but we can't see the whole SQL query.
Sanitize your input. F. ex. use the explode() -function to put the contents into an array and run a loop through it checking if every parameter is an integer. Kill the script if isn't.
There should be an easier way to sanitize the input, though..