Hello I have created a website recently and my client is saying that your website is not secured I have easily created new tables and even a kid can get in to your database and modify your database.
is this because I have used this <a id="svgtriangle_f9" xlink:href="mainpage.php?apart=1&floor=9" class="portfolio-link" onmousemove="ShowTooltip(evt, 'Floor 09')" onmouseout="HideTooltip(evt)">
so what should be my approach and how can I secure it as there is no other way i can secure the parameters as i need to get the info like whne we clock on apartment i need to know where like on which apartment which floor he have clicked on so i can get the result for that apartment and floor number here is the example I have done
<?php
$apart = $_GET["apart"];
$floor = $_GET["floor"];
$link = "inner.php?apart=".$_GET["apart"]."&floor=".$_GET["floor"]."&room=";
$query = mysqli_query($connection, "SELECT * FROM appartments WHERE apartment='$apart' AND room_no='{$_GET["room"]}' AND floor_no='$floor'");
while($records = mysqli_fetch_assoc($query)) {
$description = $records["description"];
$living_space = $records["living_space"];
$total_area = $records["total_area"];
$room_id = $records["id"];
$map_image = $records["map_image"];
}
?>
Please share your ideas and your guidelines so I can secure my website