Avatar of MichMat
MichMat
 asked on

PHP to accept POST data from VB.net webrequest

I have 'constructed' the following code, from all over the internet, it is meant to collect 2 pieces of information POSTed to it from a VB.net webrequest identifing a user and then returning some information about that user.

The code works when I specificaly type in the variables into the select * statement
I cant seam to get it to accept variables from a post. I would really appreciate someones help in altering the code to accept 2 variables (email address and ProgPCcode) and change the select string to utalise those variables to create a dynamic string. I have tried and when I did it the PHP was returning " ".  

<?php
$user="someuser";
$password="correctpassword";
$database="databasename";
 $con = mysql_connect(localhost,$user,$password);
 if (!$con)
   {
   die('Could not connect: ' . mysql_error());
   }
 
@mysql_select_db($database) or die( "Unable to select database");

$result = mysql_query("SELECT * FROM table WHERE email = 'user@comewhere.com' and ProgPCcode = '647A2C9A'") or die( "Unable to select database");
 
while($row = mysql_fetch_array($result))
   {
   echo $row['name'] . "^" . $row['UserCrd'] . "^" . $row['ProgPCcode'];
   }

mysql_close($con);
 ?> 

Open in new window



I have also removed the real credentials for the database for security.

thank you

Michal
.NET ProgrammingPHP

Avatar of undefined
Last Comment
MichMat

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Member_2_4694817

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
MichMat

ASKER
Thank you for that. It is nearly the same that I had before. the problem is that it also returns empty string. I did check the variables and they are correct.

is it my post string then ? what am I missing here ?

 Dim URL As String = "my PHP link"
        Dim request As Net.WebRequest = Net.WebRequest.Create(URL)
        Dim emailField As String = "email@myemail.com"
        Dim ProgPCcode As String = GetHDSerial()
        Dim sndd As String = "email=" & emailField & "&ProgPCcode=" & ProgPCcode
        request.Method = "POST"
        request.ContentType = "application/x-www-form-urlencoded"
        request.ContentLength = sndd.Length

        Using writer As New StreamWriter(request.GetRequestStream(), System.Text.Encoding.ASCII)
            writer.Write(sndd)
            writer.Close()
        End Using

Open in new window


Thank you
MichMat

ASKER
I got it to work ! Had the wrong table name. Sorry  and thank you.

I have a follow up question. You mentioned that I should sanitise the input. Firstly this will be a PHP that will be available to everyone and so I have created a user that has only 'select' privelages so hopefully that should prevent the bulk of all this nonsence from happening. The only issue would be someone getting to read all the data.

What is the best way to deal with this sort of thing ?

I have read up on real escape string , would this be what you were refering ?

mysql_real_escape_string($email);
 mysql_real_escape_string($code));

I would appreciate any help in that area, even though you have earned your points already and my gratitude. If its too big a subject Im happy to post it as separate question.

Thank you

Michal
Your help has saved me hundreds of hours of internet surfing.
fblack61