MichMat
asked on
PHP to accept POST data from VB.net webrequest
I have 'constructed' the following code, from all over the internet, it is meant to collect 2 pieces of information POSTed to it from a VB.net webrequest identifing a user and then returning some information about that user.
The code works when I specificaly type in the variables into the select * statement
I cant seam to get it to accept variables from a post. I would really appreciate someones help in altering the code to accept 2 variables (email address and ProgPCcode) and change the select string to utalise those variables to create a dynamic string. I have tried and when I did it the PHP was returning " ".
I have also removed the real credentials for the database for security.
thank you
Michal
The code works when I specificaly type in the variables into the select * statement
I cant seam to get it to accept variables from a post. I would really appreciate someones help in altering the code to accept 2 variables (email address and ProgPCcode) and change the select string to utalise those variables to create a dynamic string. I have tried and when I did it the PHP was returning " ".
<?php
$user="someuser";
$password="correctpassword";
$database="databasename";
$con = mysql_connect(localhost,$user,$password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
@mysql_select_db($database) or die( "Unable to select database");
$result = mysql_query("SELECT * FROM table WHERE email = 'user@comewhere.com' and ProgPCcode = '647A2C9A'") or die( "Unable to select database");
while($row = mysql_fetch_array($result))
{
echo $row['name'] . "^" . $row['UserCrd'] . "^" . $row['ProgPCcode'];
}
mysql_close($con);
?>
I have also removed the real credentials for the database for security.
thank you
Michal
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I got it to work ! Had the wrong table name. Sorry and thank you.
I have a follow up question. You mentioned that I should sanitise the input. Firstly this will be a PHP that will be available to everyone and so I have created a user that has only 'select' privelages so hopefully that should prevent the bulk of all this nonsence from happening. The only issue would be someone getting to read all the data.
What is the best way to deal with this sort of thing ?
I have read up on real escape string , would this be what you were refering ?
mysql_real_escape_string($ email);
mysql_real_escape_string($ code));
I would appreciate any help in that area, even though you have earned your points already and my gratitude. If its too big a subject Im happy to post it as separate question.
Thank you
Michal
I have a follow up question. You mentioned that I should sanitise the input. Firstly this will be a PHP that will be available to everyone and so I have created a user that has only 'select' privelages so hopefully that should prevent the bulk of all this nonsence from happening. The only issue would be someone getting to read all the data.
What is the best way to deal with this sort of thing ?
I have read up on real escape string , would this be what you were refering ?
mysql_real_escape_string($
mysql_real_escape_string($
I would appreciate any help in that area, even though you have earned your points already and my gratitude. If its too big a subject Im happy to post it as separate question.
Thank you
Michal
ASKER
is it my post string then ? what am I missing here ?
Open in new window
Thank you