Link to home
Create AccountLog in
Avatar of MichMat
MichMat

asked on

PHP to accept POST data from VB.net webrequest

I have 'constructed' the following code, from all over the internet, it is meant to collect 2 pieces of information POSTed to it from a VB.net webrequest identifing a user and then returning some information about that user.

The code works when I specificaly type in the variables into the select * statement
I cant seam to get it to accept variables from a post. I would really appreciate someones help in altering the code to accept 2 variables (email address and ProgPCcode) and change the select string to utalise those variables to create a dynamic string. I have tried and when I did it the PHP was returning " ".  

<?php
$user="someuser";
$password="correctpassword";
$database="databasename";
 $con = mysql_connect(localhost,$user,$password);
 if (!$con)
   {
   die('Could not connect: ' . mysql_error());
   }
 
@mysql_select_db($database) or die( "Unable to select database");

$result = mysql_query("SELECT * FROM table WHERE email = 'user@comewhere.com' and ProgPCcode = '647A2C9A'") or die( "Unable to select database");
 
while($row = mysql_fetch_array($result))
   {
   echo $row['name'] . "^" . $row['UserCrd'] . "^" . $row['ProgPCcode'];
   }

mysql_close($con);
 ?> 

Open in new window



I have also removed the real credentials for the database for security.

thank you

Michal
ASKER CERTIFIED SOLUTION
Avatar of Member_2_4694817
Member_2_4694817

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of MichMat
MichMat

ASKER

Thank you for that. It is nearly the same that I had before. the problem is that it also returns empty string. I did check the variables and they are correct.

is it my post string then ? what am I missing here ?

 Dim URL As String = "my PHP link"
        Dim request As Net.WebRequest = Net.WebRequest.Create(URL)
        Dim emailField As String = "email@myemail.com"
        Dim ProgPCcode As String = GetHDSerial()
        Dim sndd As String = "email=" & emailField & "&ProgPCcode=" & ProgPCcode
        request.Method = "POST"
        request.ContentType = "application/x-www-form-urlencoded"
        request.ContentLength = sndd.Length

        Using writer As New StreamWriter(request.GetRequestStream(), System.Text.Encoding.ASCII)
            writer.Write(sndd)
            writer.Close()
        End Using

Open in new window


Thank you
Avatar of MichMat

ASKER

I got it to work ! Had the wrong table name. Sorry  and thank you.

I have a follow up question. You mentioned that I should sanitise the input. Firstly this will be a PHP that will be available to everyone and so I have created a user that has only 'select' privelages so hopefully that should prevent the bulk of all this nonsence from happening. The only issue would be someone getting to read all the data.

What is the best way to deal with this sort of thing ?

I have read up on real escape string , would this be what you were refering ?

mysql_real_escape_string($email);
 mysql_real_escape_string($code));

I would appreciate any help in that area, even though you have earned your points already and my gratitude. If its too big a subject Im happy to post it as separate question.

Thank you

Michal