I have written the following php called fetchdetails.php
<?php
$db ="fb";
$con = mysql_connect("host","user","paswd") or die ("hi ".mysql_error());
mysql_select_db($db) or die("helo".mysql_error());
$id = $_POST["id"];
echo $id;
$id = (string)$id;
echo $id."hi";
when i am calling it using
www.anyaddress.com/fetchdetails.php?id=1722315 but echo $id is not showing anything. Need help on this asap. Actually i did this the same thing earlier in some other code and it was working fine.
If want to get the values from a URL query such as the
id part fromhttp://example.com?id=42
You should always use the
$_GET super-global array as in:$id = $_GET['id'];
echo $id; // 42
On the otherhand, you should use
$_POST to get any data submitted via an HTML form. You use $_POST["id"]; only when you want to get queries submitted via a form
Whatever the case maybe, you should not trust any data passed by either POST/GET. Therefore, before you put it in you mysql query, you should sanitize/escape it.
Like this:
$id = mysql_real_escape_string($_GET['id']),
Note. Every function that starts with
mysql_ is depredicated is unsafe to use, so you must learn about PDO or MySQLi
Posts
![IVRAMANA](https://draft.blogger.com/img/profile_blank_gray.jpg" title="IVRAMANA)
0 comments:
Post a Comment