stackoom
  简体   繁体   中英

Pass PHP variable in URL query

 原文  2016-12-15 09:56:35       php/ mysql/ url

Question

This is the code placed in unlock.php : 

> <?php require_once("../../db-config.php");
> 
> $Result = "ERROR, still locked..."; if (isset($_POST['User'])) { 
>         if (mysql_query("DELETE FROM LoginAttempts WHERE User='".$_POST['User']."'", $conn))
>                 $Result = "User Unlocked"; } if ($conn)
>         mysql_close($conn); echo $Result; ?>

I want to unlock a user, I'm trying like this but getting the error "Error still locked..." instead of "User unlocked" : 

http://example.com/unlock.php?User=Administrador

How should I pass the variable User=name in the URL?

2 answers

solution1
 1  2016-12-15 10:14:13

You can collect your URL params using $_GET. Or $_REQUEST (which collects from POST, GET and COOKIE).

Beware that this call:

http://example.com/unlock.php?User=Administrador' OR 1=1

will empty your LoginAttempts table.

At least sanitize your input with mysql_real_escape_string($_GET['User']) .

solution2
 0  2016-12-15 10:50:11

I've solved this by going to PHPmyadmin and deleting the corresponding failed login attempts entries in the db table.

Different approach solves the issue. I've already warned about the security concerns.

Thanks guys.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP pass variable through URL Pass Javascript variable in PHP query Pass a PHP variable to a MySQL query Pass Jquery variable through url to php pass a variable to php page via dropzone url? Pass a dynamic variable through URL php How to pass a javascript variable in a PHP url?? How to pass PHP variable to AJAX URL Trying to pass string after # in URL to a PHP variable how to pass a variable thru URL in php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM