html - Printing a username by id via php from MySQL -
i trying print username database via id. want id choosen entering input form, not work. clues why?
<div> <p><u>anzeigen eines users mit eingebafeld für die id</u></p> <form method="post1" > <p>zu suchende id:</p> <input type="text" name="id" class="form-control"><br> <input type="submit" name="buttonid" value="suchen" class="btn btn-primary" > </form> </div> <div> <?php /*ini_set('display_errors', 0);*/ $mysqli = new mysqli("localhost", "test", "test", "test"); if ($mysqli->connect_errno) { print "failed connect mysql: " . $mysqli->connect_error; } $id = @$_post1; $res = $mysqli->query("select username user id = $id"); $row = $res->fetch_assoc(); print '<p>' . $row['username'] .'</p>'; ?> </div> </div>
most want this:
<div> <p><u>anzeigen eines users mit eingebafeld für die id</u></p> <form method="post" > <p>zu suchende id:</p> <input type="text" name="id" class="form-control"><br> <input type="submit" name="buttonid" value="suchen" class="btn btn-primary" > </form> </div> <div> <?php /*ini_set('display_errors', 0);*/ if (isset($_post['id'])){ $mysqli = new mysqli("localhost", "test", "test", "test"); if ($mysqli->connect_errno) { print "failed connect mysql: " . $mysqli->connect_error; } $id = $mysqli->real_escape_string($_post['id']); $res = $mysqli->query("select username user id = $id"); $row = $res->fetch_assoc(); print '<p>' . html_entities($row['username']) .'</p>'; } ?> </div> </div> note changes:
- post1 --> post
@$post1-->$_post['id'], no clue saw weird code..- adding
real_escape_stringmake sure entered id not sql injection, can cast int. - adding
html_entitiessure username xss safe.
the variables in form captured in $_post array when method of form set post. note check if array has value id because php code executed whenever form loads, if form not submitted yet.
Comments
Post a Comment