$_GET["name"] value not propagating inside loop

Question

In my program, I am trying to get the value submitted by a form and use in a sql query to retrive results and then again use the $_GET["name"] value for feeding data to the database. The following code is not propagating value inside while loop $_GET["name"]

    <?php
    session_start();
    $id = $_GET["name"];
    echo "<h2> Hello ".$id." </h2>" ;
    if((isset( $_POST['dept'])))

    {

    echo "<h2><center>You have sected  &nbsp;&nbsp;&nbsp;&nbsp;". $_POST['dept'] ." !!</center></h2>";


        $dept_ = $_POST['dept'];
          $options = $_POST['course'];
                 foreach($options as $option) //loop through the checkboxes
                 {

                    $uid="root";
                    $pass="root";

                    $db = mysql_connect("localhost:3036",$uid,$pass);
                if(!$db) die("Error connecting to MySQL database.");
                mysql_select_db("sync" ,$db);


        $result = mysql_query("SELECT DISTINCT `name`,`password`,INET_NTOA( `ip` ) FROM detail Where id = '$_GET["name"]' ;") or die(mysql_error());

        if(mysql_num_rows($result) > 0):

            while($row = mysql_fetch_assoc($result)): 
                    $name = $row['name']; 
                    $password = $row['password']; 
                $ip = $row['INET_NTOA( `ip` )'];
                echo $name ;            // NOT PRINTING ANYTHING
                echo $password ;       // NOT PRINTING ANYTHING
                echo $_GET["name"] ;  // NOT PRINTING ANYTHING


                $sql1_Qu = "INSERT INTO registration (id,password,ip,name,course) VALUES ('$_GET["name"]','$password',INET_ATON('$ip'),'$name','$option')";
                //$sql1_Qu = "INSERT INTO registration (id,password,ip,name,course) VALUES ('$id','$password',INET_ATON('$ip'),'$name','$option')";
                $resu = mysql_query($sql1_Qu) or die('Could not connect: ' . mysql_error());
            endwhile;
        endif;

         }
    }
?>

This is only printing at the 4th line but not propagating the value inside while loop, which contains database query.

Please suggest some way to solve the issue ... Thanks in advance

Your scipt is vulnerable against SQL injections and XSS attacks. In addition to that you should not use any `mysql_*` functions at all. Solve this "errors" beforehand. — DAG, May 25 '13 at 17:56
Everything @Christian said plus this: why are you using GET and POST? Is it a GET or a POST?? I'd the data can be in both places, use $_REQUEST for both instead. Also, remove the semi-colon from your SQL. It is unneccesary and can, in some circumstances, cause issues. — lucifurious, May 25 '13 at 17:59
@lucifurious you can post to a `?name=whatever` you just get a POST request with query parameters. Works fine. — Damien Overeem, May 25 '13 at 18:14

score 2 · Answer 1 · edited May 23 '17 at 12:05

2

I think you have a problem in escaping your double quote for your $_GET["name"]. Also is not clear to me if you have a $_GET or $_POST form since you used them both and this is could be an error.

$result = mysql_query("SELECT DISTINCT `name`,`password`,INET_NTOA( `ip` ) FROM detail Where id = '".$id."' ;") or die(mysql_error());

Furthermore your code is higly vurnerable to sql injections, please have a look at this post

Then I would like you to remember that mysql_* functions are deprecated so i would advise you to switch to mysqli or PDO

edited May 23 '17 at 12:05

Community

1
1

answered May 25 '13 at 17:55

Fabio

23,183
12
55
64

You can post something to `http:///?name=test`. You can actually use both. You will just have a POST request and also have query parameters.. – Damien Overeem May 25 '13 at 18:07

score 1 · Answer 2 · answered May 25 '13 at 18:01

This line:

$result = mysql_query("SELECT DISTINCT `name`,`password`,INET_NTOA( `ip` ) FROM detail Where id = '$_GET["name"]' ;") or die(mysql_error());

Has wrong escaping and is vulnerable to injection. Fix the escaping and use safe functions at the same time:

$result = mysql_query(
            sprintf("
              SELECT
                DISTINCT `name`,
                `password`,
                INET_NTOA( `ip` )
              FROM
                detail
              WHERE
                id = '%s'
             ", mysql_real_escape_string($id))
             ) or die(mysql_error());

score 0 · Answer 3 · answered May 25 '13 at 17:54

0

Change:

    FROM detail Where id = '$_GET["name"]' ;")

to

    FROM detail Where id = '" . $id .  "';")

answered May 25 '13 at 17:54

H2ONOCK

956
1
5
19

What's the difference (other than preferred method of coding)? – lucifurious May 25 '13 at 17:57
The way it's been done there are escaping of double quote issues. You could probably also fix by changing $_GET["name"] to $_GET[\"name\"] I would have thought. – H2ONOCK May 25 '13 at 17:59
1

This is not a solution, since `$id = $_GET['name'];` was set these two "variables" are equal... – DAG May 25 '13 at 18:00
Christian, does my answer fix the escaping of double quotes issue or not? – H2ONOCK May 25 '13 at 18:01
This is not solving the problem... actually the $id value even not passing to the while loop, as i left the $_GET["name"]' filed a blank field, and made an entry in tha database for blank "id" field those results are generated !! – pali May 25 '13 at 18:02
You need to make the same sort of change on the $sql1_Qu = variable too as you also have double escaping quote issues there too. – H2ONOCK May 26 '13 at 21:45

Damien Overeem · Answer 4 · 2013-05-25T18:05:23.773

0

You should be happy about that because your site is screaming for what people call SQL injection. http://en.wikipedia.org/wiki/SQL_injection

Basically a user of your site could just add ?name=<some sql code> to your url and manipulate your database (ie change passwords). ALWAYS VALIDATE INPUT! NEVER USE $_GET OR $_POST in sql queries.

Read more here to learn how to prevent SQL injections: http://php.net/manual/en/security.database.sql-injection.php

As for your answer. You are concatting your string incorrectly (or acually.. not at all).

Try to build your string this way: "INSERT INTO registration (id,password,ip,name,course) VALUES ('" . $_GET["name"] . "','$password',INET_ATON('$ip'),'$name','$option')"

edited May 25 '13 at 18:05

answered May 25 '13 at 17:57

Damien Overeem

4,487
4
36
55

can you please mention how to avoid the SQL injection problem !! – pali May 25 '13 at 18:07
I've added a link to the php manual talking about SQL injection. It also talks about how to avoid the issues. – Damien Overeem May 25 '13 at 18:10
this is not also inserting the variable in database – pali May 25 '13 at 18:12
Do an `var_dump($_GET['name']);` right before the insert. Does it contain anything at that point? – Damien Overeem May 25 '13 at 18:16
Then start moving that var_dump() line up in your code. When does it actually show content? That way you will find out which line clears the contents of your `$_GET['name']` as it stands. I can't find anything that would do such a thing in your code. I would expect it to be empty at the top aswell. – Damien Overeem May 25 '13 at 18:31
its not going inside " if((isset( $_POST['dept']))) ", the time I removed this loop I found it didnt went inside " foreach($options as $option) " loop basically I am unable to propagate inside any loop!! do you have any othe alternatives for propagating the $_GET["variable"] into loop – pali May 25 '13 at 18:40
Thats just plain silly. Variables dont just go empty because you enter a loop. Only situation that occurs is when you override the var while using ie. a for loop. If you do an `echo "test";` where you did the var_dump of $_GET['name'];. Does that echo? I have the feeling you are not even entering the loop. – Damien Overeem May 25 '13 at 19:37

$_GET["name"] value not propagating inside loop

4 Answers4