How would I fetch variables from an URL and put it into my Database?

Question

So I've looked up many tutorials on how to get variables like http://example.net/pb.php?id=1&affsub=stringhere&key=123abc and then when that page is accessed I want it to be put into my database. But I have tried doing so by using this piece of code. And when accessing the page using ?id=1&affsub=stringhere&key=123abc it doesn't show any errors on the page and it also doesn't put it in the database as well. Now I'm not sure what is happening or what I need to do for that to work.

<?
if( $_POST )
{
  $con = mysql_connect("localhost","user","pass");

  if (!$con)
  {
    die('Could not connect: ' . mysql_error());
  }

  mysql_select_db("tbl", $con);

  $id = $GET['id'];
  $affsub = $_GET['affsub'];
  $key = $_GET['key'];

  $id = mysql_real_escape_string($id);
  $affsub = mysql_real_escape_string($affsub);
  $key = mysql_real_escape_string($key);

  $query = "
  INSERT INTO `tbl`.`users` (`id`, `affsub`, `key`) VALUES ('$id',
        '$affsub', '$key');";

  mysql_query($query);

  echo "<h2>User added to system.</h2>";

  mysql_close($con);
}
?>

1. _stop_ using the outdated, long deprecated and insecure `mysql_...()` functions, port your code to `mysqli` or `PDO` _now_. — arkascha, Jun 26 '17 at 22:11
2. You have to decide if you want to process a http post or a http get request, your current coded mixes both. — arkascha, Jun 26 '17 at 22:11
4. please read about the benefits of using "prepared statements" in combination with "parameter bindung" to prevent sql injection attacks. — arkascha, Jun 26 '17 at 22:13
5. _Usually_ a user id is _not_ something the client provides, that would lead to chaos. Instead it is an internal technical usually generated by the database itself. That guarantees uniqueness and usability. — arkascha, Jun 26 '17 at 22:14
7. sure, but not before recommending to the OP to start monitoring the http servers error log file for more details information about what _precise_ error actually occurs. — arkascha, Jun 26 '17 at 22:16
An http server _always_ writes an error log file, _unless you explicitly disabled it_, which you should _never_ do. — arkascha, Jun 26 '17 at 22:58
@arkascha - Typically I find that PHP application level errors are not written to the logs - e.g., 404, 500 (e.g., PHP file abend) yes, but MySQL coding, incorrect variable names, etc. no. — manassehkatz-Moving 2 Codidact, Jun 27 '17 at 00:03
Invalid sql statements are definitely logged, "incorrect variables"... well what is that? Keep in mind that php is a dynamic language, so only syntactically invalid variables names can be considered invalid. But anyway, so you _do_ have an error log file with entries, but none of those entries is relevant here in your eyes. — arkascha, Jun 27 '17 at 05:37
Consider the other hints you were given, try to debug yourself step by step. There are many issues here, you will have to resolve them one by one. — arkascha, Jun 27 '17 at 05:38

manassehkatz-Moving 2 Codidact · Answer 1 · 2017-06-26T23:48:46.567

0

Everything is inside if ($_POST) so you need to to retrieve the data from $_POST[] instead of $_GET[] (and the typo. error $GET['id']). In addition, the parameters should not be in the URL - that would normally indicate a form using the get method but for updating a database you normally want to use method="post" in your form.

edited Jun 26 '17 at 23:48

answered Jun 26 '17 at 22:11

manassehkatz-Moving 2 Codidact

2,906
2
15
25

Considering the example URL the OP gave the desired values will _not_ be populated into the `$_POST` superglobal variable... – arkascha Jun 26 '17 at 22:18
@arkascha - I missed that. You're right. So now we have a mix between (apparently) form method "get" (probably by default), if $_POST, trying to retrieve parameters with $_GET and a mistaken $GET. Oh what a mess... – manassehkatz-Moving 2 Codidact Jun 26 '17 at 23:46

How would I fetch variables from an URL and put it into my Database?

1 Answers1