POST request using C# WebClient

Question

I want to make a web request using WebClient but my problem is that the parameters are not being sent or [ submitted ]

code:-

 private void Button1_Click(object sender, EventArgs e)
        {
            string URI = "http://127.0.0.1/file/function/load.php";
            string myParameters = "?machinename=ncemachine&opreationsystem=Windows7&cpu=inteli3&gpu=nvidiaGTX&netframework=5.4&ram=4GB";

            using (WebClient wc = new WebClient())
            {
                wc.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
                string HtmlResult = wc.UploadString(URI, myParameters);
            }
        }

load.php

<?php
$MachineName = $_GET['machinename'];
$OpreationSystem  = $_GET['opreationsystem'];
$cpu = $_GET['cpu'];
$gpu = $_GET['gpu'];
$netframework = $_GET['netframework'];
$ram = $_GET['ram'];
require_once '../conf.php';
echo'test';
$dbCon = "mysql:host=$host;dbname=$db_name";
$conn = new PDO($dbCon, $username, $password);
$getquery = $conn->prepare("INSERT INTO `players` (`id`, `Pcname`, `opreationsystem`, `cpu`, `gpu`, `netframework`, `ram`) VALUES (NULL, '".$MachineName."', '".$OpreationSystem."', '".$cpu."', '".$gpu."', '".$netframework."', '".$ram."')");

$getquery->execute();

?>

the above code gives only empty rows inside the players table

Answer 1

As per the documentation (https://learn.microsoft.com/en-us/dotnet/api/system.net.webclient.uploadstring?view=net-5.0), UploadString sends a POST request by default.

So if you replace all your references to $_GET with $_POST in the PHP it should find the variables.

Alternatively you can specify the HTTP method when you call UploadString, e.g.

wc.UploadString(URI, "GET", myParameters)

Specific documentation for that method overload: https://learn.microsoft.com/en-us/dotnet/api/system.net.webclient.uploadstring?view=net-5.0#System_Net_WebClient_UploadString_System_String_System_String_System_String_

---

P.S. your code is vulnerable to SQL injection attacks. You're using prepared statements, but that provides no protection unless you also use parameters with them. See How can I prevent SQL injection in PHP? for examples of how to create your queries safely in PHP.