PHP question (check.php?user=AnyName //How does this work?)

[NewBiee]

Hey guys, I'm still learning some PHP and I wanna know what is that thing called:

"check.php?user=AnyName"

for example I access http://127.0.0.1/check.php?user=AnyName

I want to view tables that has the user name "AnyName"

Can someone post what this kind of php stuff is?
Or link me to a site that has a tutorial?

Also, a simple sample would be greatly appreciated and a big contribution for my studies in PHP.

Thank you in advance guys!

 

[devNULL]

hmmm ...

http://www.w3schools.com/php/php_mysql_where.asp

in php there will be something like $_GET["user"]

 

[CJ]

thats GET method to pass the data. Read more here
http://www.w3schools.com/php/php_get.asp
http://www.tizag.com/phpT/postget.php

 

[NewBiee]

Thank you so much for your fast response guys! I really appreciate it!

 

[Putin]

I've written an example script for you along with explainations for what each function does.

<?php
$username = mysql_escape_string($_GET['user']);
$results = mysql_fetch_array(mysql_query("SELECT * FROM users_tablename WHERE username_col = '".$username."' LIMIT 1"));
print_r($results);
?>

mysql_escape_string - prepares the string, provents errors showing when you enter certain characters and also provents hackers.
mysql_query -Runs the SQL query, to learn that read http://www.w3schools.com/php/php_mysql_intro.asp
mysql_fetch_array - Gets the array from the query
print_r - that prints the array, to get a certain part of the array such as their email address replace that print_r line with: echo $results['email_col']; ofcause replace email_col with the name of the email column

the $_GET['user'] gets the 'user' from the URL

don't forget to replace users_tablename with the table name where the users are stored and don't forget to replace username_col with the column which stores the username.

hope that makes sense to you

 

[NewBiee]

I've written an example script for you along with explainations for what each function does.

mysql_escape_string - prepares the string, provents errors showing when you enter certain characters and also provents hackers.
mysql_query -Runs the SQL query, to learn that read http://www.w3schools.com/php/php_mysql_intro.asp
mysql_fetch_array - Gets the array from the query
print_r - that prints the array, to get a certain part of the array such as their email address replace that print_r line with: echo $results['email_col']; ofcause replace email_col with the name of the email column

the $_GET['user'] gets the 'user' from the URL

don't forget to replace users_tablename with the table name where the users are stored and don't forget to replace username_col with the column which stores the username.

hope that makes sense to you

thank you for this! I didn't know about the vulnerability thing, does this code is hacker prevented already?

 

[Putin]

thank you for this! I didn't know about the vulnerability thing, does this code is hacker prevented already?

Yes, the code I provided provents the hacker from doing an "SQL Injection".

Just make sure before you submit a string into a database you use that mysql_escape_string function on it first and you wont need to worry

 

[NewBiee]

Thanks puttin! So I've made this code now, can you check if there are any vulnerabilities?


http://localhost/index.php?username=test

<?php
$user = mysql_escape_string($_GET['username']);
function calc_time($seconds) {
    $days = (int)($seconds / 86400);
    $seconds -= ($days * 86400);
    if ($seconds) {
        $hours = (int)($seconds / 3600);
        $seconds -= ($hours * 3600);
    }
    if ($seconds) {
        $minutes = (int)($seconds / 60);
        $seconds -= ($minutes * 60);
    }
    $time = array('days'=>(int)$days,
            'hours'=>(int)$hours,
            'minutes'=>(int)$minutes,
            'seconds'=>(int)$seconds);
    return $time;
}

$con = mysql_connect("localhost","root","pass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("vpn", $con);
$result = mysql_query("SELECT * FROM users WHERE user_name='$user'");

while($row = mysql_fetch_array($result))
  {
  $dur = calc_time($row[duration]);
  $dur1 = $dur[days] . " day(s), " . $dur[hours] . " hour(s) and " . $dur[minutes] . " minutes";
  }
?> 

<html>
<body>
<input type="text" name="exp" value="<?php echo $dur1 ?>"/>
</body>
</html>

I really appreciate your help BTW.

 

[Putin]

No vulnerabilities in your script

However, since you're grabbing only one username rather than multiple users, surely you don't need to 'while' it?

Consider replacing

while($row = mysql_fetch_array($result))
{
$dur = calc_time($row[duration]);
$dur1 = $dur[days] . " day(s), " . $dur[hours] . " hour(s) and " . $dur[minutes] . " minutes";
}

with

$row = mysql_fetch_array($result);
if(!$row){ die("Username not found"); }

$dur = calc_time($row[duration]);
$dur1 = $dur[days] . " day(s), " . $dur[hours] . " hour(s) and " . $dur[minutes] . " minutes";

It will only run the fetch function once then and it will die/end the page if the username is not found (if they are entering a fake username it'll display 'Username not found' rather than the content)

 

[NewBiee]

Thank you soo much puttin! I really appreciate your help! Hope I can make it up to you! You're a life saver!