torontob Posted May 6, 2010 Share Posted May 6, 2010 Hi Guys, I am new to php but have done programs in C, Basic, etc... I have a mysql database with a field named Balance which keeps the balance for customer accounts. I want to be able to provide the customers with option to check balance by simply inputing this into their browser: http://my.website.com/balance.php?acountnumber=12121212 and I want balance.php to now go to MySQL and retreive the balance number corresponding to account number 12121212 and display on the screen. Can you please guide me on how to do this? Some snippets of the code would greate help. Also is my URL format using "?" and "=" sign right? Thanks again Quote Link to comment Share on other sites More sharing options...
gabaroar Posted May 6, 2010 Share Posted May 6, 2010 Hello What you looking for is a get variable. You can find information with examples here (http://www.w3schools.com/PHP/php_get.asp) I like to use MDB2 for mysql work(http://pear.php.net/package/MDB2/) Quote Link to comment Share on other sites More sharing options...
torontob Posted May 6, 2010 Author Share Posted May 6, 2010 Perfect! Amazing. Thank you very much. Here is my sample code: PHP: <?php $con = mysql_connect("localhost","username","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("mya2billing", $con); $result = mysql_query("SELECT * FROM cc_card WHERE username='12345671234'"); while($row = mysql_fetch_array($result)) { echo $row['credit'] . " " . $row['id']; echo "<br />"; } ?> This works fine and pulls up "credit" and "id" based on WHERE username=12345671234 but what can I replace that username value to in order to be able to do something like this: http://my.site.com/balance.php?username=99999 so that then I can pull balance on username 99999. My method is static and hooked up to only username=12345671234 now. Thanks again Quote Link to comment Share on other sites More sharing options...
gabaroar Posted May 6, 2010 Share Posted May 6, 2010 I believe something like this <?php $username = $_GET['username']; $con = mysql_connect("localhost","username","password"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("mya2billing", $con); $result = mysql_query("SELECT * FROM cc_card WHERE username='" . $username . "'"); while($row = mysql_fetch_array($result)) { echo $row['credit'] . " " . $row['id']; echo "<br />"; } ?> Quote Link to comment Share on other sites More sharing options...
pengu Posted May 6, 2010 Share Posted May 6, 2010 Not very secure though, lol. Check out security regarding credit cards and PHP/MySQL security in general. Quote Link to comment Share on other sites More sharing options...
torontob Posted May 6, 2010 Author Share Posted May 6, 2010 Thanks Gabroar. And security was indeed my next question because mysql password is plain text. Or maybe someone gets create or if there is a hole in php or browser and appends some other variables to the end of the URL and now they can read the whole database. Is that possible? Has it happened before? Or is php file totally hidden to the users eye all the time? Credit in this case only refers to Balance field but you are right and there are some other sensitive information stored in the same database such as usernames/passwords in plaint text. Thanksm Bruce Quote Link to comment Share on other sites More sharing options...
torontob Posted May 6, 2010 Author Share Posted May 6, 2010 Anything guys? Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.