[SOLVED] getting variable from url address

[gsquare567]

$result = mysql_query("SELECT * FROM AuthDB WHERE Username = $_GET['username']");

 

this does not work. in the address bar i typed in http://localhost/abc.php?username=Test

am i using the GET wrong?

[bobleny]

$result = mysql_query("SELECT * FROM AuthDB WHERE Username = $_GET['username']");

 

this does not work. in the address bar i typed in http://localhost/abc.php?username=Test

am i using the GET wrong?

 

Oh man! You best not do that! That is generally a bad idea! You want to control what your user puts into your query. Never put direct user info into a query!

[cmgmyr]

Take a look at this: http://www.unixwiz.net/techtips/sql-injection.html

 

you would be better off storing the username and/or userid in a session (or something) then running a query from that after they are signed in.

[desithugg]

<?

$find_user = $_GET['username'];

$query = mysql_query("SELECT * from AuthDB WHERE Username = '$find_user'") or die(mysql_error());

$row = mysql_fetch_array( $query );

$user_check = $row["id"];

if($user_check=="") { echo"Invalid Username"; exit; }

else { //carry out what ever

}

?>

I tried doing this

$query = mysql_query("SELECT * from AuthDB WHERE Username = $_GET['username']") or die(mysql_error()); 

once but it didn't work but than i tried

$find_user = $_GET['username'];
$query = mysql_query("SELECT * from AuthDB WHERE Username = '$find_user'") or die(mysql_error()); 

and it worked not sure why but you can give it a try

[gsquare567]

thanks so much! it works!!! ur a great help.