Home/ Questions/Q 8187551
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T02:35:52+00:00

I will be sending a request to the PHP code through a GET request.

  • 0

I will be sending a request to the PHP code through a GET request. it will have several parameters passed. I will be using these parameters in the WHERE clause of my select statement.

GET REQUEST

http:// localhost/server/person.php?Id=1&age=12&hieght=100

PHP code

<?php
$connection = mysql_connect("localhost","user","pwd");
if (!$connection )
  {
  die('FAIL: ' . mysql_error());
  }
mysql_select_db("db", $connection );
$result = mysql_query("SELECT * FROM Person where hieght='$_GET[hieght]");
$num_rows = mysql_num_rows($result);
?>

i think my PHP code is wrong. I am not sure if this is the way to grab variables from a GET request.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To get a variable from $_GET use, as an example to get height from $_GET array you can write

    $height=$_GET['height'];

    so you can write

    $result = mysql_query("SELECT * FROM Person where hieght='".$hieght."'");

    or you can write

    $result = mysql_query("SELECT * FROM Person where hieght='".$_GET['height']."'");

    Update:

    Use mysql_real_escape_string to prevent sql injection, like

    $height=$_GET['height'];
$result = mysql_query("SELECT * FROM Person where hieght='".mysql_real_escape_string($hieght)."'");

    or

    $result = mysql_query("SELECT * FROM Person where hieght='".mysql_real_escape_string($_GET['height'])."'");
    • 0