The question mark of URL in PHP

Question

1.00/5 (1 vote)

See more:

Hello guys! I am trying to insert data to the database and after sending the data using form the URL which I am using POST method will be something like this " somelinks/add-result.php?"
What's going on with it, any idea?

What I have tried:

this is the page for inserting data to the database, and I am using form action as insert.php and method is POST.

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "result1";
$con= mysqli_connect('localhost','root','','$dbname');

if(!$con){
echo'Not connected to server';
}
if(!mysqli_select_db($con,'result1'))
{
echo 'data base not selected';
}
$name =$_GET['Name'];
$id =$_GET['id'];
$Class =$_GET['Class'];
$Law =$_GET['Law'];
$Hoqoq =$_GET['Hoqoq'];
$PanelCode =$_GET['Law panel'];

$sql="INSERT INTO result (Name,id,Class,Hoqoq,Law,Law panel)VALUES('$name','$id','$Class','$Hoqoq','$Law','$PanelCode')";
if(!mysqli_query($con,$sql))
{
echo'Not Inserted';
}
else{
echo'Inserted';
}
header("refresh:2; url=admin-panel.php");
?>

Posted 5-Oct-20 0:56am

Afg Hunter

Updated 13-Apr-21 22:41pm

Add a Solution

Comments

Richard Deeming 5-Oct-20 10:04am

$sql="INSERT INTO result (Name,id,Class,Hoqoq,Law,Law panel)VALUES('$name','$id','$Class','$Hoqoq','$Law','$PanelCode')";

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

Afg Hunter 5-Oct-20 12:20pm

its hard to digest those things written in manual but I will have a research on it, Thanks Richard! <3

Afg Hunter 5-Oct-20 12:22pm

do you think this one is fine ?

connect_error) {
die("Connection failed: " . $conn->connect_error);
}

// prepare and bind
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)");
$stmt->bind_param("sss", $firstname, $lastname, $email);

// set parameters and execute
$firstname = "John";
$lastname = "Doe";
$email = "john@example.com";
$stmt->execute();

$firstname = "Mary";
$lastname = "Moe";
$email = "mary@example.com";
$stmt->execute();

$firstname = "Julie";
$lastname = "Dooley";
$email = "julie@example.com";
$stmt->execute();

echo "New records created successfully";

$stmt->close();
$conn->close();
?>

Richard Deeming 5-Oct-20 12:23pm

That looks much better. :)

Afg Hunter 6-Oct-20 3:11am

then how do I take the data from HTML form and send it to data base ?

Richard Deeming 6-Oct-20 3:19am

Using the $_GET or $_POST collections. Just store them in the variables you've bound to the parameters.

$stmt->bind_param("sss", $firstname, $lastname, $email);
$firstname = $_GET['FirstName'];
...

Afg Hunter 6-Oct-20 14:06pm

Rechard I am getting form values in URL and they are not being sent to the database. Name=rashed&id=10&class=10&submit=

Richard Deeming 7-Oct-20 6:34am

Your query-string values don't match the values you're trying to extract.

Name=...

$firstname = $_GET['FirstName'];

There is no FirstName parameter in your query-string.

Afg Hunter 8-Oct-20 2:01am

thanks Richard! ^_^ its working now, now I am having trouble with updating the table -_-.

Sandeep Mewara 5-Oct-20 10:23am

Your issue is not clear. You are usign query string and not able to get data?

Afg Hunter 5-Oct-20 12:12pm

yea, the data is not storing in website's Database.

Sandeep Mewara 5-Oct-20 14:38pm

Above code you share looks all static. Is there a problem with it?

Further, I was asking how are you passign data - using a query param or using header or body?

Afg Hunter 6-Oct-20 3:12am

I was using POST method to send the data as u can see that in codes,but I was getting a question mark after the URL and the data was not getting stored in database.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Accepted Answer · 2020-10-05T01:29:00

Solution 1

The data sent in a POST request is in the $_POST array. See PHP: $_POST - Manual[^]

Posted 5-Oct-20 1:29am

Richard MacCutchan

W∴ Balboos, *GHB* · Accepted Answer · 2020-10-06T04:30:00

Adding to Sandeep's answer, above, there's a third option:

$_REQUEST works for both $_PUT and $_GET data. There's a possible catch: if you post both types of data to the same page AND they both use the same id then you will have a clash in not being able to get them both. HOWEVER - I've never done both, together, and certainly wouldn't reuse the name for the index, anyway. It's never been a problem in about ten years.

Sandeep Mewara · Accepted Answer · 2020-10-05T21:29:00

You say that you POST the data but in your code above you are retrieving a using GET.

PHP

$name =$_GET['Name'];
$id =$_GET['id'];
$Class =$_GET['Class'];
$Law =$_GET['Law'];
$Hoqoq =$_GET['Hoqoq'];
$PanelCode =$_GET['Law panel'];

Read about them: POST (works with headers) vs GET (it works with query strings - data after ? in url): PHP - GET & POST Methods - Tutorialspoint[^]

Assuming you made a right POST call, following is the way to retrieve data:

PHP

if(isset($_POST['save']))
{	 
    $id =$_POST['id'];
    $Class =$_POST['Class'];
    $Law =$_POST['Law'];
    $Hoqoq =$_POST['Hoqoq'];
    $PanelCode =$_POST['Law panel'];
    $sql =...
}

A sample for your reference.: Insert Data Into MySQL Using PHP[^]

As R.Deeming shared, make sure to have parameterized query to avoid SQL Injection.

The question mark of URL in PHP

3 solutions

Solution 1

Solution 3

Solution 2

Add your solution here

Preview 0