Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $var1 = "";
- $var2 = "";
- // FUNCTION TO CLEAN SQL INJECTIONS FROM POST DATA
- function clean($value){
- if ( get_magic_quotes_gpc() ){
- $value = stripslashes($value);
- }
- return mysql_real_escape_string($value);
- }
- if(isset($_GET['id']) && is_numeric($_GET['id'])){
- $id = $_GET['id'];
- // CONNECT DATABASE
- $db = new PDO('mysql:host=127.0.0.1;dbname=mysql_table', 'mysql_user', 'mysql_pass');
- $link = $db->prepare("SELECT * FROM user_data WHERE id = :id");
- $link->execute(array('id' => $id));
- $data = $link->fetchAll();
- if(count($data) > 0){
- $var1 = $data[0]['var1'];
- $var2 = $data[0]['var2'];
- }else{
- die('Invalid user');
- }
- }else{
- die('Invalid user');
- }
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- </head>
- <body>
- </body>
- <?php
- echo '<p>'.$var1.'</p>';
- echo '<p>'.$var2.'</p>';
- ?>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
