<?php $var1 = ""; $var2 = ""; // FUNCTION TO CLEAN SQL INJECTIONS FROM

1. <?php
2.  
3. $var1 = "";
4. $var2 = "";
5.  
6. // FUNCTION TO CLEAN SQL INJECTIONS FROM POST DATA
7. function clean($value){
8. if ( get_magic_quotes_gpc() ){
9. $value = stripslashes($value);
10. }
11. return $value;
12. }
13.  
14. if(isset($_GET['id']) && is_numeric($_GET['id'])){
15.  
16. $id = $_GET['id'];
17.  
18. // CONNECT DATABASE
19. $db = new PDO('mysql:host=127.0.0.1;dbname=mysql_table', 'mysql_user', 'mysql_pass');
20.  
21. $link = $db->prepare("SELECT * FROM user_data WHERE id = :id");
22. $link->execute(array('id' => $id));
23.  
24. $data = $link->fetchAll();
25.  
26. if(count($data) > 0){
27. $var1 = $data[0]['var1'];
28. $var2 = $data[0]['var2'];
29. }else{
30. die('Invalid user');
31. }
32.  
33. }else{
34. die('Invalid user');
35. }
36. ?>
37.  
38. <!DOCTYPE html>
39. <html>
40. <head>
41. </head>
42. <body>
43. </body>
44. <?php
45. echo '<p>'.$var1.'</p>';
46. echo '<p>'.$var2.'</p>';
47. ?>
48. </html>