Untitled

  GNU nano 2.2.6                                                   File: sql_get.php

<?php
$servername = "127.0.0.1";
$username = "root";
$password = "notplaningtodisclosure that";
$dbname = "either way fuck you";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
$vorname = $_GET['vorname'];
$sql = "SELECT userid, username, nachname FROM kunden WHERE vorname ='".$vorname."';";
$result = $conn->query($sql); // sql injection there

if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo "id: " . $row["userid"]. " - Username: " . $row["username"]. " " . $row["nachname"]. "<br>";
    }
} else {
    echo "0 results";
}
$conn->close();
?>