Can data be passed to a database from a url just by putting a ? in the url for example: www.yourdomain.com?data could the index.php file be done in a mater to know to do an action such as save "data" to a database etc when the above is visited by a user ?
Thanks for the reply and can php be done to save what ever is behind the ? (meaning any characters) Like .,%$ and so on
Place the following in index.php: <?php //this would give you whats behind the ? echo end(explode("?", $_SERVER['REQUEST_URI'])); ?> PHP: Then with some php knowledge you can use that...let me know if you need more help - would help me by giving a better description as to what you want saved and why.
Yes, this is the basis of many SQL injection attacks. This page has some examples you can take a look at.
so which prevents SQL injection attack but still allows me to do something like: www.yourdomain.com?data
just tring to allow visitors to add to database via url as oppose to filling form.. so i take it it's not possible ?
Maybe something like this? <?php $input = trim(end(explode("?", $_SERVER['REQUEST_URI']))); if(!empty($input)){ $input = strip_tags($input); $input = mysql_real_escape_string($input); //insert into db.. mysql_query("INSERT INTO table_name (column_name) VALUES ('{$input}')"); //added to database... } ?> PHP:
Even if you did it from a URL, they are filling out fields. It would be even harder in my opinion for them, as they would need to know SQL syntax, and need to debug their own code. There are so many things that can go wrong, I just don't know why you would want visitors to be able to do that..