get-country-info
<form
name="countrysearchform"
id="countrysearchform"
action="<?php echo $_SERVER['PHP_SELF'];?>"
method="GET">
Search: <input name="country_name" type="text" size="30">
<br>
<p><input type="submit" value="Search"></p>
</form>
<?php
$dbh = mysqli_connect("127.0.0.1", "world", "world", "world");
$country_name = strtolower($_GET['country_name']);
#$country_name .= ' and Population > 8000000';
$sth = $dbh->prepare(
'select Name, Population from country where Name like ?'
);
$country_name .= '%';
$sth->bind_param("s", $country_name);
$sth->execute();
$sth->bind_result($name, $population);
while ($sth->fetch()) {
printf ("%s %s<br>\n", $name, number_format($population));
}
/*
SQL Injections
$query = sprintf(
'select Name, Population from country where Name = "%s"',
$country_name);
## 'select bla from bli where a="'.$a.'" and b = "'.$b.'"';
## sprintf 'select bla from bli where a="%s" and b = "%s"', $a, $b;
$result = $dbh->query($query);
$row = $result->fetch_assoc();
printf ("%s %s<br>\n", $row["Name"],
$row["Population"]
);
*/
get-country-info.txt · Last modified: 2016/05/10 16:00 by mh
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
