User Tools

Site Tools


get-country-info

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

get-country-info [2016/05/10 16:00] (current)
mh created
Line 1: Line 1:
 +<​code>​
 +<​form ​
 +  name="​countrysearchform" ​
 +  id="​countrysearchform"​
 +  action="<?​php echo $_SERVER['​PHP_SELF'​];?>"​
 +  method="​GET">​
 +  ​
 +Search: <input name="​country_name"​ type="​text"​ size="​30"> ​
 +<br>
 +<​p><​input type="​submit"​ value="​Search"></​p>​
 +</​form> ​   ​
  
 +<?php
 +
 +$dbh = mysqli_connect("​127.0.0.1",​ "​world",​ "​world",​ "​world"​);​
 +
 +$country_name = strtolower($_GET['​country_name'​]);​
 +
 +#​$country_name .= ' and Population > 8000000';​
 +
 +$sth = $dbh->​prepare(
 +'​select Name, Population from country where Name like ?'
 +);
 +
 +$country_name .= '​%';​
 +$sth->​bind_param("​s",​ $country_name);​
 +$sth->​execute();​
 +$sth->​bind_result($name,​ $population);​
 +while ($sth->​fetch()) {
 +  printf ("%s %s<​br>​\n",​ $name, number_format($population));​
 +}
 +
 +
 +/*
 +SQL Injections ​
 +
 +$query = sprintf(
 +'​select Name, Population from country where Name = "​%s"',​
 + ​$country_name);​
 +
 +## '​select bla from bli where a="'​.$a.'"​ and b = "'​.$b.'"'; ​
 +## sprintf '​select bla from bli where a="​%s"​ and b = "​%s"',​ $a, $b; 
 + 
 +$result = $dbh->​query($query);​
 +
 +$row = $result->​fetch_assoc();​
 +printf ("%s %s<​br>​\n",​ $row["​Name"​], ​
 +                       ​$row["​Population"​]
 +   );
 +*/
 +</​code>​
get-country-info.txt ยท Last modified: 2016/05/10 16:00 by mh