I have a doubt about how I can check an URL like this:
http://your.url/set_new_password.php?userid=564979&code=54c4a2767c2f485185ab72cdcf03ab59
I need to check if the userid exists in the database and if the userid is associated to the hash in the link.
I Read that it is not possible check the url within php. If so, is it possible to solve this problem? I need to verify if the hash and userid present in the link exist in the database.
Any other alternatives?
The variables userid and code in the URL are made available to PHP in an array called GET:
echo $_GET['userid']; // 564979
If you have a hash (or fragment) in your URL, this won't get back to PHP:
www.mysite.com?val=1#part2
In the above, PHP can see the domain and the val variable, but not #part2. Sites that use the hash to significantly change the page (eg GMail) use javascript to pull in new content when the hash changes.
Be sure to sanitize your variables before using them, to avoid malicious users being able to hack into your system. This is a big topic, but read up on the following:
- Data Filtering
- PHP Data Objects
- Sanitize and Validate Data with PHP Filters
If you don't sanitize, someone could change your url so that the variable is set to:
;DELETE * FROM mytable;
When you query your db without sanitising your inputs, you could lose all your data.
use the $_GET variable in php
$_GET['userid']
see tutorial here
In PHP, the $_GET array has the url parameters. So in this case, you'd use $_GET['userid'] and $_GET['code']
See Server consist of apache , php , mysql . When you access this url through your browser it is first send to apache which forwards your request to php . Php takes full controle from there on . A request made by client browser consist of various data which can be divided into types cookies , headers , post , get request . All these data can be access in there respective suprglobal variables in php $_GET , $_POST and so on . In your case you need to access $_GET . so do $_GET['userid'] to access userid , and $_GET['code'] to access code . Lastly you would connect ot MYSQL and do querly like "Select * from users where 'userid' = $_GET['userid'] and 'code' = $_GET['code'] " ;
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论