[Solved] How to put the required parameters in link that accesses php?

Question

First, you have to fix your query string, the ? starts the string and each additional argument is prefixed with &:

www.example.com/[email protected]&Password=something50

Now all of the variables will be available in the $_GET array

$_GET['Email']; // is equal to "[email protected]"
$_GET['Password']; // is equal to "something50"

You should never concatenate variables in a SQL statement, you should use prepared statements to prevent SQL injection attacks. Here is a MySQLi example where you use the $_GET variable in one of your bound parameters:

$sql = $mysqli->prepare("SELECT * FROM User WHERE ID = ?");
$sql->bind_param('s', $_GET['Email']); // here we use the $_GET variable

Since you should never store plain text passwords you should use PHP’s built-in functions to handle password security. If you’re using a PHP version less than 5.5 you can use the password_hash() compatibility pack. It is not necessary to escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. Also, passing credentials in the query string is easily hackable and should not be done.

Accepted Answer

First, you have to fix your query string, the ? starts the string and each additional argument is prefixed with &:

www.example.com/[email protected]&Password=something50

Now all of the variables will be available in the $_GET array

$_GET['Email']; // is equal to "[email protected]"
$_GET['Password']; // is equal to "something50"

You should never concatenate variables in a SQL statement, you should use prepared statements to prevent SQL injection attacks. Here is a MySQLi example where you use the $_GET variable in one of your bound parameters:

$sql = $mysqli->prepare("SELECT * FROM User WHERE ID = ?");
$sql->bind_param('s', $_GET['Email']); // here we use the $_GET variable

Since you should never store plain text passwords you should use PHP’s built-in functions to handle password security. If you’re using a PHP version less than 5.5 you can use the password_hash() compatibility pack. It is not necessary to escape passwords or use any other cleansing mechanism on them before hashing. Doing so changes the password and causes unnecessary additional coding. Also, passing credentials in the query string is easily hackable and should not be done.