0

This is the code placed in unlock.php:

> <?php require_once("../../db-config.php");
> 
> $Result = "ERROR, still locked..."; if (isset($_POST['User'])) { 
>         if (mysql_query("DELETE FROM LoginAttempts WHERE User='".$_POST['User']."'", $conn))
>                 $Result = "User Unlocked"; } if ($conn)
>         mysql_close($conn); echo $Result; ?>

I want to unlock a user, I'm trying like this but getting the error "Error still locked..." instead of "User unlocked":

http://example.com/unlock.php?User=Administrador

How should I pass the variable User=name in the URL?

Improve this question
7
  • don't bother, someone will unlock your whole database with sql injection pretty soon Commented Dec 15, 2016 at 9:57
  • 1
    Use $_GET instead of Post. GET if for getting parameters from URL, POST is for data submitted by a HTML form. And yes, you're not save for SQL injections at all. Commented Dec 15, 2016 at 9:58
  • as @Twinfriends said just change $_POST to $_GET Commented Dec 15, 2016 at 10:02
  • @AmanRawat Yeah it will solve his problem, but it wont change anything that there's no security. SQL injection incoming. He should use prepared statements to avoid this. NEVER put get/post parameter directly into a query. Commented Dec 15, 2016 at 10:04
  • For learning prepared statements with PDO use this link w3schools.com/php/php_mysql_prepared_statements.asp Commented Dec 15, 2016 at 10:10

2 Answers 2

Reset to default
1

You can collect your URL params using $_GET. Or $_REQUEST (which collects from POST, GET and COOKIE).

Beware that this call:

http://example.com/unlock.php?User=Administrador' OR 1=1

will empty your LoginAttempts table.

At least sanitize your input with mysql_real_escape_string($_GET['User']).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Apache forbids the access by using this URI
0

I've solved this by going to PHPmyadmin and deleting the corresponding failed login attempts entries in the db table.

Different approach solves the issue. I've already warned about the security concerns.

Thanks guys.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.