I create new PHP page to retrieve data from a database, but I want to include the PHP query code in the cs-cart page. and does my code not secure for a hacker to the database.
here is my code {
#customers {
font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
border-collapse: collapse;
width: 100%;
}
#customers td, #customers th {
border: 1px solid #ddd;
padding: 8px;
}
#customers tr:nth-child(even){background-color: #f2f2f2;}
#customers tr:hover {background-color: #ddd;}
#customers th {
padding-top: 12px;
padding-bottom: 12px;
text-align: left;
background-color: #4CAF50;
color: white;
}
input[type=submit] {
width: 250px;
background-color: #4CAF50;
color: white;
padding: 14px 20px;
margin: 8px 0;
border: none;
border-radius: 4px;
margin-left: 20px;
cursor: pointer;
}
input[type=text] {
width: 200px%;
padding: 12px 20px;
margin: 8px 0;
display: inline-block;
border: 1px solid #ccc;
border-radius: 4px;
box-sizing: border-box;
}
if ($_SERVER["REQUEST_METHOD"] == "POST"){
$id =$_POST["id"];
$conn = new mysqli($localhost, "username", "pass", "sdb_name");
$id = $_POST["id"];
$sql = "SELECT `firstname` , `lastname` FROM `cscart_users` WHERE user_id = $id";
$result= mysqli_query($conn , $sql);
if ($result->num_rows > 0) {
while ($row= mysqli_fetch_array($result)){
echo "
"; }
}
}
?>
please enter user_id:
firstname | lastname |
---|---|
". $row["firstname"] ." | ". $row["lastname"] ." |
}