User Tag List

Results 1 to 6 of 6

Thread: Get Object Using Post, please help!!!

  1. #1
    Clicker Fusion 2.5 DeveloperSWF Export Module

    Join Date
    Apr 2008
    Posts
    483
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Get Object Using Post, please help!!!

    I am having issues trying to update a record using the get object and php. I am not getting any returned error message.

    here is my php script:

    <?
    // SETUP DATABASE
    $dbhost = 'example.test.com';
    $dbuser = 'user';
    $dbpass = 'password';
    $dbname = 'database';
    // OPEN
    $conn = mysql_connect($dbhost, $dbuser, $dbpass)or die('Error connecting to database');
    mysql_select_db($dbname);

    $query = "UPDATE Client_Users SET password='$_POST['password']' WHERE email='$_POST['email']'"
    $insert_the_data = mysql_query($query)or die(mysql_error());

    // Close Database
    mysql_close($conn);

    ?>

    In Fusion, I am doing this.

    Button Clicked
    ----------------------
    (get object: Add Post data "email" = "Test@mysite.com"
    (get object: Add Post data "password" = "123456"
    (get object: Get URL "http://www.mysite.com/update.php

  2. #2
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export Module
    Fusion 2.5 (Steam)Fusion 2.5 Developer (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)iOS Export Module (Steam)
    Sparckman's Avatar
    Join Date
    Feb 2011
    Location
    Planet of the Kangaroos
    Posts
    1,423
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Here is something similar - all you have to do is change it update

    Support Files

  3. #3
    Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator ProUnicode Add-on

    Join Date
    Jun 2011
    Posts
    628
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Your query is unsafe and you forgot ";" at end of line with query.

    Try this:
    $query = "UPDATE `Client_Users` SET `password` = '".md5($_POST['password'])."' WHERE 'email'=".addslashes($_POST['email']);

    You should store password as md5 or other hash type

  4. #4
    Clicker Fusion 2.5 DeveloperSWF Export Module

    Join Date
    Apr 2008
    Posts
    483
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Get Object Using Post, please help!!!

    Sparckman, your tutorials are always helpful and awesome. Please keep making more. And cold fire, thank you and I will test again. Why was it unsafe?

  5. #5
    Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator ProUnicode Add-on

    Join Date
    Jun 2011
    Posts
    628
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Because I can make SQL injection to your code.

  6. #6
    Forum Moderator Fusion 2.5 DeveloperHTML5 Export ModuleiOS Export ModuleSWF Export Module
    DavidN's Avatar
    Join Date
    Jun 2006
    Location
    Boston, MA, USA
    Posts
    4,044
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A great explanation of SQL injection here: https://www.youtube.com/watch?v=_jKylhJtPmI

Similar Threads

  1. GET Object - Post data: special characters
    By Popcorn in forum Multimedia Fusion 2 - Technical Support
    Replies: 10
    Last Post: 6th June 2013, 12:03 AM
  2. GET Object, post data with forreign characters
    By Popcorn in forum Multimedia Fusion 2 - Technical Support
    Replies: 0
    Last Post: 9th October 2012, 12:52 PM
  3. Get Object POST example
    By Bruto in forum Extension Development
    Replies: 21
    Last Post: 7th October 2011, 07:50 AM
  4. Sending POST data with the Get object...
    By RGBreality in forum Multimedia Fusion 2 - Technical Support
    Replies: 8
    Last Post: 22nd December 2010, 10:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •