[ADMIN] access data in php
If I gather the sql results with this code
$results = pg_query($dbconn,$query);
I can check if there is no returned data with this code
$rows = pg_fetch_assoc($result);
but if I then use a while loop to display data (if there is data returned) with
this code
while ($row = pg_fetch_array($result)){ . . . }
I have to execute this code a second time before the while loop
$results = pg_query($dbconn,$query);
If I do not execute the $results line a second time the while loop does not
work properly.
Why is $results loosing its value when it hits the while loop?
Thanks
Marc
Re: [ADMIN] access data in php
On Fri, Jan 2, 2009 at 10:11 AM, Marc Fromm marc.fr...@wwu.edu wrote:
If I gather the sql results with this code
$results = pg_query($dbconn,$query);
I can check if there is no returned data with this code
$rows = pg_fetch_assoc($result);
but if I then use a while loop to display data (if there is data returned)
with this code
while ($row = pg_fetch_array($result)){ . . . }
I have to execute this code a second time before the while loop
$results = pg_query($dbconn,$query);
If I do not execute the $results line a second time the while loop does not
work properly.
Why is $results loosing its value when it hits the while loop?
It shouldn't be. Got a complete, short sample that does this?
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Re: [ADMIN] access data in php
On Fri, 2 Jan 2009, Marc Fromm wrote:
If I gather the sql results with this code
$results = pg_query($dbconn,$query);
I can check if there is no returned data with this code
$rows = pg_fetch_assoc($result);
but if I then use a while loop to display data (if there is data returned) with
this code
while ($row = pg_fetch_array($result)){ . . . }
I have to execute this code a second time before the while loop
$results = pg_query($dbconn,$query);
If I do not execute the $results line a second time the while loop does not
work properly.
Why is $results loosing its value when it hits the while loop?
Thanks
Marc
pg_fetch_assoc behave like pg_fetch_array: it increments the internal
pointer to the current result.
So if you call it once, then pg_fetch_array will return the 2nd result in
the result set.
You can either :
- use pg_fetch_assoc($result,0) whish shouldn't increment the internal
pointer (no sure though, check http://php.net/pg-fetch-assoc)
- seek back to the first result in the result set using pg-result-seek
(http://php.net/pg-result-seek)
- use pg_num_rows to get the number of rows in your result set.
Happy new year !
--
Guillaume (ioguix) de Rorthais
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Re: [ADMIN] access data in php
On Fri, Jan 2, 2009 at 11:09 AM, iog...@free.fr wrote: pg_fetch_assoc behave like pg_fetch_array: it increments the internal pointer to the current result. So if you call it once, then pg_fetch_array will return the 2nd result in the result set. Wow, I'm so used to seeing $rows = pg_num_rows() that that's what I saw up there. -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
Re: [ADMIN] access data in php
My results are missing the first record as you explained.
-Original Message-
From: iog...@free.fr [mailto:iog...@free.fr]
Sent: Friday, January 02, 2009 10:09 AM
To: Marc Fromm
Cc: pgsql-admin@postgresql.org
Subject: Re: [ADMIN] access data in php
On Fri, 2 Jan 2009, Marc Fromm wrote:
If I gather the sql results with this code $results =
pg_query($dbconn,$query);
I can check if there is no returned data with this code $rows =
pg_fetch_assoc($result);
but if I then use a while loop to display data (if there is data
returned) with this code while ($row = pg_fetch_array($result)){ . . .
}
I have to execute this code a second time before the while loop
$results = pg_query($dbconn,$query);
If I do not execute the $results line a second time the while loop does not
work properly.
Why is $results loosing its value when it hits the while loop?
Thanks
Marc
pg_fetch_assoc behave like pg_fetch_array: it increments the internal pointer
to the current result.
So if you call it once, then pg_fetch_array will return the 2nd result in the
result set.
You can either :
- use pg_fetch_assoc($result,0) whish shouldn't increment the internal pointer
(no sure though, check http://php.net/pg-fetch-assoc)
- seek back to the first result in the result set using pg-result-seek
(http://php.net/pg-result-seek)
- use pg_num_rows to get the number of rows in your result set.
Happy new year !
--
Guillaume (ioguix) de Rorthais
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Re: [ADMIN] access data in php
This is my code:
?php
$dbconn = pg_connect(host=localhost port=5432 user=postgres
dbname=studentalerts);
if(isset($_GET[value])){
$w_number=$_GET[value];
}
//echo $w_number;
$query = select first_name, last_name, alert from alert_list where
w_number='$w_number';
$result = pg_query($dbconn,$query);
if (!$result) {
echo Problem with query . $query . br/;
echo pg_last_error();
exit();
}
$rows = pg_fetch_assoc($result);
if (!$rows){
echo There are no alerts for $w_number!\n\n;
}else{
$result = pg_query($dbconn,$query);
$count=1;
while ($row = pg_fetch_array($result)){
echo Alert $count: ;
echo htmlspecialchars($row['first_name']) . ;
echo htmlspecialchars($row['last_name']);
echo \n;
echo htmlspecialchars($row['alert']);
echo \n\n;
$count++;
}
}
if ($w_number==){echo Enter a W number!\n\n;}
echo End of line;
pg_free_result($result);
pg_close($dbconn);
?
-Original Message-
From: Scott Marlowe [mailto:scott.marl...@gmail.com]
Sent: Friday, January 02, 2009 10:28 AM
To: iog...@free.fr
Cc: Marc Fromm; pgsql-admin@postgresql.org
Subject: Re: [ADMIN] access data in php
On Fri, Jan 2, 2009 at 11:09 AM, iog...@free.fr wrote:
pg_fetch_assoc behave like pg_fetch_array: it increments the internal
pointer to the current result.
So if you call it once, then pg_fetch_array will return the 2nd result
in the result set.
Wow, I'm so used to seeing
$rows = pg_num_rows() that that's what I saw up there.
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Re: [ADMIN] access data in php
Marc Fromm wrote:
This is my code:
?php
$dbconn = pg_connect(host=localhost port=5432 user=postgres
dbname=studentalerts);
if(isset($_GET[value])){
$w_number=$_GET[value];
}
//echo $w_number;
$query = select first_name, last_name, alert from alert_list where
w_number='$w_number';
You should probably be using code that looks like this:
$query = select first_name, last_name, alert from alert_list where w_number=' .
pg_escape_string($w_number) . '
Otherwise you're vulnerable to SQL Injection attacks.. For example, what
happens if w_number looks like this:
' UNION ALL select usename, passwd, '1' from pg_shadow where 'a'='a
Granted, your user might not have sufficient privileges to view *that*
information (of course, your app connects as postgres, so they probably would
have access to that data), but there are lots of other nifty things that an
attacker could gather to subvert your system. One might be:
' UNION ALL select ccnumber, cid, addr1 from creditcards where 'a'='a
$result = pg_query($dbconn,$query);
if (!$result) {
echo Problem with query . $query . br/;
echo pg_last_error();
exit();
}
$rows = pg_fetch_assoc($result);
This line ( $rows=pg_fetch_assoc($result);) should be:
$rows = pg_num_rows($result)
You just want to check that there were results, right?
Every time you call pg_fetch_assoc($result) the result set is advanced
to the next row of results, so you shouldn't use this unless you want to
actually process a row of results...
Generally speaking, you might have an easier time of interfacing with
the database if you use an abstraction layer like ADODB
(http://adodb.sf.net)
--
Chander Ganesan
Open Technology Group, Inc.
One Copley Parkway, Suite 210
Morrisville, NC 27560
919-463-0999/877-258-8987
http://www.otg-nc.com
Ask me about Expert PostgreSQL, PHP, Python, and other Open Source training!
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Re: [ADMIN] access data in php
On Fri, Jan 2, 2009 at 12:40 PM, Marc Fromm marc.fr...@wwu.edu wrote:
This is my code:
?php
$dbconn = pg_connect(host=localhost port=5432 user=postgres
dbname=studentalerts);
if(isset($_GET[value])){
$w_number=$_GET[value];
}
You need to scrub user input. use pg_escape_string($_GET['value'])
//echo $w_number;
$query = select first_name, last_name, alert from alert_list where
w_number='$w_number';
$result = pg_query($dbconn,$query);
if (!$result) {
echo Problem with query . $query . br/;
echo pg_last_error();
exit();
}
$rows = pg_fetch_assoc($result);
Change this to
$rows = pg_num_rows($result);
if ($rows==0){
echo There are no alerts for $w_number!\n\n;
}else{
$result = pg_query($dbconn,$query);
$count=1;
while ($row = pg_fetch_array($result)){
echo Alert $count: ;
echo htmlspecialchars($row['first_name']) . ;
echo htmlspecialchars($row['last_name']);
echo \n;
echo htmlspecialchars($row['alert']);
echo \n\n;
$count++;
}
}
if ($w_number==){echo Enter a W number!\n\n;}
echo End of line;
pg_free_result($result);
pg_close($dbconn);
?
-Original Message-
From: Scott Marlowe [mailto:scott.marl...@gmail.com]
Sent: Friday, January 02, 2009 10:28 AM
To: iog...@free.fr
Cc: Marc Fromm; pgsql-admin@postgresql.org
Subject: Re: [ADMIN] access data in php
On Fri, Jan 2, 2009 at 11:09 AM, iog...@free.fr wrote:
pg_fetch_assoc behave like pg_fetch_array: it increments the internal
pointer to the current result.
So if you call it once, then pg_fetch_array will return the 2nd result
in the result set.
Wow, I'm so used to seeing
$rows = pg_num_rows() that that's what I saw up there.
--
When fascism comes to America, it will be draped in a flag and
carrying a cross - Sinclair Lewis
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
