[PHP-DB] PHP Beginners Help
Hello, my name is Ben Stones. I am quite a beginner to PHP, and as a new
years resolution I am going to learn PHP (finally!)
Cut to the chase I have created a basic looping script that would display
anything submitted in a form, on seperate lines; here is the PHP code:
$con = mysql_connect(localhost,ben_test,--removed-) or
die(con);
$db = mysql_select_db(ben_test) or die(db);
mysql_query(CREATE TABLE `comments` (messages varchar(255)));
$comments = $_POST['comment'];
$sql1 = mysql_query(INSERT INTO `comments` (`messages`) VALUES
($comments));
$mysql_query_one = mysql_query(SELECT * FROM `comments`);
while($rows=mysql_fetch_array($mysql_query_one)) {
echo $rows['messages'] . [br /];
}
Everything went swell for the first half, and after I truncated the test
messages (or everything in the column, if you like), I tried doing one more
test run and upon clicking 'Submit', nothing would display except the
messages I added via phpMyAdmin.
Hope someone could help me.
PS: The password has been edited out of the preceding code as well as the
HTML code purposely for the mailing list.
RE: [PHP-DB] PHP Beginners Help
Hi ben,
You are creating the same table each time you run the code which would throw an
error the second time you run the code since the table is already there.
You have two choices here:
1. remove the table creation script and the call to create it since the table
only needs to be created once.
2. handle the errors that can happen on running a query. ex.
$mysql_query_one = mysql_query(SELECT * FROM `comments`) or
die(mysql_error());
bastien Date: Thu, 3 Jan 2008 02:57:00 + From: [EMAIL PROTECTED] To:
php-db@lists.php.net Subject: [PHP-DB] PHP Beginners Help Hello, my name is
Ben Stones. I am quite a beginner to PHP, and as a new years resolution I am
going to learn PHP (finally!) Cut to the chase I have created a basic
looping script that would display anything submitted in a form, on seperate
lines; here is the PHP code: $con =
mysql_connect(localhost,ben_test,--removed-) or die(con); $db
= mysql_select_db(ben_test) or die(db); mysql_query(CREATE TABLE
`comments` (messages varchar(255))); $comments = $_POST['comment']; $sql1 =
mysql_query(INSERT INTO `comments` (`messages`) VALUES ($comments));
$mysql_query_one = mysql_query(SELECT * FROM `comments`);
while($rows=mysql_fetch_array($mysql_query_one)) { echo $rows['messages'] .
[br /]; } Everything went swell for the first half, and after I truncated
the test messages (or everything in the column, if you like), I tried doing
one more test run and upon clicking 'Submit', nothing would display except
the messages I added via phpMyAdmin. Hope someone could help me. PS: The
password has been edited out of the preceding code as well as the HTML code
purposely for the mailing list.
_
Introducing the City @ Live! Take a tour!
http://getyourliveid.ca/?icid=LIVEIDENCA006
Re: [PHP-DB] PHP Beginners Help
Ben:
First, using a $_POST value directly into a MySQL query is EXTREMELY
unsafe. Always filter data from any source to make sure it's what you
expect. SQL injection is one of the easiest ways to cause real damage
to a website. http://en.wikipedia.org/wiki/SQL_injection
Check out this fuction for making the string safe:
http://us2.php.net/manual/en/function.mysql-real-escape-string.php
Also, try and strip out any characters that don't belong in the string
anyway, just as added security.
Good luck learning PHP.
--Another person who happens to be named Ben
I've also put a few edits in the code.
On Jan 2, 2008 9:57 PM, Ben Stones [EMAIL PROTECTED] wrote:
Hello, my name is Ben Stones. I am quite a beginner to PHP, and as a new
years resolution I am going to learn PHP (finally!)
Cut to the chase I have created a basic looping script that would display
anything submitted in a form, on seperate lines; here is the PHP code:
$con = mysql_connect(localhost,ben_test,--removed-) or
die(con);
$db = mysql_select_db(ben_test) or die(db);
mysql_query(CREATE TABLE `comments` (messages varchar(255)));
$comments = $_POST['comment'];
$sql1 = mysql_query(INSERT INTO `comments` (`messages`) VALUES
($comments));
$mysql_query_one = mysql_query(SELECT * FROM `comments`);
while($rows=mysql_fetch_array($mysql_query_one)) {
echo $rows['messages'] . [br /];
}
Everything went swell for the first half, and after I truncated the test
messages (or everything in the column, if you like), I tried doing one more
test run and upon clicking 'Submit', nothing would display except the
messages I added via phpMyAdmin.
Hope someone could help me.
PS: The password has been edited out of the preceding code as well as the
HTML code purposely for the mailing list.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] PHP Beginners Help
Thanks all for your replies. Much appreciated. I have edited the code and
took points into account:
$con = mysql_connect(localhost,ben_test,removed) or die(con);
$db = mysql_select_db(ben_test) or die(db);
$sql1 = mysql_query(INSERT INTO `comments` (`messages`) VALUES
($comments)) or die(insert);
$mysql_query_one = mysql_query(SELECT * FROM `comments`);
while($rows=mysql_fetch_array($mysql_query_one)) {
echo $rows['messages'] . [br /];
Okay, the browser outputted insert so it has to be something to do with
the insert sql syntax I have added. Not sure if its over-riding the same
content added as before or something.
Any help once again is appreciated.
Thank you,
Ben Stones.
On Jan 3, 2008 3:16 AM, Benjamin Darwin [EMAIL PROTECTED] wrote:
Ben:
First, using a $_POST value directly into a MySQL query is EXTREMELY
unsafe. Always filter data from any source to make sure it's what you
expect. SQL injection is one of the easiest ways to cause real damage
to a website. http://en.wikipedia.org/wiki/SQL_injection
Check out this fuction for making the string safe:
http://us2.php.net/manual/en/function.mysql-real-escape-string.php
Also, try and strip out any characters that don't belong in the string
anyway, just as added security.
Good luck learning PHP.
--Another person who happens to be named Ben
I've also put a few edits in the code.
On Jan 2, 2008 9:57 PM, Ben Stones [EMAIL PROTECTED] wrote:
Hello, my name is Ben Stones. I am quite a beginner to PHP, and as a new
years resolution I am going to learn PHP (finally!)
Cut to the chase I have created a basic looping script that would
display
anything submitted in a form, on seperate lines; here is the PHP code:
$con = mysql_connect(localhost,ben_test,--removed-) or
die(con);
$db = mysql_select_db(ben_test) or die(db);
mysql_query(CREATE TABLE `comments` (messages varchar(255)));
$comments = $_POST['comment'];
$sql1 = mysql_query(INSERT INTO `comments` (`messages`) VALUES
($comments));
$mysql_query_one = mysql_query(SELECT * FROM `comments`);
while($rows=mysql_fetch_array($mysql_query_one)) {
echo $rows['messages'] . [br /];
}
Everything went swell for the first half, and after I truncated the test
messages (or everything in the column, if you like), I tried doing one
more
test run and upon clicking 'Submit', nothing would display except the
messages I added via phpMyAdmin.
Hope someone could help me.
PS: The password has been edited out of the preceding code as well as
the
HTML code purposely for the mailing list.
Re: [PHP-DB] PHP Beginners Help
Ben Stones wrote:
Thanks all for your replies. Much appreciated. I have edited the code and
took points into account:
$con = mysql_connect(localhost,ben_test,removed) or die(con);
$db = mysql_select_db(ben_test) or die(db);
$sql1 = mysql_query(INSERT INTO `comments` (`messages`) VALUES
($comments)) or die(insert);
$mysql_query_one = mysql_query(SELECT * FROM `comments`);
while($rows=mysql_fetch_array($mysql_query_one)) {
echo $rows['messages'] . [br /];
Okay, the browser outputted insert so it has to be something to do with
the insert sql syntax I have added. Not sure if its over-riding the same
content added as before or something.
It's dieing when you try to insert, probably because of quotes. As the
other Ben mentioned you need to escape the data.
Try:
$query = INSERT INTO comments(messages) VALUES (' .
mysql_real_escape_string($_POST['comments']) . ');
$insert_result = mysql_query($query);
if (!$insert_result) {
echo Error with insert: , mysql_error(), br/\n;
echo Query I tried to run:br/\n, $query, br/\n;
exit;
}
that way mysql will show you the error that occurred when you tried to
run the insert, and also you are escaping the comment you typed in so
things like quotes will be handled properly.
When you print the data out, you should use htmlspecialchars so if
someone enters javascript or any other 'bad' data it won't get printed
or executed.
For example:
$query = SELECT * FROM comments;
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)) {
echo Comment was: , htmlspecialchars($row['messages'], ENT_QUOTES),
br/\n;
}
There's some good info available here about this sort of stuff:
http://phpsec.org/projects/guide/
If something doesn't make sense, send us another email :)
--
Postgresql php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Sum function for multiple recordsets?
[EMAIL PROTECTED] wrote: I'm getting a health insurance quote engine going... http://www.insuranceshoppers.net/getquotes/short-term-health.php ... it sends me an email with the info, and enters the info into a leads table in mysql. Then I want to have it show the rates (on a new page using $_GET) from a table I have setup with the rates of multiple companies. Since the rates are based on age and gender and it could be 1 or 2 people plus the possibility of adding children (the total rate is just the sum of each persons individual rate), I've been working on making a recordset for the primary applicant, the spouse, and children and telling it to add them together. (that seems like the easiest way, but I'm a newbie) My question: is there a php function or a way I can create the 3 recordsets in Dreamweaver and tell it to just add them up and display the results in a repeat region? And is this even the best way to approach it? You could probably get the database to do this directly but without knowing what you're storing and what you have in the first place it's hard to tell. select sum(rates) as totalrate from table where rateid in (1,2,3); http://dev.mysql.com/doc/refman/4.1/en/group-by-functions.html#function_sum -- Postgresql php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Querying Displaying a pricing table
Ron Piggott wrote:
I am trying to query my rate_plan table and then display the results in
a table format. I need help developing then SELECT syntax and how I am
able to echo the results in a table. I want to display the results 7
columns, 4 rows. There are 7 tenures:
I have rate plans set up for:
1 week (term =1; unit =1)
2 weeks (term =2; unit =2)
3 weeks (term =3; unit =2)
1 month (term =1; unit =3)
6 weeks (term =6; unit =1)
2 months (term =2; unit =4)
3 months (term =3; unit =4)
I have advertising rate plans (type field) 1 to 4 stored in the table
and the available and expires date of each plan.
The field unit is meant to express:
1 for Week
2 for Weeks
3 for Month
4 for Months
The table structure for rate_plan is:
reference int(3) auto_increment
name varchar(50)
type int(1)
term int(5)
unit int(1)
rate decimal(4,2)
available date
expires date
The rate field is the dollar value for the rate plan.
table
?php
$query = select * from rates;
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)) {
switch ($row['unit']) {
case '1':
$units = ' Week';
break;
case '2':
$units = ' Weeks';
break;
// etc
}
echo 'trtd', $row['term'], $units, '/td/tr';
}
?
/table
Should be enough to get you started.
--
Postgresql php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
