Re: [PHP-DB] using query_strings in sql
I may be misunderstanding you, but your first statement about pulling from a query string is throwing me. ?php echo $section; ? will only display the value of $section on the screen. You will need to build a form to get a value into $section. form action=soemthing.php input type=text name=section /form something.php: ?php echo This is what was submitted in the form: .$section; ? Now you can do your query: $selection = mysql_query(SELECT * FROM classes WHERE classCategory = '$section' ) you'll notice I pulled the other variables out since you had not defined them yet, like your ordering variables. Otherwise the SQL would end with ORDER which will cause an error.. -Micah On Wed January 21 2004 10:41 am, mayo wrote: I'm a cold fusion refugee and am having incredible problems with something that I think is relatively easy -- so I must be missing something basic. I would like to pull info from a query string and use it inside a database call. I can pull the query string into a general variable: ?php echo $section; ? now I would like to use it in a SQL statement, or in if/else clauses to modifiy results from queries. examples below: USE query_string in SQL : ?php function whatever(){ $username = ; ... // setting the default variables if(!isset($category)){$category=Something;} if(!isset($section)){$section=SomethingElse;} [EMAIL PROTECTED]($hostname,$username,$password); mysql_select_db($database); $selection = mysql_query( SELECT * FROM classes WHERE classCategory = '$category' ORDER BY $reorder $order ) ... ? The PHP SQL call below work nicely: while ($row = mysql_fetch_array($selection)){ echo $row[sectionName]; } now I would like to do an if/else to modifiy it: while ($row = mysql_fetch_array($selection)){ if (section == $sectionName){ echo b . $row[sectionName] . /b; }else{ echo $row[sectionName]; } Nothing is working. I must be missing something basic over here. thx, Gil -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
I have a table displaying data. The column headers are links that allow the users to order the content in ASC or DESC. basic version is: a href=somefile.php?order=ASCTitle/a a closer to reality version is (or would be if it worked) a href=somefile.php?order= if ($order == ASC){ echo DESC; }else{ echo ASC; } (Actually that would be a switch/case :-) ) The sql call is $selection = mysql_query( SELECT * FROM classes ORDER BY title $order ) And since there is no query string when someone lands on the page there needs to be a default value set: // setting the default variables if(!isset($order)){$order=ASC;} Unfortunately its not working :( thx, gil -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 1:59 PM To: [EMAIL PROTECTED] Cc: mayo Subject: Re: [PHP-DB] using query_strings in sql I may be misunderstanding you, but your first statement about pulling from a query string is throwing me. ?php echo $section; ? will only display the value of $section on the screen. You will need to build a form to get a value into $section. form action=soemthing.php input type=text name=section /form something.php: ?php echo This is what was submitted in the form: .$section; ? Now you can do your query: $selection = mysql_query(SELECT * FROM classes WHERE classCategory = '$section' ) you'll notice I pulled the other variables out since you had not defined them yet, like your ordering variables. Otherwise the SQL would end with ORDER which will cause an error.. -Micah On Wed January 21 2004 10:41 am, mayo wrote: I'm a cold fusion refugee and am having incredible problems with something that I think is relatively easy -- so I must be missing something basic. I would like to pull info from a query string and use it inside a database call. I can pull the query string into a general variable: ?php echo $section; ? now I would like to use it in a SQL statement, or in if/else clauses to modifiy results from queries. examples below: USE query_string in SQL : ?php function whatever(){ $username = ; ... // setting the default variables if(!isset($category)){$category=Something;} if(!isset($section)){$section=SomethingElse;} [EMAIL PROTECTED]($hostname,$username,$password); mysql_select_db($database); $selection = mysql_query( SELECT * FROM classes WHERE classCategory = '$category' ORDER BY $reorder $order ) ... ? The PHP SQL call below work nicely: while ($row = mysql_fetch_array($selection)){ echo $row[sectionName]; } now I would like to do an if/else to modifiy it: while ($row = mysql_fetch_array($selection)){ if (section == $sectionName){ echo b . $row[sectionName] . /b; }else{ echo $row[sectionName]; } Nothing is working. I must be missing something basic over here. thx, Gil -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] using query_strings in sql
What error is it giving you? What's not happening? Saying 'It doesn't work' doesn't help much especially when you don't give all the code. -Micah On Wed January 21 2004 11:10 am, mayo wrote: I have a table displaying data. The column headers are links that allow the users to order the content in ASC or DESC. basic version is: a href=somefile.php?order=ASCTitle/a a closer to reality version is (or would be if it worked) a href=somefile.php?order= if ($order == ASC){ echo DESC; }else{ echo ASC; } (Actually that would be a switch/case :-) ) The sql call is $selection = mysql_query( SELECT * FROM classes ORDER BY title $order ) And since there is no query string when someone lands on the page there needs to be a default value set: // setting the default variables if(!isset($order)){$order=ASC;} Unfortunately its not working :( thx, gil -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 1:59 PM To: [EMAIL PROTECTED] Cc: mayo Subject: Re: [PHP-DB] using query_strings in sql I may be misunderstanding you, but your first statement about pulling from a query string is throwing me. ?php echo $section; ? will only display the value of $section on the screen. You will need to build a form to get a value into $section. form action=soemthing.php input type=text name=section /form something.php: ?php echo This is what was submitted in the form: .$section; ? Now you can do your query: $selection = mysql_query(SELECT * FROM classes WHERE classCategory = '$section' ) you'll notice I pulled the other variables out since you had not defined them yet, like your ordering variables. Otherwise the SQL would end with ORDER which will cause an error.. -Micah On Wed January 21 2004 10:41 am, mayo wrote: I'm a cold fusion refugee and am having incredible problems with something that I think is relatively easy -- so I must be missing something basic. I would like to pull info from a query string and use it inside a database call. I can pull the query string into a general variable: ?php echo $section; ? now I would like to use it in a SQL statement, or in if/else clauses to modifiy results from queries. examples below: USE query_string in SQL : ?php function whatever(){ $username = ; ... // setting the default variables if(!isset($category)){$category=Something;} if(!isset($section)){$section=SomethingElse;} [EMAIL PROTECTED]($hostname,$username,$password); mysql_select_db($database); $selection = mysql_query( SELECT * FROM classes WHERE classCategory = '$category' ORDER BY $reorder $order ) ... ? The PHP SQL call below work nicely: while ($row = mysql_fetch_array($selection)){ echo $row[sectionName]; } now I would like to do an if/else to modifiy it: while ($row = mysql_fetch_array($selection)){ if (section == $sectionName){ echo b . $row[sectionName] . /b; }else{ echo $row[sectionName]; } Nothing is working. I must be missing something basic over here. thx, Gil -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] using query_strings in sql
Looking at that. You are combining html and php without distinguishing between the two. I am assuming you are in php mode because html wouldn't give you errors. try this: echo a href='somefile.php?order=; if ($order == ASC){ echo DESC; }else{ echo ASC; } echo '; - Original Message - From: mayo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 1:10 PM Subject: RE: [PHP-DB] using query_strings in sql I have a table displaying data. The column headers are links that allow the users to order the content in ASC or DESC. basic version is: a href=somefile.php?order=ASCTitle/a a closer to reality version is (or would be if it worked) a href=somefile.php?order= if ($order == ASC){ echo DESC; }else{ echo ASC; } (Actually that would be a switch/case :-) ) The sql call is $selection = mysql_query( SELECT * FROM classes ORDER BY title $order ) And since there is no query string when someone lands on the page there needs to be a default value set: // setting the default variables if(!isset($order)){$order=ASC;} Unfortunately its not working :( thx, gil -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 1:59 PM To: [EMAIL PROTECTED] Cc: mayo Subject: Re: [PHP-DB] using query_strings in sql I may be misunderstanding you, but your first statement about pulling from a query string is throwing me. ?php echo $section; ? will only display the value of $section on the screen. You will need to build a form to get a value into $section. form action=soemthing.php input type=text name=section /form something.php: ?php echo This is what was submitted in the form: .$section; ? Now you can do your query: $selection = mysql_query(SELECT * FROM classes WHERE classCategory = '$section' ) you'll notice I pulled the other variables out since you had not defined them yet, like your ordering variables. Otherwise the SQL would end with ORDER which will cause an error.. -Micah On Wed January 21 2004 10:41 am, mayo wrote: I'm a cold fusion refugee and am having incredible problems with something that I think is relatively easy -- so I must be missing something basic. I would like to pull info from a query string and use it inside a database call. I can pull the query string into a general variable: ?php echo $section; ? now I would like to use it in a SQL statement, or in if/else clauses to modifiy results from queries. examples below: USE query_string in SQL : ?php function whatever(){ $username = ; ... // setting the default variables if(!isset($category)){$category=Something;} if(!isset($section)){$section=SomethingElse;} [EMAIL PROTECTED]($hostname,$username,$password); mysql_select_db($database); $selection = mysql_query( SELECT * FROM classes WHERE classCategory = '$category' ORDER BY $reorder $order ) ... ? The PHP SQL call below work nicely: while ($row = mysql_fetch_array($selection)){ echo $row[sectionName]; } now I would like to do an if/else to modifiy it: while ($row = mysql_fetch_array($selection)){ if (section == $sectionName){ echo b . $row[sectionName] . /b; }else{ echo $row[sectionName]; } Nothing is working. I must be missing something basic over here. thx, Gil -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
my bad: I typed in the script and forgot the echo. -- gil -Original Message- From: Rick Dahl [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 2:28 PM To: mayo; [EMAIL PROTECTED] Subject: Re: [PHP-DB] using query_strings in sql Looking at that. You are combining html and php without distinguishing between the two. I am assuming you are in php mode because html wouldn't give you errors. try this: echo a href='somefile.php?order=; if ($order == ASC){ echo DESC; }else{ echo ASC; } echo '; - Original Message - From: mayo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 1:10 PM Subject: RE: [PHP-DB] using query_strings in sql I have a table displaying data. The column headers are links that allow the users to order the content in ASC or DESC. basic version is: a href=somefile.php?order=ASCTitle/a a closer to reality version is (or would be if it worked) a href=somefile.php?order= if ($order == ASC){ echo DESC; }else{ echo ASC; } (Actually that would be a switch/case :-) ) The sql call is $selection = mysql_query( SELECT * FROM classes ORDER BY title $order ) And since there is no query string when someone lands on the page there needs to be a default value set: // setting the default variables if(!isset($order)){$order=ASC;} Unfortunately its not working :( thx, gil -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 1:59 PM To: [EMAIL PROTECTED] Cc: mayo Subject: Re: [PHP-DB] using query_strings in sql I may be misunderstanding you, but your first statement about pulling from a query string is throwing me. ?php echo $section; ? will only display the value of $section on the screen. You will need to build a form to get a value into $section. form action=soemthing.php input type=text name=section /form something.php: ?php echo This is what was submitted in the form: .$section; ? Now you can do your query: $selection = mysql_query(SELECT * FROM classes WHERE classCategory = '$section' ) you'll notice I pulled the other variables out since you had not defined them yet, like your ordering variables. Otherwise the SQL would end with ORDER which will cause an error.. -Micah On Wed January 21 2004 10:41 am, mayo wrote: I'm a cold fusion refugee and am having incredible problems with something that I think is relatively easy -- so I must be missing something basic. I would like to pull info from a query string and use it inside a database call. I can pull the query string into a general variable: ?php echo $section; ? now I would like to use it in a SQL statement, or in if/else clauses to modifiy results from queries. examples below: USE query_string in SQL : ?php function whatever(){ $username = ; ... // setting the default variables if(!isset($category)){$category=Something;} if(!isset($section)){$section=SomethingElse;} [EMAIL PROTECTED]($hostname,$username,$password); mysql_select_db($database); $selection = mysql_query( SELECT * FROM classes WHERE classCategory = '$category' ORDER BY $reorder $order ) ... ? The PHP SQL call below work nicely: while ($row = mysql_fetch_array($selection)){ echo $row[sectionName]; } now I would like to do an if/else to modifiy it: while ($row = mysql_fetch_array($selection)){ if (section == $sectionName){ echo b . $row[sectionName] . /b; }else{ echo $row[sectionName]; } Nothing is working. I must be missing something basic over here. thx, Gil -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
] . /td\n; echo /tr; } echo /table; } $title = XXX: Administration: List Classes; ? html head title?php $title ?/title link href=admin.css type=text/css rel=stylesheet style .hide { background-color: #CC; } /style /head body div id=left/div div id=nav?php include (nav.php); ?/div div id=bodyTitleXXX: Administration Screen: Class Management/div div id=body style=width:?php if ($section == All){echo 650;}else{echo 550;}?px; class=box brbrbr ?php if(isset($_SERVER['QUERY_STRING'])) { print $_SERVER['QUERY_STRING']; if(isset($reorder)){print br . $reorder;}else{$section=dkdkdk;} }else{ print too bad; } ? ul h1 style=width:400px; font-size:14px;?php print $category $section ?/h1 ?php getClasses(); ? /ul /div nbsp; /body /html -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 2:26 PM To: [EMAIL PROTECTED] Cc: mayo Subject: Re: [PHP-DB] using query_strings in sql What error is it giving you? What's not happening? Saying 'It doesn't work' doesn't help much especially when you don't give all the code. -Micah On Wed January 21 2004 11:10 am, mayo wrote: I have a table displaying data. The column headers are links that allow the users to order the content in ASC or DESC. basic version is: a href=somefile.php?order=ASCTitle/a a closer to reality version is (or would be if it worked) a href=somefile.php?order= if ($order == ASC){ echo DESC; }else{ echo ASC; } (Actually that would be a switch/case :-) ) The sql call is $selection = mysql_query( SELECT * FROM classes ORDER BY title $order ) And since there is no query string when someone lands on the page there needs to be a default value set: // setting the default variables if(!isset($order)){$order=ASC;} Unfortunately its not working :( thx, gil -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 1:59 PM To: [EMAIL PROTECTED] Cc: mayo Subject: Re: [PHP-DB] using query_strings in sql I may be misunderstanding you, but your first statement about pulling from a query string is throwing me. ?php echo $section; ? will only display the value of $section on the screen. You will need to build a form to get a value into $section. form action=soemthing.php input type=text name=section /form something.php: ?php echo This is what was submitted in the form: .$section; ? Now you can do your query: $selection = mysql_query(SELECT * FROM classes WHERE classCategory = '$section' ) you'll notice I pulled the other variables out since you had not defined them yet, like your ordering variables. Otherwise the SQL would end with ORDER which will cause an error.. -Micah On Wed January 21 2004 10:41 am, mayo wrote: I'm a cold fusion refugee and am having incredible problems with something that I think is relatively easy -- so I must be missing something basic. I would like to pull info from a query string and use it inside a database call. I can pull the query string into a general variable: ?php echo $section; ? now I would like to use it in a SQL statement, or in if/else clauses to modifiy results from queries. examples below: USE query_string in SQL : ?php function whatever(){ $username = ; ... // setting the default variables if(!isset($category)){$category=Something;} if(!isset($section)){$section=SomethingElse;} [EMAIL PROTECTED]($hostname,$username,$password); mysql_select_db($database); $selection = mysql_query( SELECT * FROM classes WHERE classCategory = '$category' ORDER BY $reorder $order ) ... ? The PHP SQL call below work nicely: while ($row
Re: [PHP-DB] using query_strings in sql
Here goes: 1) That should work fine. Be sure and enclose the SQL in double quotes or the variable will not get translated into its value. 2) That's fine too, nothing wrong there. 3) this is wrong, but it looks like you just ommited the SQL statement. Be sure and use the or die statement as it will forward any SQL errors to the screen. $selection = mysql_query(SELECT * FROM whatever WHERE someField = '$queryString_variable') or die(mysql_error()); while ($row = mysql_fetch_array($selection)){ if (query_variable is X){ echo $row[classID]; }else{ echo b . $row[classID] . /b; } There isn't anything obviously wrong with the code, it should be doing something, at least printing out the html heading information. Try looking at the page source for errors as well. Change the query to include the or die(mysql_error()); code because the script might be dying with a SQL error and you just aren't seeing it printed out. -Micah On Wed January 21 2004 11:49 am, mayo wrote: good point Micah !! :-) I don't get an error msg. Nothing happens. included is the file Below are the three issues I have with query_strings and sql. The formatting is of the .php page is awful. I'm not certain it's legible. 1. Main issue -- be able to use a query_string variable in a sql statement SELECT * FROM whatever WHERE someField = '$queryString_variable' 2. Be able to set defaults in case variable doesn't exist. if(!isset($category)){$category=Shop;} 3. be able to modify results from a sql query with a query_string variable $selection = mysql_query( while ($row = mysql_fetch_array($selection)){ if (query_variable is X){ echo $row[classID]; }else{ echo b . $row[classID] . /b; } thanks all, this is driving me crazy. My bad for taking this project. Easy for me in Cold Fusion, driving me nuts in PHP. ?php function getClasses(){ $username=; $password=; $database=XXX; $hostname=localhost; global $category; global $Section; global $reorder; global $order; global $location; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
oops. I guess I was too loose with my words --- something does happen, just not what I want! :-) The page displays. The sql works, the or die doesn't return anything. I'm able to change the sql by changing the default values. WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the default variables. so query_string = ?class=Xsection=Yorder=ASC I can't input these variables : $class,$section,$order into the SQL statement SELECT * FROM classes WHERE section=$section ORDER BY $class $order -- gil thx for all your patience -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] using query_strings in sql Here goes: 1) That should work fine. Be sure and enclose the SQL in double quotes or the variable will not get translated into its value. 2) That's fine too, nothing wrong there. 3) this is wrong, but it looks like you just ommited the SQL statement. Be sure and use the or die statement as it will forward any SQL errors to the screen. $selection = mysql_query(SELECT * FROM whatever WHERE someField = '$queryString_variable') or die(mysql_error()); while ($row = mysql_fetch_array($selection)){ if (query_variable is X){ echo $row[classID]; }else{ echo b . $row[classID] . /b; } There isn't anything obviously wrong with the code, it should be doing something, at least printing out the html heading information. Try looking at the page source for errors as well. Change the query to include the or die(mysql_error()); code because the script might be dying with a SQL error and you just aren't seeing it printed out. -Micah On Wed January 21 2004 11:49 am, mayo wrote: good point Micah !! :-) I don't get an error msg. Nothing happens. included is the file Below are the three issues I have with query_strings and sql. The formatting is of the .php page is awful. I'm not certain it's legible. 1. Main issue -- be able to use a query_string variable in a sql statement SELECT * FROM whatever WHERE someField = '$queryString_variable' 2. Be able to set defaults in case variable doesn't exist. if(!isset($category)){$category=Shop;} 3. be able to modify results from a sql query with a query_string variable $selection = mysql_query( while ($row = mysql_fetch_array($selection)){ if (query_variable is X){ echo $row[classID]; }else{ echo b . $row[classID] . /b; } thanks all, this is driving me crazy. My bad for taking this project. Easy for me in Cold Fusion, driving me nuts in PHP. ?php function getClasses(){ $username=; $password=; $database=XXX; $hostname=localhost; global $category; global $Section; global $reorder; global $order; global $location; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
snip WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the default variables. so query_string = ?class=Xsection=Yorder=ASC I can't input these variables : $class,$section,$order into the SQL statement SELECT * FROM classes WHERE section=$section ORDER BY $class $order /snip I am getting in really late in this disussion so I apologize if I am off base here but if you have register_globals off $section, $class, and $order wont get set. try this: $section = $_GET['section']; $class = $_GET['class']; $order = $_GET['order']; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] using query_strings in sql
You may have register Globals turned off in php.ini. Try adding: extract($_GET) in the code before the function gets called. That's not a very secure method, but it will prove whether or not that's the problem. -Micah On Wed January 21 2004 12:43 pm, mayo wrote: oops. I guess I was too loose with my words --- something does happen, just not what I want! :-) The page displays. The sql works, the or die doesn't return anything. I'm able to change the sql by changing the default values. WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the default variables. so query_string = ?class=Xsection=Yorder=ASC I can't input these variables : $class,$section,$order into the SQL statement SELECT * FROM classes WHERE section=$section ORDER BY $class $order -- gil thx for all your patience -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] using query_strings in sql Here goes: 1) That should work fine. Be sure and enclose the SQL in double quotes or the variable will not get translated into its value. 2) That's fine too, nothing wrong there. 3) this is wrong, but it looks like you just ommited the SQL statement. Be sure and use the or die statement as it will forward any SQL errors to the screen. $selection = mysql_query(SELECT * FROM whatever WHERE someField = '$queryString_variable') or die(mysql_error()); while ($row = mysql_fetch_array($selection)){ if (query_variable is X){ echo $row[classID]; }else{ echo b . $row[classID] . /b; } There isn't anything obviously wrong with the code, it should be doing something, at least printing out the html heading information. Try looking at the page source for errors as well. Change the query to include the or die(mysql_error()); code because the script might be dying with a SQL error and you just aren't seeing it printed out. -Micah On Wed January 21 2004 11:49 am, mayo wrote: good point Micah !! :-) I don't get an error msg. Nothing happens. included is the file Below are the three issues I have with query_strings and sql. The formatting is of the .php page is awful. I'm not certain it's legible. 1. Main issue -- be able to use a query_string variable in a sql statement SELECT * FROM whatever WHERE someField = '$queryString_variable' 2. Be able to set defaults in case variable doesn't exist. if(!isset($category)){$category=Shop;} 3. be able to modify results from a sql query with a query_string variable $selection = mysql_query( while ($row = mysql_fetch_array($selection)){ if (query_variable is X){ echo $row[classID]; }else{ echo b . $row[classID] . /b; } thanks all, this is driving me crazy. My bad for taking this project. Easy for me in Cold Fusion, driving me nuts in PHP. ?php function getClasses(){ $username=; $password=; $database=XXX; $hostname=localhost; global $category; global $Section; global $reorder; global $order; global $location; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
brother that was it at least as far as putting a query_string variable into a sql statement. thx I'll have to see how it works regarding if-else clauses -gil -Original Message- From: Matt Matijevich [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 3:53 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP-DB] using query_strings in sql snip WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the default variables. so query_string = ?class=Xsection=Yorder=ASC I can't input these variables : $class,$section,$order into the SQL statement SELECT * FROM classes WHERE section=$section ORDER BY $class $order /snip I am getting in really late in this disussion so I apologize if I am off base here but if you have register_globals off $section, $class, and $order wont get set. try this: $section = $_GET['section']; $class = $_GET['class']; $order = $_GET['order']; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
it works thx Micah (and Matt) I have no knowledge (YET) of how to prevent sql injection attacks with php. For this project I'm not too concerned as it is in a password protected area and only 2 or 3 people have access to it. I hope this works with the rest of the issues... :-) -- gil -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 4:01 PM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] using query_strings in sql You may have register Globals turned off in php.ini. Try adding: extract($_GET) in the code before the function gets called. That's not a very secure method, but it will prove whether or not that's the problem. -Micah On Wed January 21 2004 12:43 pm, mayo wrote: oops. I guess I was too loose with my words --- something does happen, just not what I want! :-) The page displays. The sql works, the or die doesn't return anything. I'm able to change the sql by changing the default values. WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the default variables. so query_string = ?class=Xsection=Yorder=ASC I can't input these variables : $class,$section,$order into the SQL statement SELECT * FROM classes WHERE section=$section ORDER BY $class $order -- gil thx for all your patience -Original Message- From: Micah Stevens [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: Re: [PHP-DB] using query_strings in sql Here goes: 1) That should work fine. Be sure and enclose the SQL in double quotes or the variable will not get translated into its value. 2) That's fine too, nothing wrong there. 3) this is wrong, but it looks like you just ommited the SQL statement. Be sure and use the or die statement as it will forward any SQL errors to the screen. $selection = mysql_query(SELECT * FROM whatever WHERE someField = '$queryString_variable') or die(mysql_error()); while ($row = mysql_fetch_array($selection)){ if (query_variable is X){ echo $row[classID]; }else{ echo b . $row[classID] . /b; } There isn't anything obviously wrong with the code, it should be doing something, at least printing out the html heading information. Try looking at the page source for errors as well. Change the query to include the or die(mysql_error()); code because the script might be dying with a SQL error and you just aren't seeing it printed out. -Micah On Wed January 21 2004 11:49 am, mayo wrote: good point Micah !! :-) I don't get an error msg. Nothing happens. included is the file Below are the three issues I have with query_strings and sql. The formatting is of the .php page is awful. I'm not certain it's legible. 1. Main issue -- be able to use a query_string variable in a sql statement SELECT * FROM whatever WHERE someField = '$queryString_variable' 2. Be able to set defaults in case variable doesn't exist. if(!isset($category)){$category=Shop;} 3. be able to modify results from a sql query with a query_string variable $selection = mysql_query( while ($row = mysql_fetch_array($selection)){ if (query_variable is X){ echo $row[classID]; }else{ echo b . $row[classID] . /b; } thanks all, this is driving me crazy. My bad for taking this project. Easy for me in Cold Fusion, driving me nuts in PHP. ?php function getClasses(){ $username=; $password=; $database=XXX; $hostname=localhost; global $category; global $Section; global $reorder; global $order; global $location; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
snip I have no knowledge (YET) of how to prevent sql injection attacks with php. /snip Just yesterday I read a short tutorial on http://www.dotgeek.org on how to prevent sql injection. The site is down right now for maintenance otherwise I would have a direct link to the article for you. try searching google: php prevent sql injection -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php