Re: [PHP-DB] using query_strings in sql
I may be misunderstanding you, but your first statement about pulling from a
query string is throwing me.
?php echo $section; ? will only display the value of $section on the screen.
You will need to build a form to get a value into $section.
form action=soemthing.php
input type=text name=section
/form
something.php:
?php echo This is what was submitted in the form: .$section; ?
Now you can do your query:
$selection = mysql_query(SELECT *
FROM classes
WHERE
classCategory = '$section'
)
you'll notice I pulled the other variables out since you had not defined them
yet, like your ordering variables. Otherwise the SQL would end with ORDER
which will cause an error..
-Micah
On Wed January 21 2004 10:41 am, mayo wrote:
I'm a cold fusion refugee and am having incredible problems with something
that I think is relatively easy -- so I must be missing something basic.
I would like to pull info from a query string and use it inside a database
call.
I can pull the query string into a general variable:
?php echo $section; ?
now I would like to use it in a SQL statement, or in
if/else clauses to modifiy results from queries.
examples below:
USE query_string in SQL :
?php
function whatever(){
$username = ;
...
// setting the default variables
if(!isset($category)){$category=Something;}
if(!isset($section)){$section=SomethingElse;}
[EMAIL PROTECTED]($hostname,$username,$password);
mysql_select_db($database);
$selection = mysql_query(
SELECT *
FROM classes
WHERE
classCategory = '$category'
ORDER BY $reorder $order
)
...
?
The PHP SQL call below work nicely:
while ($row = mysql_fetch_array($selection)){
echo $row[sectionName];
}
now I would like to do an if/else to modifiy it:
while ($row = mysql_fetch_array($selection)){
if (section == $sectionName){
echo b . $row[sectionName] . /b;
}else{
echo $row[sectionName];
}
Nothing is working. I must be missing something basic over here.
thx, Gil
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
I have a table displaying data. The column headers are links that allow the
users to order the content in ASC or DESC.
basic version is:
a href=somefile.php?order=ASCTitle/a
a closer to reality version is (or would be if it worked)
a href=somefile.php?order=
if ($order == ASC){
echo DESC;
}else{
echo ASC;
}
(Actually that would be a switch/case :-) )
The sql call is
$selection = mysql_query(
SELECT *
FROM classes
ORDER BY title $order
)
And since there is no query string when someone lands on the page there
needs to be a default value set:
// setting the default variables
if(!isset($order)){$order=ASC;}
Unfortunately its not working :(
thx, gil
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 1:59 PM
To: [EMAIL PROTECTED]
Cc: mayo
Subject: Re: [PHP-DB] using query_strings in sql
I may be misunderstanding you, but your first statement about
pulling from a
query string is throwing me.
?php echo $section; ? will only display the value of $section
on the screen.
You will need to build a form to get a value into $section.
form action=soemthing.php
input type=text name=section
/form
something.php:
?php echo This is what was submitted in the form: .$section; ?
Now you can do your query:
$selection = mysql_query(SELECT *
FROM classes
WHERE
classCategory = '$section'
)
you'll notice I pulled the other variables out since you had not
defined them
yet, like your ordering variables. Otherwise the SQL would end
with ORDER
which will cause an error..
-Micah
On Wed January 21 2004 10:41 am, mayo wrote:
I'm a cold fusion refugee and am having incredible problems
with something
that I think is relatively easy -- so I must be missing
something basic.
I would like to pull info from a query string and use it
inside a database
call.
I can pull the query string into a general variable:
?php echo $section; ?
now I would like to use it in a SQL statement, or in
if/else clauses to modifiy results from queries.
examples below:
USE query_string in SQL :
?php
function whatever(){
$username = ;
...
// setting the default variables
if(!isset($category)){$category=Something;}
if(!isset($section)){$section=SomethingElse;}
[EMAIL PROTECTED]($hostname,$username,$password);
mysql_select_db($database);
$selection = mysql_query(
SELECT *
FROM classes
WHERE
classCategory = '$category'
ORDER BY $reorder $order
)
...
?
The PHP SQL call below work nicely:
while ($row = mysql_fetch_array($selection)){
echo $row[sectionName];
}
now I would like to do an if/else to modifiy it:
while ($row = mysql_fetch_array($selection)){
if (section == $sectionName){
echo b . $row[sectionName] . /b;
}else{
echo $row[sectionName];
}
Nothing is working. I must be missing something basic over here.
thx, Gil
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] using query_strings in sql
What error is it giving you? What's not happening? Saying 'It doesn't work'
doesn't help much especially when you don't give all the code.
-Micah
On Wed January 21 2004 11:10 am, mayo wrote:
I have a table displaying data. The column headers are links that allow the
users to order the content in ASC or DESC.
basic version is:
a href=somefile.php?order=ASCTitle/a
a closer to reality version is (or would be if it worked)
a href=somefile.php?order=
if ($order == ASC){
echo DESC;
}else{
echo ASC;
}
(Actually that would be a switch/case :-) )
The sql call is
$selection = mysql_query(
SELECT *
FROM classes
ORDER BY title $order
)
And since there is no query string when someone lands on the page there
needs to be a default value set:
// setting the default variables
if(!isset($order)){$order=ASC;}
Unfortunately its not working :(
thx, gil
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 1:59 PM
To: [EMAIL PROTECTED]
Cc: mayo
Subject: Re: [PHP-DB] using query_strings in sql
I may be misunderstanding you, but your first statement about
pulling from a
query string is throwing me.
?php echo $section; ? will only display the value of $section
on the screen.
You will need to build a form to get a value into $section.
form action=soemthing.php
input type=text name=section
/form
something.php:
?php echo This is what was submitted in the form: .$section; ?
Now you can do your query:
$selection = mysql_query(SELECT *
FROM classes
WHERE
classCategory = '$section'
)
you'll notice I pulled the other variables out since you had not
defined them
yet, like your ordering variables. Otherwise the SQL would end
with ORDER
which will cause an error..
-Micah
On Wed January 21 2004 10:41 am, mayo wrote:
I'm a cold fusion refugee and am having incredible problems
with something
that I think is relatively easy -- so I must be missing
something basic.
I would like to pull info from a query string and use it
inside a database
call.
I can pull the query string into a general variable:
?php echo $section; ?
now I would like to use it in a SQL statement, or in
if/else clauses to modifiy results from queries.
examples below:
USE query_string in SQL :
?php
function whatever(){
$username = ;
...
// setting the default variables
if(!isset($category)){$category=Something;}
if(!isset($section)){$section=SomethingElse;}
[EMAIL PROTECTED]($hostname,$username,$password);
mysql_select_db($database);
$selection = mysql_query(
SELECT *
FROM classes
WHERE
classCategory = '$category'
ORDER BY $reorder $order
)
...
?
The PHP SQL call below work nicely:
while ($row = mysql_fetch_array($selection)){
echo $row[sectionName];
}
now I would like to do an if/else to modifiy it:
while ($row = mysql_fetch_array($selection)){
if (section == $sectionName){
echo b . $row[sectionName] . /b;
}else{
echo $row[sectionName];
}
Nothing is working. I must be missing something basic over here.
thx, Gil
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] using query_strings in sql
Looking at that. You are combining html and php without distinguishing
between the two. I am assuming you are in php mode because html wouldn't
give you errors. try this:
echo a href='somefile.php?order=;
if ($order == ASC){
echo DESC;
}else{
echo ASC;
}
echo ';
- Original Message -
From: mayo [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 1:10 PM
Subject: RE: [PHP-DB] using query_strings in sql
I have a table displaying data. The column headers are links that allow
the
users to order the content in ASC or DESC.
basic version is:
a href=somefile.php?order=ASCTitle/a
a closer to reality version is (or would be if it worked)
a href=somefile.php?order=
if ($order == ASC){
echo DESC;
}else{
echo ASC;
}
(Actually that would be a switch/case :-) )
The sql call is
$selection = mysql_query(
SELECT *
FROM classes
ORDER BY title $order
)
And since there is no query string when someone lands on the page there
needs to be a default value set:
// setting the default variables
if(!isset($order)){$order=ASC;}
Unfortunately its not working :(
thx, gil
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 1:59 PM
To: [EMAIL PROTECTED]
Cc: mayo
Subject: Re: [PHP-DB] using query_strings in sql
I may be misunderstanding you, but your first statement about
pulling from a
query string is throwing me.
?php echo $section; ? will only display the value of $section
on the screen.
You will need to build a form to get a value into $section.
form action=soemthing.php
input type=text name=section
/form
something.php:
?php echo This is what was submitted in the form: .$section; ?
Now you can do your query:
$selection = mysql_query(SELECT *
FROM classes
WHERE
classCategory = '$section'
)
you'll notice I pulled the other variables out since you had not
defined them
yet, like your ordering variables. Otherwise the SQL would end
with ORDER
which will cause an error..
-Micah
On Wed January 21 2004 10:41 am, mayo wrote:
I'm a cold fusion refugee and am having incredible problems
with something
that I think is relatively easy -- so I must be missing
something basic.
I would like to pull info from a query string and use it
inside a database
call.
I can pull the query string into a general variable:
?php echo $section; ?
now I would like to use it in a SQL statement, or in
if/else clauses to modifiy results from queries.
examples below:
USE query_string in SQL :
?php
function whatever(){
$username = ;
...
// setting the default variables
if(!isset($category)){$category=Something;}
if(!isset($section)){$section=SomethingElse;}
[EMAIL PROTECTED]($hostname,$username,$password);
mysql_select_db($database);
$selection = mysql_query(
SELECT *
FROM classes
WHERE
classCategory = '$category'
ORDER BY $reorder $order
)
...
?
The PHP SQL call below work nicely:
while ($row = mysql_fetch_array($selection)){
echo $row[sectionName];
}
now I would like to do an if/else to modifiy it:
while ($row = mysql_fetch_array($selection)){
if (section == $sectionName){
echo b . $row[sectionName] . /b;
}else{
echo $row[sectionName];
}
Nothing is working. I must be missing something basic over here.
thx, Gil
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
my bad: I typed in the script and forgot the echo.
-- gil
-Original Message-
From: Rick Dahl [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 2:28 PM
To: mayo; [EMAIL PROTECTED]
Subject: Re: [PHP-DB] using query_strings in sql
Looking at that. You are combining html and php without distinguishing
between the two. I am assuming you are in php mode because
html wouldn't
give you errors. try this:
echo a href='somefile.php?order=;
if ($order == ASC){
echo DESC;
}else{
echo ASC;
}
echo ';
- Original Message -
From: mayo [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 1:10 PM
Subject: RE: [PHP-DB] using query_strings in sql
I have a table displaying data. The column headers are links that allow
the
users to order the content in ASC or DESC.
basic version is:
a href=somefile.php?order=ASCTitle/a
a closer to reality version is (or would be if it worked)
a href=somefile.php?order=
if ($order == ASC){
echo DESC;
}else{
echo ASC;
}
(Actually that would be a switch/case :-) )
The sql call is
$selection = mysql_query(
SELECT *
FROM classes
ORDER BY title $order
)
And since there is no query string when someone lands on the page there
needs to be a default value set:
// setting the default variables
if(!isset($order)){$order=ASC;}
Unfortunately its not working :(
thx, gil
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 1:59 PM
To: [EMAIL PROTECTED]
Cc: mayo
Subject: Re: [PHP-DB] using query_strings in sql
I may be misunderstanding you, but your first statement about
pulling from a
query string is throwing me.
?php echo $section; ? will only display the value of $section
on the screen.
You will need to build a form to get a value into $section.
form action=soemthing.php
input type=text name=section
/form
something.php:
?php echo This is what was submitted in the form: .$section; ?
Now you can do your query:
$selection = mysql_query(SELECT *
FROM classes
WHERE
classCategory = '$section'
)
you'll notice I pulled the other variables out since you had not
defined them
yet, like your ordering variables. Otherwise the SQL would end
with ORDER
which will cause an error..
-Micah
On Wed January 21 2004 10:41 am, mayo wrote:
I'm a cold fusion refugee and am having incredible problems
with something
that I think is relatively easy -- so I must be missing
something basic.
I would like to pull info from a query string and use it
inside a database
call.
I can pull the query string into a general variable:
?php echo $section; ?
now I would like to use it in a SQL statement, or in
if/else clauses to modifiy results from queries.
examples below:
USE query_string in SQL :
?php
function whatever(){
$username = ;
...
// setting the default variables
if(!isset($category)){$category=Something;}
if(!isset($section)){$section=SomethingElse;}
[EMAIL PROTECTED]($hostname,$username,$password);
mysql_select_db($database);
$selection = mysql_query(
SELECT *
FROM classes
WHERE
classCategory = '$category'
ORDER BY $reorder $order
)
...
?
The PHP SQL call below work nicely:
while ($row = mysql_fetch_array($selection)){
echo $row[sectionName];
}
now I would like to do an if/else to modifiy it:
while ($row = mysql_fetch_array($selection)){
if (section == $sectionName){
echo b . $row[sectionName] . /b;
}else{
echo $row[sectionName];
}
Nothing is working. I must be missing something basic over here.
thx, Gil
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
] . /td\n;
echo /tr;
}
echo /table;
}
$title = XXX: Administration: List Classes;
?
html
head
title?php $title ?/title
link href=admin.css type=text/css rel=stylesheet
style
.hide
{
background-color: #CC;
}
/style
/head
body
div id=left/div
div id=nav?php include (nav.php); ?/div
div id=bodyTitleXXX: Administration Screen: Class Management/div
div id=body style=width:?php if ($section == All){echo
650;}else{echo 550;}?px; class=box
brbrbr
?php
if(isset($_SERVER['QUERY_STRING']))
{
print $_SERVER['QUERY_STRING'];
if(isset($reorder)){print br . $reorder;}else{$section=dkdkdk;}
}else{
print too bad;
}
?
ul
h1 style=width:400px; font-size:14px;?php print $category $section
?/h1
?php getClasses(); ?
/ul
/div
nbsp;
/body
/html
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 2:26 PM
To: [EMAIL PROTECTED]
Cc: mayo
Subject: Re: [PHP-DB] using query_strings in sql
What error is it giving you? What's not happening? Saying 'It
doesn't work'
doesn't help much especially when you don't give all the code.
-Micah
On Wed January 21 2004 11:10 am, mayo wrote:
I have a table displaying data. The column headers are links
that allow the
users to order the content in ASC or DESC.
basic version is:
a href=somefile.php?order=ASCTitle/a
a closer to reality version is (or would be if it worked)
a href=somefile.php?order=
if ($order == ASC){
echo DESC;
}else{
echo ASC;
}
(Actually that would be a switch/case :-) )
The sql call is
$selection = mysql_query(
SELECT *
FROM classes
ORDER BY title $order
)
And since there is no query string when someone lands on the page there
needs to be a default value set:
// setting the default variables
if(!isset($order)){$order=ASC;}
Unfortunately its not working :(
thx, gil
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 1:59 PM
To: [EMAIL PROTECTED]
Cc: mayo
Subject: Re: [PHP-DB] using query_strings in sql
I may be misunderstanding you, but your first statement about
pulling from a
query string is throwing me.
?php echo $section; ? will only display the value of $section
on the screen.
You will need to build a form to get a value into $section.
form action=soemthing.php
input type=text name=section
/form
something.php:
?php echo This is what was submitted in the form: .$section; ?
Now you can do your query:
$selection = mysql_query(SELECT *
FROM classes
WHERE
classCategory = '$section'
)
you'll notice I pulled the other variables out since you had not
defined them
yet, like your ordering variables. Otherwise the SQL would end
with ORDER
which will cause an error..
-Micah
On Wed January 21 2004 10:41 am, mayo wrote:
I'm a cold fusion refugee and am having incredible problems
with something
that I think is relatively easy -- so I must be missing
something basic.
I would like to pull info from a query string and use it
inside a database
call.
I can pull the query string into a general variable:
?php echo $section; ?
now I would like to use it in a SQL statement, or in
if/else clauses to modifiy results from queries.
examples below:
USE query_string in SQL :
?php
function whatever(){
$username = ;
...
// setting the default variables
if(!isset($category)){$category=Something;}
if(!isset($section)){$section=SomethingElse;}
[EMAIL PROTECTED]($hostname,$username,$password);
mysql_select_db($database);
$selection = mysql_query(
SELECT *
FROM classes
WHERE
classCategory = '$category'
ORDER BY $reorder $order
)
...
?
The PHP SQL call below work nicely:
while ($row
Re: [PHP-DB] using query_strings in sql
Here goes:
1) That should work fine. Be sure and enclose the SQL in double quotes or the
variable will not get translated into its value.
2) That's fine too, nothing wrong there.
3) this is wrong, but it looks like you just ommited the SQL statement. Be
sure and use the or die statement as it will forward any SQL errors to the
screen.
$selection = mysql_query(SELECT *
FROM whatever
WHERE someField = '$queryString_variable') or die(mysql_error());
while ($row = mysql_fetch_array($selection)){
if (query_variable is X){
echo $row[classID];
}else{
echo b . $row[classID] . /b;
}
There isn't anything obviously wrong with the code, it should be doing
something, at least printing out the html heading information. Try looking at
the page source for errors as well. Change the query to include the or
die(mysql_error()); code because the script might be dying with a SQL error
and you just aren't seeing it printed out.
-Micah
On Wed January 21 2004 11:49 am, mayo wrote:
good point Micah !! :-)
I don't get an error msg. Nothing happens.
included is the file
Below are the three issues I have with query_strings and sql. The
formatting is of the .php page is awful. I'm not certain it's legible.
1. Main issue -- be able to use a query_string variable in a sql statement
SELECT *
FROM whatever
WHERE someField = '$queryString_variable'
2. Be able to set defaults in case variable doesn't exist.
if(!isset($category)){$category=Shop;}
3. be able to modify results from a sql query with a query_string variable
$selection = mysql_query(
while ($row = mysql_fetch_array($selection)){
if (query_variable is X){
echo $row[classID];
}else{
echo b . $row[classID] . /b;
}
thanks all, this is driving me crazy. My bad for taking this project. Easy
for me in Cold Fusion, driving me nuts in PHP.
?php
function getClasses(){
$username=;
$password=;
$database=XXX;
$hostname=localhost;
global $category;
global $Section;
global $reorder;
global $order;
global $location;
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
oops. I guess I was too loose with my words ---
something does happen, just not what I want! :-)
The page displays. The sql works, the or die doesn't return anything.
I'm able to change the sql by changing the default values.
WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the default
variables.
so query_string = ?class=Xsection=Yorder=ASC
I can't input these variables : $class,$section,$order into the SQL
statement
SELECT *
FROM classes
WHERE section=$section
ORDER BY $class $order
-- gil
thx for all your patience
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 3:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] using query_strings in sql
Here goes:
1) That should work fine. Be sure and enclose the SQL in double
quotes or the
variable will not get translated into its value.
2) That's fine too, nothing wrong there.
3) this is wrong, but it looks like you just ommited the SQL
statement. Be
sure and use the or die statement as it will forward any SQL
errors to the
screen.
$selection = mysql_query(SELECT *
FROM whatever
WHERE someField = '$queryString_variable') or die(mysql_error());
while ($row = mysql_fetch_array($selection)){
if (query_variable is X){
echo $row[classID];
}else{
echo b . $row[classID] . /b;
}
There isn't anything obviously wrong with the code, it should be doing
something, at least printing out the html heading information.
Try looking at
the page source for errors as well. Change the query to include the or
die(mysql_error()); code because the script might be dying with
a SQL error
and you just aren't seeing it printed out.
-Micah
On Wed January 21 2004 11:49 am, mayo wrote:
good point Micah !! :-)
I don't get an error msg. Nothing happens.
included is the file
Below are the three issues I have with query_strings and sql. The
formatting is of the .php page is awful. I'm not certain it's legible.
1. Main issue -- be able to use a query_string variable in a
sql statement
SELECT *
FROM whatever
WHERE someField = '$queryString_variable'
2. Be able to set defaults in case variable doesn't exist.
if(!isset($category)){$category=Shop;}
3. be able to modify results from a sql query with a
query_string variable
$selection = mysql_query(
while ($row = mysql_fetch_array($selection)){
if (query_variable is X){
echo $row[classID];
}else{
echo b . $row[classID] . /b;
}
thanks all, this is driving me crazy. My bad for taking this
project. Easy
for me in Cold Fusion, driving me nuts in PHP.
?php
function getClasses(){
$username=;
$password=;
$database=XXX;
$hostname=localhost;
global $category;
global $Section;
global $reorder;
global $order;
global $location;
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
snip WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the default variables. so query_string = ?class=Xsection=Yorder=ASC I can't input these variables : $class,$section,$order into the SQL statement SELECT * FROM classes WHERE section=$section ORDER BY $class $order /snip I am getting in really late in this disussion so I apologize if I am off base here but if you have register_globals off $section, $class, and $order wont get set. try this: $section = $_GET['section']; $class = $_GET['class']; $order = $_GET['order']; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] using query_strings in sql
You may have register Globals turned off in php.ini.
Try adding:
extract($_GET)
in the code before the function gets called. That's not a very secure method,
but it will prove whether or not that's the problem.
-Micah
On Wed January 21 2004 12:43 pm, mayo wrote:
oops. I guess I was too loose with my words ---
something does happen, just not what I want! :-)
The page displays. The sql works, the or die doesn't return anything.
I'm able to change the sql by changing the default values.
WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the
default variables.
so query_string = ?class=Xsection=Yorder=ASC
I can't input these variables : $class,$section,$order into the SQL
statement
SELECT *
FROM classes
WHERE section=$section
ORDER BY $class $order
-- gil
thx for all your patience
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 3:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] using query_strings in sql
Here goes:
1) That should work fine. Be sure and enclose the SQL in double
quotes or the
variable will not get translated into its value.
2) That's fine too, nothing wrong there.
3) this is wrong, but it looks like you just ommited the SQL
statement. Be
sure and use the or die statement as it will forward any SQL
errors to the
screen.
$selection = mysql_query(SELECT *
FROM whatever
WHERE someField = '$queryString_variable') or die(mysql_error());
while ($row = mysql_fetch_array($selection)){
if (query_variable is X){
echo $row[classID];
}else{
echo b . $row[classID] . /b;
}
There isn't anything obviously wrong with the code, it should be doing
something, at least printing out the html heading information.
Try looking at
the page source for errors as well. Change the query to include the or
die(mysql_error()); code because the script might be dying with
a SQL error
and you just aren't seeing it printed out.
-Micah
On Wed January 21 2004 11:49 am, mayo wrote:
good point Micah !! :-)
I don't get an error msg. Nothing happens.
included is the file
Below are the three issues I have with query_strings and sql. The
formatting is of the .php page is awful. I'm not certain it's legible.
1. Main issue -- be able to use a query_string variable in a
sql statement
SELECT *
FROM whatever
WHERE someField = '$queryString_variable'
2. Be able to set defaults in case variable doesn't exist.
if(!isset($category)){$category=Shop;}
3. be able to modify results from a sql query with a
query_string variable
$selection = mysql_query(
while ($row = mysql_fetch_array($selection)){
if (query_variable is X){
echo $row[classID];
}else{
echo b . $row[classID] . /b;
}
thanks all, this is driving me crazy. My bad for taking this
project. Easy
for me in Cold Fusion, driving me nuts in PHP.
?php
function getClasses(){
$username=;
$password=;
$database=XXX;
$hostname=localhost;
global $category;
global $Section;
global $reorder;
global $order;
global $location;
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
brother that was it at least as far as putting a query_string variable into a sql statement. thx I'll have to see how it works regarding if-else clauses -gil -Original Message- From: Matt Matijevich [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 21, 2004 3:53 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [PHP-DB] using query_strings in sql snip WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the default variables. so query_string = ?class=Xsection=Yorder=ASC I can't input these variables : $class,$section,$order into the SQL statement SELECT * FROM classes WHERE section=$section ORDER BY $class $order /snip I am getting in really late in this disussion so I apologize if I am off base here but if you have register_globals off $section, $class, and $order wont get set. try this: $section = $_GET['section']; $class = $_GET['class']; $order = $_GET['order']; -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
it works
thx Micah (and Matt)
I have no knowledge (YET) of how to prevent sql injection attacks with php.
For this project I'm not too concerned as it is in a password protected area
and only 2 or 3 people have access to it.
I hope this works with the rest of the issues...
:-)
-- gil
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 4:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] using query_strings in sql
You may have register Globals turned off in php.ini.
Try adding:
extract($_GET)
in the code before the function gets called. That's not a very
secure method,
but it will prove whether or not that's the problem.
-Micah
On Wed January 21 2004 12:43 pm, mayo wrote:
oops. I guess I was too loose with my words ---
something does happen, just not what I want! :-)
The page displays. The sql works, the or die doesn't return anything.
I'm able to change the sql by changing the default values.
WHAT DOESN'T HAPPEN is that the query_string values DO NOT trump the
default variables.
so query_string = ?class=Xsection=Yorder=ASC
I can't input these variables : $class,$section,$order into the SQL
statement
SELECT *
FROM classes
WHERE section=$section
ORDER BY $class $order
-- gil
thx for all your patience
-Original Message-
From: Micah Stevens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 21, 2004 3:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] using query_strings in sql
Here goes:
1) That should work fine. Be sure and enclose the SQL in double
quotes or the
variable will not get translated into its value.
2) That's fine too, nothing wrong there.
3) this is wrong, but it looks like you just ommited the SQL
statement. Be
sure and use the or die statement as it will forward any SQL
errors to the
screen.
$selection = mysql_query(SELECT *
FROM whatever
WHERE someField = '$queryString_variable') or die(mysql_error());
while ($row = mysql_fetch_array($selection)){
if (query_variable is X){
echo $row[classID];
}else{
echo b . $row[classID] . /b;
}
There isn't anything obviously wrong with the code, it
should be doing
something, at least printing out the html heading information.
Try looking at
the page source for errors as well. Change the query to
include the or
die(mysql_error()); code because the script might be dying with
a SQL error
and you just aren't seeing it printed out.
-Micah
On Wed January 21 2004 11:49 am, mayo wrote:
good point Micah !! :-)
I don't get an error msg. Nothing happens.
included is the file
Below are the three issues I have with query_strings and sql. The
formatting is of the .php page is awful. I'm not certain
it's legible.
1. Main issue -- be able to use a query_string variable in a
sql statement
SELECT *
FROM whatever
WHERE someField = '$queryString_variable'
2. Be able to set defaults in case variable doesn't exist.
if(!isset($category)){$category=Shop;}
3. be able to modify results from a sql query with a
query_string variable
$selection = mysql_query(
while ($row = mysql_fetch_array($selection)){
if (query_variable is X){
echo $row[classID];
}else{
echo b . $row[classID] . /b;
}
thanks all, this is driving me crazy. My bad for taking this
project. Easy
for me in Cold Fusion, driving me nuts in PHP.
?php
function getClasses(){
$username=;
$password=;
$database=XXX;
$hostname=localhost;
global $category;
global $Section;
global $reorder;
global $order;
global $location;
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] using query_strings in sql
snip I have no knowledge (YET) of how to prevent sql injection attacks with php. /snip Just yesterday I read a short tutorial on http://www.dotgeek.org on how to prevent sql injection. The site is down right now for maintenance otherwise I would have a direct link to the article for you. try searching google: php prevent sql injection -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
