Re: [PHP] Using GET to build multiple sql queries
On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote:
I'd love some help with http://hashphp.org/pastebin?pid=3443 if anyone
can...
Basically I want to make it so that, if the get in the url specifies no
query or a query to a nonexistent row, send to vanilla index. If url
specifies c= then set $c=c and use the number to build the mysql query;
same for p= and s= - if they're valid build the query, if not kick em out.
Can anyone offer any help?
I'd iterate over the $_GET array to build the query elements. Then
implode those elements.
$array = array();
while( list( $k, $v ) = each( $_GET ) )
{
if( $k == 'somekeynotindb' )
{
continue;
}
$array[] = $k . =' . $v . ';
}
if( $array )
{
$and = implode( ', ', $array );
}
$sql =
SELECT *
FROM table
WHERE 1
$and
;
$query = mysql_query( $sql );
--
Greg Donald
Zend Certified Engineer
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using GET to build multiple sql queries
On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote:
Thanks for the reply, Greg,
I see how that is useful. I am confused as to how I would implement it
here. Please bear with me as I am a newbie and am now perhaps more
confused than ever!:
Bummer, sorry.
I'm trying to use the number given in the $_GET URL to build one piece
of the sql:
If there is anything set in the $_GET field other than ?c=[valid int] or
?p=[valid int] or ?s=[valid int] then I want to bounce to a plain index.
if( !( isset( $_GET[ 'c' ] ) is_int( $_GET[ 'c' ] )
|| isset( $_GET[ 'p' ] ) is_int( $_GET[ 'p' ] )
|| isset( $_GET[ 's' ] ) is_int( $_GET[ 's' ] ) ) )
{
header( 'Location: index.php' );
exit;
}
If it's a valid int (a positive int which corresponds to a valid row)
then I want to set its value to the appropriate variable: either $c, $p
or $s,
If it's in the URL it's already set as $_GET[ 'c' ], $_GET[ 'p' ], or
$_GET[ 's' ].
and thus set the values of $fields, $from and $where.
?php //IF there is a valid query by cartoon, use $c to build the SQL
$fields = 'SELECT art.*,publisher.*,subject.*';
$from = 'FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id';
$sort = ORDER BY art.art_pub_date;
$where = WHERE art.art_id = '$c' AND
WHERE art.art_id = '$_GET[c]'
subject.subject_id=art.subject_id;
?
If that were instead a $p then I would do:
?php //IF there is a valid query by publisher, use $p to build the SQL
$fields = SELECT art.*,publisher.*,subject.*;
$from = FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id;
$where = WHERE publisher.publisher_id=art.publisher_id AND
art.publisher_id = '$p' AND
art.publisher_id = '$_GET[p]' AND
subject.subject_id=art.subject_id;
?
If that were instead an $s then I would do:
?php //IF there is a valid query by subject, use $s to build the SQL
$fields = SELECT art.*,publisher.*,subject.*;
$from = FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id;
$where = WHERE publisher.publisher_id=art.publisher_id AND
art.subject_id = '1' AND
art.subject_id=subject.subject_id;
?
I'm sure your method works ( ;) ). If I understand it, as my friend
Darrell said about your suggestion:
'...We iterate through the array seeing if there's a submitted HTML form
field name that matches the current database column name. If so, we add
the column name and the value submitted in the form to a string that is
being built into a database query.'
It's just a matter of checking for variables in the $_GET array and
doing what you need to do if they exist and are valid or not. Do you
know about print_r() yet?
echo 'pre';
print_r( $_GET );
echo '/pre';
--
Greg Donald
Zend Certified Engineer
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using GET to build multiple sql queries
Thanks for the reply, Greg,
I see how that is useful. I am confused as to how I would implement it
here. Please bear with me as I am a newbie and am now perhaps more
confused than ever!:
I'm trying to use the number given in the $_GET URL to build one piece
of the sql:
If there is anything set in the $_GET field other than ?c=[valid int] or
?p=[valid int] or ?s=[valid int] then I want to bounce to a plain index.
If it's a valid int (a positive int which corresponds to a valid row)
then I want to set its value to the appropriate variable: either $c, $p
or $s, and thus set the values of $fields, $from and $where.
?php //IF there is a valid query by cartoon, use $c to build the SQL
$fields = 'SELECT art.*,publisher.*,subject.*';
$from = 'FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id';
$sort = ORDER BY art.art_pub_date;
$where = WHERE art.art_id = '$c' AND
subject.subject_id=art.subject_id;
?
If that were instead a $p then I would do:
?php //IF there is a valid query by publisher, use $p to build the SQL
$fields = SELECT art.*,publisher.*,subject.*;
$from = FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id;
$where = WHERE publisher.publisher_id=art.publisher_id AND
art.publisher_id = '$p' AND
subject.subject_id=art.subject_id;
?
If that were instead an $s then I would do:
?php //IF there is a valid query by subject, use $s to build the SQL
$fields = SELECT art.*,publisher.*,subject.*;
$from = FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id;
$where = WHERE publisher.publisher_id=art.publisher_id AND
art.subject_id = '1' AND
art.subject_id=subject.subject_id;
?
I'm sure your method works ( ;) ). If I understand it, as my friend
Darrell said about your suggestion:
'...We iterate through the array seeing if there's a submitted HTML form
field name that matches the current database column name. If so, we add
the column name and the value submitted in the form to a string that is
being built into a database query.'
I'm trying to see how this code lets me do that. I know it's right in
front of my face but I cannot see how to adapt it to the task. .
Thanks in advance!!
Greg Donald wrote:
On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote:
I'd love some help with http://hashphp.org/pastebin?pid=3443 if anyone
can...
Basically I want to make it so that, if the get in the url specifies no
query or a query to a nonexistent row, send to vanilla index. If url
specifies c= then set $c=c and use the number to build the mysql query;
same for p= and s= - if they're valid build the query, if not kick em out.
Can anyone offer any help?
I'd iterate over the $_GET array to build the query elements. Then
implode those elements.
$array = array();
while( list( $k, $v ) = each( $_GET ) )
{
if( $k == 'somekeynotindb' )
{
continue;
}
$array[] = $k . =' . $v . ';
}
if( $array )
{
$and = implode( ', ', $array );
}
$sql =
SELECT *
FROM table
WHERE 1
$and
;
$query = mysql_query( $sql );
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using GET to build multiple sql queries
SORRY - one small correction below:
SNIP
If that were instead an $s then I would do:
?php //IF there is a valid query by subject, use $s to build the SQL
$fields = SELECT art.*,publisher.*,subject.*;
$from = FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id;
$where = WHERE publisher.publisher_id=art.publisher_id AND
art.subject_id = '$s' AND
art.subject_id=subject.subject_id;
?
/SNIP
I had accidentally put a number 1 in place of the $s in the above
example. Apologies for the extra mail and thanks in advance.
Greg Donald wrote:
On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote:
I'd love some help with http://hashphp.org/pastebin?pid=3443 if anyone
can...
Basically I want to make it so that, if the get in the url specifies no
query or a query to a nonexistent row, send to vanilla index. If url
specifies c= then set $c=c and use the number to build the mysql query;
same for p= and s= - if they're valid build the query, if not kick em out.
Can anyone offer any help?
I'd iterate over the $_GET array to build the query elements. Then
implode those elements.
$array = array();
while( list( $k, $v ) = each( $_GET ) )
{
if( $k == 'somekeynotindb' )
{
continue;
}
$array[] = $k . =' . $v . ';
}
if( $array )
{
$and = implode( ', ', $array );
}
$sql =
SELECT *
FROM table
WHERE 1
$and
;
$query = mysql_query( $sql );
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using GET to build multiple sql queries
Greg, thank you for all this... See below
Greg Donald wrote:
On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote:
Thanks for the reply, Greg,
I see how that is useful. I am confused as to how I would implement it
here. Please bear with me as I am a newbie and am now perhaps more
confused than ever!:
Bummer, sorry.
Twasn't you; were me.
I'm trying to use the number given in the $_GET URL to build one piece
of the sql:
If there is anything set in the $_GET field other than ?c=[valid int] or
?p=[valid int] or ?s=[valid int] then I want to bounce to a plain index.
if( !( isset( $_GET[ 'c' ] ) is_int( $_GET[ 'c' ] )
|| isset( $_GET[ 'p' ] ) is_int( $_GET[ 'p' ] )
|| isset( $_GET[ 's' ] ) is_int( $_GET[ 's' ] ) ) )
{
header( 'Location: index.php' );
exit;
}
Of course, that almost did it. But I wanted to do it it *weren't* an
int. I put a ! in front and that works like a charm!
If it's a valid int (a positive int which corresponds to a valid row)
then I want to set its value to the appropriate variable: either $c, $p
or $s,
If it's in the URL it's already set as $_GET[ 'c' ], $_GET[ 'p' ], or
$_GET[ 's' ].
I get it. Thanks for that. Including it in the sql didn't work as you
suggested:
?php //IF there is a valid query by cartoon, use $c to build the SQL
$fields = 'SELECT art.*,publisher.*,subject.*';
$from = 'FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id';
$sort = ORDER BY art.art_pub_date;
$where = WHERE art.art_id = '$c' AND
WHERE art.art_id = '$_GET[c]'
I guess it was missing a print command or something. I did this up top
though:
$c = intval($_GET['c']);
$p = intval($_GET['p']);
$s = intval($_GET['s']);
and then did it as I had it in the sample above and it worked like a
charm, too.
subject.subject_id=art.subject_id;
?
If that were instead a $p then I would do:
?php //IF there is a valid query by publisher, use $p to build the SQL
$fields = SELECT art.*,publisher.*,subject.*;
$from = FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id;
$where = WHERE publisher.publisher_id=art.publisher_id AND
art.publisher_id = '$p' AND
art.publisher_id = '$_GET[p]' AND
subject.subject_id=art.subject_id;
?
If that were instead an $s then I would do:
?php //IF there is a valid query by subject, use $s to build the SQL
$fields = SELECT art.*,publisher.*,subject.*;
$from = FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id;
$where = WHERE publisher.publisher_id=art.publisher_id AND
art.subject_id = '1' AND
art.subject_id=subject.subject_id;
?
I'm sure your method works ( ;) ). If I understand it, as my friend
Darrell said about your suggestion:
'...We iterate through the array seeing if there's a submitted HTML form
field name that matches the current database column name. If so, we add
the column name and the value submitted in the form to a string that is
being built into a database query.'
It's just a matter of checking for variables in the $_GET array and
doing what you need to do if they exist and are valid or not. Do you
know about print_r() yet?
echo 'pre';
print_r( $_GET );
echo '/pre';
I did and thank you. This is close to working, though I still have to
deal with what happens once I run those queries. But thanks for sorting
out that mess for me,. I really appreciate it.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
