Re: [PHP] Using GET to build multiple sql queries
On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote: I'd love some help with http://hashphp.org/pastebin?pid=3443 if anyone can... Basically I want to make it so that, if the get in the url specifies no query or a query to a nonexistent row, send to vanilla index. If url specifies c= then set $c=c and use the number to build the mysql query; same for p= and s= - if they're valid build the query, if not kick em out. Can anyone offer any help? I'd iterate over the $_GET array to build the query elements. Then implode those elements. $array = array(); while( list( $k, $v ) = each( $_GET ) ) { if( $k == 'somekeynotindb' ) { continue; } $array[] = $k . =' . $v . '; } if( $array ) { $and = implode( ', ', $array ); } $sql = SELECT * FROM table WHERE 1 $and ; $query = mysql_query( $sql ); -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using GET to build multiple sql queries
On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote: Thanks for the reply, Greg, I see how that is useful. I am confused as to how I would implement it here. Please bear with me as I am a newbie and am now perhaps more confused than ever!: Bummer, sorry. I'm trying to use the number given in the $_GET URL to build one piece of the sql: If there is anything set in the $_GET field other than ?c=[valid int] or ?p=[valid int] or ?s=[valid int] then I want to bounce to a plain index. if( !( isset( $_GET[ 'c' ] ) is_int( $_GET[ 'c' ] ) || isset( $_GET[ 'p' ] ) is_int( $_GET[ 'p' ] ) || isset( $_GET[ 's' ] ) is_int( $_GET[ 's' ] ) ) ) { header( 'Location: index.php' ); exit; } If it's a valid int (a positive int which corresponds to a valid row) then I want to set its value to the appropriate variable: either $c, $p or $s, If it's in the URL it's already set as $_GET[ 'c' ], $_GET[ 'p' ], or $_GET[ 's' ]. and thus set the values of $fields, $from and $where. ?php //IF there is a valid query by cartoon, use $c to build the SQL $fields = 'SELECT art.*,publisher.*,subject.*'; $from = 'FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id'; $sort = ORDER BY art.art_pub_date; $where = WHERE art.art_id = '$c' AND WHERE art.art_id = '$_GET[c]' subject.subject_id=art.subject_id; ? If that were instead a $p then I would do: ?php //IF there is a valid query by publisher, use $p to build the SQL $fields = SELECT art.*,publisher.*,subject.*; $from = FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id; $where = WHERE publisher.publisher_id=art.publisher_id AND art.publisher_id = '$p' AND art.publisher_id = '$_GET[p]' AND subject.subject_id=art.subject_id; ? If that were instead an $s then I would do: ?php //IF there is a valid query by subject, use $s to build the SQL $fields = SELECT art.*,publisher.*,subject.*; $from = FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id; $where = WHERE publisher.publisher_id=art.publisher_id AND art.subject_id = '1' AND art.subject_id=subject.subject_id; ? I'm sure your method works ( ;) ). If I understand it, as my friend Darrell said about your suggestion: '...We iterate through the array seeing if there's a submitted HTML form field name that matches the current database column name. If so, we add the column name and the value submitted in the form to a string that is being built into a database query.' It's just a matter of checking for variables in the $_GET array and doing what you need to do if they exist and are valid or not. Do you know about print_r() yet? echo 'pre'; print_r( $_GET ); echo '/pre'; -- Greg Donald Zend Certified Engineer http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using GET to build multiple sql queries
Thanks for the reply, Greg, I see how that is useful. I am confused as to how I would implement it here. Please bear with me as I am a newbie and am now perhaps more confused than ever!: I'm trying to use the number given in the $_GET URL to build one piece of the sql: If there is anything set in the $_GET field other than ?c=[valid int] or ?p=[valid int] or ?s=[valid int] then I want to bounce to a plain index. If it's a valid int (a positive int which corresponds to a valid row) then I want to set its value to the appropriate variable: either $c, $p or $s, and thus set the values of $fields, $from and $where. ?php //IF there is a valid query by cartoon, use $c to build the SQL $fields = 'SELECT art.*,publisher.*,subject.*'; $from = 'FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id'; $sort = ORDER BY art.art_pub_date; $where = WHERE art.art_id = '$c' AND subject.subject_id=art.subject_id; ? If that were instead a $p then I would do: ?php //IF there is a valid query by publisher, use $p to build the SQL $fields = SELECT art.*,publisher.*,subject.*; $from = FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id; $where = WHERE publisher.publisher_id=art.publisher_id AND art.publisher_id = '$p' AND subject.subject_id=art.subject_id; ? If that were instead an $s then I would do: ?php //IF there is a valid query by subject, use $s to build the SQL $fields = SELECT art.*,publisher.*,subject.*; $from = FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id; $where = WHERE publisher.publisher_id=art.publisher_id AND art.subject_id = '1' AND art.subject_id=subject.subject_id; ? I'm sure your method works ( ;) ). If I understand it, as my friend Darrell said about your suggestion: '...We iterate through the array seeing if there's a submitted HTML form field name that matches the current database column name. If so, we add the column name and the value submitted in the form to a string that is being built into a database query.' I'm trying to see how this code lets me do that. I know it's right in front of my face but I cannot see how to adapt it to the task. . Thanks in advance!! Greg Donald wrote: On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote: I'd love some help with http://hashphp.org/pastebin?pid=3443 if anyone can... Basically I want to make it so that, if the get in the url specifies no query or a query to a nonexistent row, send to vanilla index. If url specifies c= then set $c=c and use the number to build the mysql query; same for p= and s= - if they're valid build the query, if not kick em out. Can anyone offer any help? I'd iterate over the $_GET array to build the query elements. Then implode those elements. $array = array(); while( list( $k, $v ) = each( $_GET ) ) { if( $k == 'somekeynotindb' ) { continue; } $array[] = $k . =' . $v . '; } if( $array ) { $and = implode( ', ', $array ); } $sql = SELECT * FROM table WHERE 1 $and ; $query = mysql_query( $sql ); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using GET to build multiple sql queries
SORRY - one small correction below: SNIP If that were instead an $s then I would do: ?php //IF there is a valid query by subject, use $s to build the SQL $fields = SELECT art.*,publisher.*,subject.*; $from = FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id; $where = WHERE publisher.publisher_id=art.publisher_id AND art.subject_id = '$s' AND art.subject_id=subject.subject_id; ? /SNIP I had accidentally put a number 1 in place of the $s in the above example. Apologies for the extra mail and thanks in advance. Greg Donald wrote: On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote: I'd love some help with http://hashphp.org/pastebin?pid=3443 if anyone can... Basically I want to make it so that, if the get in the url specifies no query or a query to a nonexistent row, send to vanilla index. If url specifies c= then set $c=c and use the number to build the mysql query; same for p= and s= - if they're valid build the query, if not kick em out. Can anyone offer any help? I'd iterate over the $_GET array to build the query elements. Then implode those elements. $array = array(); while( list( $k, $v ) = each( $_GET ) ) { if( $k == 'somekeynotindb' ) { continue; } $array[] = $k . =' . $v . '; } if( $array ) { $and = implode( ', ', $array ); } $sql = SELECT * FROM table WHERE 1 $and ; $query = mysql_query( $sql ); -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Using GET to build multiple sql queries
Greg, thank you for all this... See below Greg Donald wrote: On 6/2/05, Jack Jackson [EMAIL PROTECTED] wrote: Thanks for the reply, Greg, I see how that is useful. I am confused as to how I would implement it here. Please bear with me as I am a newbie and am now perhaps more confused than ever!: Bummer, sorry. Twasn't you; were me. I'm trying to use the number given in the $_GET URL to build one piece of the sql: If there is anything set in the $_GET field other than ?c=[valid int] or ?p=[valid int] or ?s=[valid int] then I want to bounce to a plain index. if( !( isset( $_GET[ 'c' ] ) is_int( $_GET[ 'c' ] ) || isset( $_GET[ 'p' ] ) is_int( $_GET[ 'p' ] ) || isset( $_GET[ 's' ] ) is_int( $_GET[ 's' ] ) ) ) { header( 'Location: index.php' ); exit; } Of course, that almost did it. But I wanted to do it it *weren't* an int. I put a ! in front and that works like a charm! If it's a valid int (a positive int which corresponds to a valid row) then I want to set its value to the appropriate variable: either $c, $p or $s, If it's in the URL it's already set as $_GET[ 'c' ], $_GET[ 'p' ], or $_GET[ 's' ]. I get it. Thanks for that. Including it in the sql didn't work as you suggested: ?php //IF there is a valid query by cartoon, use $c to build the SQL $fields = 'SELECT art.*,publisher.*,subject.*'; $from = 'FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id'; $sort = ORDER BY art.art_pub_date; $where = WHERE art.art_id = '$c' AND WHERE art.art_id = '$_GET[c]' I guess it was missing a print command or something. I did this up top though: $c = intval($_GET['c']); $p = intval($_GET['p']); $s = intval($_GET['s']); and then did it as I had it in the sample above and it worked like a charm, too. subject.subject_id=art.subject_id; ? If that were instead a $p then I would do: ?php //IF there is a valid query by publisher, use $p to build the SQL $fields = SELECT art.*,publisher.*,subject.*; $from = FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id; $where = WHERE publisher.publisher_id=art.publisher_id AND art.publisher_id = '$p' AND art.publisher_id = '$_GET[p]' AND subject.subject_id=art.subject_id; ? If that were instead an $s then I would do: ?php //IF there is a valid query by subject, use $s to build the SQL $fields = SELECT art.*,publisher.*,subject.*; $from = FROM art,subject LEFT JOIN publisher ON publisher.publisher_id=art.publisher_id; $where = WHERE publisher.publisher_id=art.publisher_id AND art.subject_id = '1' AND art.subject_id=subject.subject_id; ? I'm sure your method works ( ;) ). If I understand it, as my friend Darrell said about your suggestion: '...We iterate through the array seeing if there's a submitted HTML form field name that matches the current database column name. If so, we add the column name and the value submitted in the form to a string that is being built into a database query.' It's just a matter of checking for variables in the $_GET array and doing what you need to do if they exist and are valid or not. Do you know about print_r() yet? echo 'pre'; print_r( $_GET ); echo '/pre'; I did and thank you. This is close to working, though I still have to deal with what happens once I run those queries. But thanks for sorting out that mess for me,. I really appreciate it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php