Re: [ADMIN] access data in php

2009-01-02 Thread Scott Marlowe
On Fri, Jan 2, 2009 at 12:40 PM, Marc Fromm wrote: > This is my code: > $dbconn = pg_connect("host=localhost port=5432 user=postgres > dbname=studentalerts"); > > if(isset($_GET["value"])){ >$w_number=$_GET["value"]; > } You need to scrub user input. use pg_escape_string($_GET['value']

Re: [ADMIN] access data in php

2009-01-02 Thread Chander Ganesan
Marc Fromm wrote: This is my code: You should probably be using code that looks like this: $query = "select first_name, last_name, alert from alert_list where w_number='" . pg_escape_string($w_number) . "'" Otherwise you're vulnerable to SQL Injection attacks.. For example, what happens

Re: [ADMIN] access data in php

2009-01-02 Thread Marc Fromm
This is my code: "; echo pg_last_error(); exit(); } $rows = pg_fetch_assoc($result); if (!$rows){ echo "There are no alerts for $w_number!\n\n"; }else{ $result = pg_query($dbconn,$query); $count=1; while ($row = pg_fetch_array($result)){ ech

Re: [ADMIN] access data in php

2009-01-02 Thread Marc Fromm
My results are missing the first record as you explained. -Original Message- From: [email protected] [mailto:[email protected]] Sent: Friday, January 02, 2009 10:09 AM To: Marc Fromm Cc: [email protected] Subject: Re: [ADMIN] access data in php On Fri, 2 Jan 2009, Marc Fromm wrote:

Re: [ADMIN] access data in php

2009-01-02 Thread Scott Marlowe
On Fri, Jan 2, 2009 at 11:09 AM, wrote: > pg_fetch_assoc behave like pg_fetch_array: it increments the internal > pointer to the current result. > So if you call it once, then pg_fetch_array will return the 2nd result in > the result set. Wow, I'm so used to seeing $rows = pg_num_rows() that th

Re: [ADMIN] access data in php

2009-01-02 Thread ioguix
On Fri, 2 Jan 2009, Marc Fromm wrote: If I gather the sql results with this code $results = pg_query($dbconn,$query);   I can check if there is no returned data with this code $rows = pg_fetch_assoc($result);   but if I then use a while loop to display data (if there is data returned) with th

Re: [ADMIN] access data in php

2009-01-02 Thread Scott Marlowe
On Fri, Jan 2, 2009 at 10:11 AM, Marc Fromm wrote: > If I gather the sql results with this code > $results = pg_query($dbconn,$query); > > I can check if there is no returned data with this code > $rows = pg_fetch_assoc($result); > > but if I then use a while loop to display data (if there is data

[ADMIN] access data in php

2009-01-02 Thread Marc Fromm
If I gather the sql results with this code $results = pg_query($dbconn,$query); I can check if there is no returned data with this code $rows = pg_fetch_assoc($result); but if I then use a while loop to display data (if there is data returned) with this code while ($row = pg_fetch_array($result)