[PHP] Re: Post variables and mysql queries
$query=Select * from users where userid='.$_POST['userid'].'; ;-) pete Luis Lebron wrote: This may be a dumb question but here goes. I have been trying to use $_POST globals in sql queries. If I use the following query string it does not work $query=Select * from users where userid='$_POST['userid']'; However, this works $userid=$_POST[userid] $query=Select * from users where userid='$userid'; Is there a mistake in my syntax? thanks, Luis R. Lebron Sigmatech, Inc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Post variables and mysql queries
$query='Select * from users where userid='.$_POST['userid'].''; I tend to use single quotes whenever I can and to use concatenation instead of using in-string variables. I do this for three reasons. The first is efficiency. Strings surrounded by single chars are not parsed for any values, such as variables and backslashed characters (except for '). This saves in execution time every time the script is executed. It also helps with readability of the code as some syntax highlighting doesn't catch variables in strings. The last reason is that I know exactly what the code is going to do. I never really know what will be used as the variable when I do it in a string. Will it follow a -? What about two? I don't always know and it's easier to debug without all of the extra hassle. Pete M wrote: $query=Select * from users where userid='.$_POST['userid'].'; ;-) pete Luis Lebron wrote: This may be a dumb question but here goes. I have been trying to use $_POST globals in sql queries. If I use the following query string it does not work $query=Select * from users where userid='$_POST['userid']'; However, this works $userid=$_POST[userid] $query=Select * from users where userid='$userid'; Is there a mistake in my syntax? thanks, Luis R. Lebron Sigmatech, Inc -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Post variables and mysql queries
On Mon, Oct 27, 2003 at 09:38:32AM -0800, Justin Patrin wrote: : : $query='Select * from users where userid='.$_POST['userid'].''; : : I tend to use single quotes whenever I can and to use concatenation : instead of using in-string variables. I do this for three reasons. The : first is efficiency. Strings surrounded by single chars are not parsed : for any values, such as variables and backslashed characters (except for : '). This saves in execution time every time the script is executed. No argument here, except that I don't know if the savings is really noticable for such a small string. : It also helps with readability of the code as some syntax highlighting : doesn't catch variables in strings. IMHO, in-string variables are more readable that trying to read some-string-with-some-quote-character, dot, some-string, dot, some-string, etc. : The last reason is that I know : exactly what the code is going to do. I never really know what will be : used as the variable when I do it in a string. Will it follow a -? What : about two? I don't always know and it's easier to debug without all of : the extra hassle. That's what the curly brackets are for. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Post Variables
for ($i=0; $i=12; $i++)
{
echo select name='$i';
echo option values;
}
the select... tag must stay out of the for loop. the syntax for
select... is
select ...
option.../option
option.../option
option.../option
option.../option
/select
bye
Mattia
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: post variables to MySQL fields
This isn't the code you were talking about but it's something I wrote and
use all the time. update_table() requires a where variable which is an
array which needs to be declared before the function is called. The $where
array is only 2 parts with the column name as [0] and the condition as [1].
It would be declared something like: $where=array(name,George); They
both require $db as the database pointer and $db_name as the database name.
insert_table() has the option of using a second database ($db_name2, $db2)
if desired. I haven't needed this feature in update_table() yet so I didn't
add it in. It wouldn't be hard to take the code from one to the other if
needed.
function update_table($table,$where){
GLOBAL $db,$db_name,$HTTP_POST_VARS;
$fields = mysql_list_fields($db_name, $table, $db);
$columns = mysql_num_fields($fields);
for ($i = 0; $i $columns; $i++) {
$colnames[$i]= mysql_field_name($fields, $i);
}
foreach($HTTP_POST_VARS as $key=$value){
if(in_array($key,$colnames) AND $value!=~NULL~){
$value=addslashes($value);
$save.=$c $key='$value';
$c=,;
}
}
$update=UPDATE $table SET $save WHERE $where[0]='$where[1]';
mysql_query($update,$db);
}
~~~
function insert_table($table,$db_name2=,$db2=){
GLOBAL $db,$db_name,$HTTP_POST_VARS;
$db1=$db;
if($db2!=)$db1=$db2;
$db_name1=$db_name;
if($db_name2!=)$db_name1=$db_name2;
$fields = mysql_list_fields($db_name1, $table, $db1);
$columns = mysql_num_fields($fields);
for ($i = 0; $i $columns; $i++) {
$colnames[$i]= mysql_field_name($fields, $i);
}
$cols=(;
$save=(;
foreach($HTTP_POST_VARS as $key=$value){
if(in_array($key,$colnames) AND $value!=~NULL~){
if($value== )$value=;
$value=addslashes($value);
$cols.=$comma$key;
$save.=$comma'$value';
$comma=,;
}
}
$cols.=);
$save.=);
mysql_query(INSERT INTO $table $cols VALUES $save,$db1);
}
~
Rory O'Connor [EMAIL PROTECTED] wrote in message
20011109191732.B783@jacktasty">news:20011109191732.B783@jacktasty...
A while back somebody answered a question about some PHP code that would
take the $HTTP_POST_VARS and create the SQL that would write them to a
MySQL table (provided the posted var names matches the MySQL
fieldnames).
Does anyone have info on that project? The PHP searchable archive is
down, otherwise I wouldn't be asking on the list.
Thanks,
Rory
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
