Re: [PHP] Noob question: Making search results clickable.
Ford, Mike wrote:
-Original Message-
From: Nisse Engström [mailto:news.nospam.0ixbt...@luden.se]
Sent: 19 November 2009 14:54
To: php-general@lists.php.net
Subject: Re: [PHP] Noob question: Making search results clickable.
On Wed, 18 Nov 2009 10:31:59 -0500, Paul M Foster wrote:
Replace your query with:
SELECT title, id FROM videos WHERE topid1 = '$topic'
or whatever index you have to select a particular video from your
table.
Replace your echo statement above with:
echo a
href=video_display.php?video_id=$row[id]$row[title]/a;
Without actually checking, I don't think $row[...]
is going to work in double quoted strings. I'm pretty
sure it needs to be in braces. You also need to escape
the double quotes and put the array indexes in single
quotes:
You should have checked, because ...$row[title]... is a valid alternative
for ...{$row['title']}
Personally, I never use it because of it not having the same meaning outside
a double-quoted string -- but it is a documented feature.
yup, which sucks and breaks at the drop of a hat, like..
?php
$a = array();
$a['val id'] = 123;
echo something $a[val id] and more;
produces: parse error, expecting `']''
best avoided imho
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
On Wed, 18 Nov 2009 10:31:59 -0500, Paul M Foster wrote:
Replace your query with:
SELECT title, id FROM videos WHERE topid1 = '$topic'
or whatever index you have to select a particular video from your table.
Replace your echo statement above with:
echo a href=video_display.php?video_id=$row[id]$row[title]/a;
Without actually checking, I don't think $row[...]
is going to work in double quoted strings. I'm pretty
sure it needs to be in braces. You also need to escape
the double quotes and put the array indexes in single
quotes:
echo a
href=\video_display.php?video_id={$row['id']}\{$row['title']}/a;
Personally, I prefer something like this:
$id = $row['id']; /* No urlencode(), assuming numerical id */
$title_h = htmlspecialchars ($row['title']);
echo a href=\video_display.php?video_id=$id\$title_h/a;
or (somewhat cleaner):
echo _
a href=video_display.php?video_id=$id$title_h/a
_;
/Nisse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
On Thu, Nov 19, 2009 at 03:53:55PM +0100, Nisse Engström wrote:
On Wed, 18 Nov 2009 10:31:59 -0500, Paul M Foster wrote:
Replace your query with:
SELECT title, id FROM videos WHERE topid1 = '$topic'
or whatever index you have to select a particular video from your table.
Replace your echo statement above with:
echo a href=video_display.php?video_id=$row[id]$row[title]/a;
Without actually checking, I don't think $row[...]
is going to work in double quoted strings. I'm pretty
sure it needs to be in braces. You also need to escape
the double quotes and put the array indexes in single
quotes:
echo a
href=\video_display.php?video_id={$row['id']}\{$row['title']}/a;
Ahem. You are correct. I should have escaped the double quotes. I've
*never* made this kind of mistake before. ;-}
Paul
--
Paul M. Foster
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
On Thu, 2009-11-19 at 10:09 -0500, Paul M Foster wrote:
On Thu, Nov 19, 2009 at 03:53:55PM +0100, Nisse Engström wrote:
On Wed, 18 Nov 2009 10:31:59 -0500, Paul M Foster wrote:
Replace your query with:
SELECT title, id FROM videos WHERE topid1 = '$topic'
or whatever index you have to select a particular video from your table.
Replace your echo statement above with:
echo a href=video_display.php?video_id=$row[id]$row[title]/a;
Without actually checking, I don't think $row[...]
is going to work in double quoted strings. I'm pretty
sure it needs to be in braces. You also need to escape
the double quotes and put the array indexes in single
quotes:
echo a
href=\video_display.php?video_id={$row['id']}\{$row['title']}/a;
Ahem. You are correct. I should have escaped the double quotes. I've
*never* made this kind of mistake before. ;-}
Paul
--
Paul M. Foster
Gonna go to PHP hell for that faux pas!
Thanks,
Ash
http://www.ashleysheridan.co.uk
Re: [PHP] Noob question: Making search results clickable.
On Thu, Nov 19, 2009 at 03:07:42PM +, Ashley Sheridan wrote: On Thu, 2009-11-19 at 10:09 -0500, Paul M Foster wrote: snip Ahem. You are correct. I should have escaped the double quotes. I've *never* made this kind of mistake before. ;-} Paul -- Paul M. Foster Gonna go to PHP hell for that faux pas! PHP Hell Characteristics: Endless pages of code *you* have to make work. Tons of PHP code embedded in HTML. Not an MVC in sight. Everything is full of misquoted variables. All variables are *slightly* misspelled. Every PHP page terminated with ? and then a couple more CRLF combinations, just to make sure you can't figure out why your pages won't display. No security checking of any POST or GET variables. In fact, all input is guaranteed to contain javascript fragments. Parameters in all PHP function calls are out of order. No access to php.net. And no XKCD.com. No caffeine. No nicotine. No pizza. The phone won't quit ringing, and you can't disconnect it. It's always customers asking for senseless and nonsensical modifications. If you're a vim user, you're forced to use emacs. If you're an emacs user, you have to use vim. And if you use an IDE, you're stuck with Microsoft Word. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Noob question: Making search results clickable.
-Original Message-
From: Nisse Engström [mailto:news.nospam.0ixbt...@luden.se]
Sent: 19 November 2009 14:54
To: php-general@lists.php.net
Subject: Re: [PHP] Noob question: Making search results clickable.
On Wed, 18 Nov 2009 10:31:59 -0500, Paul M Foster wrote:
Replace your query with:
SELECT title, id FROM videos WHERE topid1 = '$topic'
or whatever index you have to select a particular video from your
table.
Replace your echo statement above with:
echo a
href=video_display.php?video_id=$row[id]$row[title]/a;
Without actually checking, I don't think $row[...]
is going to work in double quoted strings. I'm pretty
sure it needs to be in braces. You also need to escape
the double quotes and put the array indexes in single
quotes:
You should have checked, because ...$row[title]... is a valid alternative for
...{$row['title']}
Personally, I never use it because of it not having the same meaning outside a
double-quoted string -- but it is a documented feature.
Cheers!
Mike
--
Mike Ford,
Electronic Information Developer, Libraries and Learning Innovation,
Leeds Metropolitan University, C507, Civic Quarter Campus,
Woodhouse Lane, LEEDS, LS1 3HE, United Kingdom
Email: m.f...@leedsmet.ac.uk
Tel: +44 113 812 4730
To view the terms under which this email is distributed, please go to
http://disclaimer.leedsmet.ac.uk/email.htm
Re: [PHP] Noob question: Making search results clickable.
On Thu, Nov 19, 2009 at 11:46 AM, Paul M Foster pa...@quillandmouse.com wrote: On Thu, Nov 19, 2009 at 03:07:42PM +, Ashley Sheridan wrote: On Thu, 2009-11-19 at 10:09 -0500, Paul M Foster wrote: snip Ahem. You are correct. I should have escaped the double quotes. I've *never* made this kind of mistake before. ;-} Paul -- Paul M. Foster Gonna go to PHP hell for that faux pas! PHP Hell Characteristics: Endless pages of code *you* have to make work. Tons of PHP code embedded in HTML. Not an MVC in sight. Everything is full of misquoted variables. All variables are *slightly* misspelled. Every PHP page terminated with ? and then a couple more CRLF combinations, just to make sure you can't figure out why your pages won't display. No security checking of any POST or GET variables. In fact, all input is guaranteed to contain javascript fragments. Parameters in all PHP function calls are out of order. No access to php.net. And no XKCD.com. No caffeine. No nicotine. No pizza. The phone won't quit ringing, and you can't disconnect it. It's always customers asking for senseless and nonsensical modifications. If you're a vim user, you're forced to use emacs. If you're an emacs user, you have to use vim. And if you use an IDE, you're stuck with Microsoft Word. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Aw, hell, I am already here thenthe only thing missing above was being forced to work in classic ASP -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
On Thu, 19 Nov 2009 17:02:53 -, Ford, Mike wrote:
-Original Message-
From: Nisse Engström [mailto:news.nospam.0ixbt...@luden.se]
Without actually checking, I don't think $row[...]
is going to work in double quoted strings. I'm pretty
sure it needs to be in braces. You also need to escape
the double quotes and put the array indexes in single
quotes:
You should have checked, because ...$row[title]... is a valid
alternative for ...{$row['title']}
I didn't know that. It never occured to me to *not*
use single quotes around the index...
Personally, I never use it because of it not having the same meaning
outside a double-quoted string -- but it is a documented feature.
Right. I always use braces (or dot-concatenation) for
anything beyond a simple variable name.
/Nisse
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
On Thu, 19 Nov 2009 15:07:42 +, Ashley Sheridan wrote: On Thu, 2009-11-19 at 10:09 -0500, Paul M Foster wrote: Ahem. You are correct. I should have escaped the double quotes. I've *never* made this kind of mistake before. ;-} Gonna go to PHP hell for that faux pas! I'll see you both there. :-) /Nisse -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
Paul Jinks wrote:
Hi all
I'm building a fairly basic php/mySql site but I'm running into
problems due to my total lack of experience. I have a database of
videos - each has a title, transcript, description and one or more
topics. So far I can search the database by topic (using a drop-down
menu), like this:
?php
$result = mysql_query(SELECT title FROM videos WHERE topic1= '$topic');
Hi - first up, make sure that you're passing clean input. It's worth
learning about security from the start. As you've mentioned below that
you're using PHP, you can do this by making sure $topic has been put
through mysql_real_escape_string() - it's not ideal, but it's better
than nothing[1].
while($row = mysql_fetch_array($result))
{
echo $row['title'];
echo br /;
}
?
What you'd probably be better doing is having something like this:
printf(a href='video_display.php?id=%s'%s/a, $row[id],
$row[title]);
And changing your query accordingly.
Obviously, you'd need video_display.php to accept GET input in the form
of id= as well.
Cheers,
Gary
[1] It's not a magic bullet in so far as it doesn't stop SQL injection.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
On Wed, Nov 18, 2009 at 03:04:13PM +, Paul Jinks wrote:
Hi all
I'm building a fairly basic php/mySql site but I'm running into
problems due to my total lack of experience. I have a database of
videos - each has a title, transcript, description and one or more
topics. So far I can search the database by topic (using a drop-down
menu), like this:
?php
$result = mysql_query(SELECT title FROM videos WHERE topic1= '$topic');
while($row = mysql_fetch_array($result))
{
echo $row['title'];
echo br /;
}
?
Basic, but it works. What I'd like now is to make the search results
clickable so clicking them leads to a page showing all the details of
that video. I have a page video_display.php set up, ready to display
the details from the database, but how do I connect the two?
Replace your query with:
SELECT title, id FROM videos WHERE topid1 = '$topic'
or whatever index you have to select a particular video from your table.
Replace your echo statement above with:
echo a href=video_display.php?video_id=$row[id]$row[title]/a;
Then ensure that video_display.php is set up to fetch the video whose ID
is passed to it via the GET parameter.
All this assumes I understood what you're getting at. Which is
questionable. ;-}
Paul
--
Paul M. Foster
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
Gary Smith wrote:
Paul Jinks wrote:
Hi all
I'm building a fairly basic php/mySql site but I'm running into
problems due to my total lack of experience. I have a database of
videos - each has a title, transcript, description and one or more
topics. So far I can search the database by topic (using a drop-down
menu), like this:
?php
$result = mysql_query(SELECT title FROM videos WHERE topic1= '$topic');
Hi - first up, make sure that you're passing clean input. It's worth
learning about security from the start. As you've mentioned below that
you're using PHP, you can do this by making sure $topic has been put
through mysql_real_escape_string() - it's not ideal, but it's better
than nothing[1].
while($row = mysql_fetch_array($result))
{
echo $row['title'];
echo br /;
}
?
What you'd probably be better doing is having something like this:
printf(a href='video_display.php?id=%s'%s/a, $row[id],
$row[title]);
And changing your query accordingly.
Obviously, you'd need video_display.php to accept GET input in the form
of id= as well.
For the first piece Gary has it right, but your query needs to include
the id also.
$result = mysql_query(SELECT id, title FROM videos WHERE topic1=
'$topic');
For the second piece, in video_display.php, you'd do something like this:
$id = (int)$_GET['id'];
$result = mysql_query(SELECT * FROM videos WHERE id=$id LIMIT 1);
if($result) {
$row = mysql_fetch_array($result);
echo $row['title'].br /;
echo $row['description'].br /;
echo $row['title'].br /;
// etc...
} else {
die(Invalid id);
}
--
Thanks!
-Shawn
http://www.spidean.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
Shawn McKenzie wrote: Gary Smith wrote: And changing your query accordingly. For the first piece Gary has it right, but your query needs to include the id also. Yeah, as I mentioned, he'd need to change the query accordingly, either to select id,title or select * Cheers, Gary -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Noob question: Making search results clickable.
Make sure to reply all...
Paul Jinks wrote:
Thanks to everyone for replying, it's much appreciated. Thanks
especially for the final piece of the puzzle, Shawn, I don't think I
was going to find it on my own - the display I have in mind is a
little different, but I think I can figure it out. Will check all this
out and let you know how I get on.
Paul
On Wed, Nov 18, 2009 at 3:33 PM, Shawn McKenzie nos...@mckenzies.net wrote:
Gary Smith wrote:
Paul Jinks wrote:
Hi all
I'm building a fairly basic php/mySql site but I'm running into
problems due to my total lack of experience. I have a database of
videos - each has a title, transcript, description and one or more
topics. So far I can search the database by topic (using a drop-down
menu), like this:
?php
$result = mysql_query(SELECT title FROM videos WHERE topic1= '$topic');
Hi - first up, make sure that you're passing clean input. It's worth
learning about security from the start. As you've mentioned below that
you're using PHP, you can do this by making sure $topic has been put
through mysql_real_escape_string() - it's not ideal, but it's better
than nothing[1].
while($row = mysql_fetch_array($result))
{
echo $row['title'];
echo br /;
}
?
What you'd probably be better doing is having something like this:
printf(a href='video_display.php?id=%s'%s/a, $row[id],
$row[title]);
And changing your query accordingly.
Obviously, you'd need video_display.php to accept GET input in the form
of id= as well.
For the first piece Gary has it right, but your query needs to include
the id also.
$result = mysql_query(SELECT id, title FROM videos WHERE topic1=
'$topic');
For the second piece, in video_display.php, you'd do something like this:
$id = (int)$_GET['id'];
$result = mysql_query(SELECT * FROM videos WHERE id=$id LIMIT 1);
if($result) {
$row = mysql_fetch_array($result);
echo $row['title'].br /;
echo $row['description'].br /;
echo $row['title'].br /;
// etc...
} else {
die(Invalid id);
}
--
Thanks!
-Shawn
http://www.spidean.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
