|
|
|
|
|
|
| Author |
Message |
Jerry Stuckle
*nix forums Guru
Joined: 24 Feb 2005
Posts: 1515
|
 Posted: Thu Jul 20, 2006 12:41 pm Post subject:
Re: New to php and MySQL
|
|
|
tallalex85@gmail.com wrote:
| Quote: | Hi,
I'm quite new to MySQL and php so please go easy. Thanks!
I'm trying to design a very basic php script which displays the
contents of the table, then I want to enable the user to filter out
certain results. So I went about writing a MySQL query something like
.....WHERE gender="$gender" AND group="$group" and then wrote a
form which sets the variables $gender and $group. Now is there a way of
setting $gender and $group to something that would display the whole
table?
And is this the right way of going about this? Or is there a better
way... Infact does anyone know of a good site that might guide me in
creating such a script?
Thanks
Alex
|
Alternatively, check to see if $gender and $group are set. Build your
query dynamically and only use them if they are set, i.e. (Assumes
gender and query are strings):
$genset = false;
$query = 'SELECT ...';
if (isset($gender)) { // Or however you wish to test
$query .= " WHERE gender='$gender'";
$genset = true;
}
if (isset($group)) {
if ($genset) {
$query .= " AND ";
else
$query .= " WHERE ";
$query .= "group='$group'";
}
Or something similar.
And yes, you do need to ensure $gender and $group are validated to
prevent SQL injection attacks.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
================== |
|
| Back to top |
|
 |
Erwin Moller
*nix forums Guru
Joined: 22 Feb 2005
Posts: 651
|
| Posted: Thu Jul 20, 2006 11:40 am Post subject:
Re: New to php and MySQL
|
|
|
Alex wrote:
| Quote: | That's sounds like exactly what I needed! I'll try that out now.
Thanks very much.
Alex
|
Alex, A serious warning: SQL_injection.
Make sure you understand how The Bad Guys try to inject stuff into your
queries and take over your database.
If you receive a searchterm freom a form, and proceed like this, you might
get into trouble:
$firstName = $_POST["firstName"];
$SQL = "SELECT firstname, lastname from tblusers WHERE ";
$SQL .= " (lastname LIKE '%".$firstName."%'); ";
etc. etc
Now the $firstName variable could contain possible something very nasty you
didn't expect, like:
%'); DELETE FROM tbluser; etc
If you execute that query, you might find out your tbluser is empty..
If you are new to PHP and SQL, make sure you understand SQL-injection, and
prepare yourself.
Have a look at functions like addslashes() and check php.ini for things like
gpc_magic_quotes, etc
Best of luck!
Regards,
Erwin Moller |
|
| Back to top |
|
|
tallalex85@gmail.com
*nix forums beginner
Joined: 20 Jul 2006
Posts: 2
|
| Posted: Thu Jul 20, 2006 10:54 am Post subject:
Re: New to php and MySQL
|
|
|
That's sounds like exactly what I needed! I'll try that out now.
Thanks very much.
Alex
Geoff Berrow wrote:
| Quote: | Message-ID: <1153390889.552937.42770@p79g2000cwp.googlegroups.com> from
tallalex85@gmail.com contained the following:
I'm trying to design a very basic php script which displays the
contents of the table, then I want to enable the user to filter out
certain results. So I went about writing a MySQL query something like
.....WHERE gender="$gender" AND group="$group" and then wrote a
form which sets the variables $gender and $group. Now is there a way of
setting $gender and $group to something that would display the whole
table?
And is this the right way of going about this? Or is there a better
way... Infact does anyone know of a good site that might guide me in
creating such a script?
If you want to do this you'd probably be better of using the keyword
LIKE and the wildcard (%) instead of the = sign alone
for instance
WHERE gender LIKE "$gender%"
would match 'male' if you input 'm', 'ma', 'mal' or 'male'
If it doesn't contain anything you would get all records.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/ |
|
|
| Back to top |
|
|
Geoff Berrow
*nix forums Guru
Joined: 19 Feb 2005
Posts: 491
|
| Posted: Thu Jul 20, 2006 10:44 am Post subject:
Re: New to php and MySQL
|
|
|
Message-ID: <1153390889.552937.42770@p79g2000cwp.googlegroups.com> from
tallalex85@gmail.com contained the following:
| Quote: |
I'm trying to design a very basic php script which displays the
contents of the table, then I want to enable the user to filter out
certain results. So I went about writing a MySQL query something like
.....WHERE gender="$gender" AND group="$group" and then wrote a
form which sets the variables $gender and $group. Now is there a way of
setting $gender and $group to something that would display the whole
table?
And is this the right way of going about this? Or is there a better
way... Infact does anyone know of a good site that might guide me in
creating such a script?
|
If you want to do this you'd probably be better of using the keyword
LIKE and the wildcard (%) instead of the = sign alone
for instance
WHERE gender LIKE "$gender%"
would match 'male' if you input 'm', 'ma', 'mal' or 'male'
If it doesn't contain anything you would get all records.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/ |
|
| Back to top |
|
|
Nyoka
*nix forums beginner
Joined: 20 Jul 2006
Posts: 2
|
| Posted: Thu Jul 20, 2006 10:39 am Post subject:
Re: New to php and MySQL
|
|
|
If you change your SQL to the form WHERE gender LIKE '$gender' then you
can make use of the mySQL wildcard '%' to get all results.
tallalex85@gmail.com wrote:
| Quote: | Hi,
I'm quite new to MySQL and php so please go easy. Thanks!
I'm trying to design a very basic php script which displays the
contents of the table, then I want to enable the user to filter out
certain results. So I went about writing a MySQL query something like
.....WHERE gender="$gender" AND group="$group" and then wrote a
form which sets the variables $gender and $group. Now is there a way of
setting $gender and $group to something that would display the whole
table?
And is this the right way of going about this? Or is there a better
way... Infact does anyone know of a good site that might guide me in
creating such a script?
Thanks
Alex |
|
|
| Back to top |
|
|
tallalex85@gmail.com
*nix forums beginner
Joined: 20 Jul 2006
Posts: 2
|
| Posted: Thu Jul 20, 2006 10:21 am Post subject:
New to php and MySQL
|
|
|
Hi,
I'm quite new to MySQL and php so please go easy. Thanks!
I'm trying to design a very basic php script which displays the
contents of the table, then I want to enable the user to filter out
certain results. So I went about writing a MySQL query something like
......WHERE gender="$gender" AND group="$group" and then wrote a
form which sets the variables $gender and $group. Now is there a way of
setting $gender and $group to something that would display the whole
table?
And is this the right way of going about this? Or is there a better
way... Infact does anyone know of a good site that might guide me in
creating such a script?
Thanks
Alex |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Thu Dec 04, 2008 4:00 am | All times are GMT
|
|
Coin Community | Company Reports | Online Loans | Loans | Computer Forums
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Programming
»
PHP
