Re: [PHP-DB] Inserting a ' into mySQL
use mysql_escape_string.
http://us3.php.net/manual/en/function.mysql-escape-string.php
Jon
Ron Piggott wrote:
I have begun to create a Christian Ministry Directory. It is on the
ministry web site I am building at
http://www.actsministries.org/ministrydirectory/ .
One of the problems I am now having is if the user types an ' into their
entry --- these ones do not get saved into the mySQL database.
The line of code that inserts into the mySQL database matches the web site
fields ---
INSERT INTO ministrydirectory VALUES ('$ministry_name', '$address_line_1',
'$address_line_2', '$city', '$province_state_county', '$country',
'$postal_zip_code', '$phone', '$fax', '$web_site', '$e_mail',
'$date_updated')";
I can look at this and understand that if an ' is keyed why it wouldn't save
and that line would create an error --- How do you work around this?
Ron
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] IP-Banning
Hi there, I'm writing a script that'll enable me to ban certain IP-addresses from a site, and i have a qouple of questions: 1. When inserting the IP into the database (probably MySQL), should i use the dotted- or the long-type? 2. What is the best way to ban IP ranges? -- Daniel Schierbeck -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] IP-Banning
On Mon, 2004-08-23 at 11:24, Daniel Schierbeck wrote: > Hi there, > I'm writing a script that'll enable me to ban certain IP-addresses from > a site, and i have a qouple of questions: > > 1.When inserting the IP into the database (probably MySQL), should > i use the dotted- or the long-type? ip2long() and long2ip() are useful in reducing the amount of data you must store. If you use those PHP functions a 15 char ip address string can be stored as a 4 byte signed int in MySQL, a savings of up to 11 bytes per address. Postgres has native types for IPs however. > 2.What is the best way to ban IP ranges? There are several packages in PEAR for use with IPs: http://pear.php.net/packages.php?catpid=16&catname=Networking -- Greg Donald -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] letting a table name be a constant
Hello,
Regarding this code:
[PHP code]
// This works
$name="name";
$table="mytable";
$mysql_connect("localhost","","") or die("Error: ".mysql_error());
$mysql_select_db("mydb") or die("Error: ".mysql_error());
$mysql_query("INSERT INTO $table (`id`,`name`) VALUES ('','$name')");
[/PHP code]
I want to define() TABLE as a constant instead of using the variable
$table
[PHP code]
// This runs without an error but does *not* insert a new row
$name="name";
define("TABLE", "mytable");
$mysql_connect("localhost","","") or die("Error: ".mysql_error());
$mysql_select_db("mydb") or die("Error: ".mysql_error());
$mysql_query("INSERT INTO TABLE (`id`,`name`) VALUES ('','$name')");
[/PHP code]
Changing the query line to
$mysql_query("INSERT INTO `TABLE` (`id`,`name`) VALUES ('','$name')");
or
$mysql_query("INSERT INTO 'TABLE' (`id`,`name`) VALUES ('','$name')");
has no effect.
I also tried to
define("TABLE", "`mytable`");
which, too, didn't work.
Would appreciate any advice,
Ben
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] letting a table name be a constant
On Mon, 23 Aug 2004 17:06:40 -0700, Ben Galin <[EMAIL PROTECTED]> wrote:
> Hello,
>
> Regarding this code:
> [PHP code]
>// This works
>$name="name";
>$table="mytable";
>$mysql_connect("localhost","","") or die("Error: ".mysql_error());
>$mysql_select_db("mydb") or die("Error: ".mysql_error());
>$mysql_query("INSERT INTO $table (`id`,`name`) VALUES ('','$name')");
> [/PHP code]
>
> I want to define() TABLE as a constant instead of using the variable
> $table
>
> [PHP code]
>// This runs without an error but does *not* insert a new row
>$name="name";
>define("TABLE", "mytable");
>$mysql_connect("localhost","","") or die("Error: ".mysql_error());
>$mysql_select_db("mydb") or die("Error: ".mysql_error());
>$mysql_query("INSERT INTO TABLE (`id`,`name`) VALUES ('','$name')");
> [/PHP code]
>
> Changing the query line to
>$mysql_query("INSERT INTO `TABLE` (`id`,`name`) VALUES ('','$name')");
Well, of course PHP isn't going to change your strings. That would be
a bit intrusive and make some things real hard to do. C won't even do
this. Here's what you want:
$mysql_query('INSERT INTO `'.TABLE.'` (`id`,`name`) VALUES ("","'.$name.'")');
> or
>$mysql_query("INSERT INTO 'TABLE' (`id`,`name`) VALUES ('','$name')");
> has no effect.
>
> I also tried to
>define("TABLE", "`mytable`");
> which, too, didn't work.
>
> Would appreciate any advice,
> Ben
>
--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder
paperCrane --Justin Patrin--
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] letting a table name be a constant
Ben Galin wrote:
I want to define() TABLE as a constant instead of using the variable $table
[PHP code]
// This runs without an error but does *not* insert a new row
$name="name";
define("TABLE", "mytable");
$mysql_connect("localhost","","") or die("Error: ".mysql_error());
$mysql_select_db("mydb") or die("Error: ".mysql_error());
$mysql_query("INSERT INTO TABLE (`id`,`name`) VALUES ('','$name')");
[/PHP code]
You can't have a constant in a string. You'd do it like this:
mysql_query("INSERT INTO " . TABLE . " (`id`,`name`) VALUES ('','$name')");
The other error you have, and I don't know how you think this code runs,
are the dollar signs before mysql_connect(), mysql_select_db() and
mysql_query() are not needed.
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] letting a table name be a constant
On Aug 23, 2004, at 8:12 PM, John Holmes wrote:
You can't have a constant in a string. You'd do it like this:
mysql_query("INSERT INTO " . TABLE . " (`id`,`name`) VALUES
('','$name')");
Thanks, John and Justin. Wasn't thinking about that.
The other error you have, and I don't know how you think this code
runs, are the dollar signs before mysql_connect(), mysql_select_db()
and mysql_query() are not needed.
You're right. It doesn't run. I retyped instead of copy-and-paste'd;
that's a typo.
Cheers,
Ben
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Tables
Hi everyone.
I'm new to PHP. And so I'm so keen on finding people who are willing to share their
knowledge with me.
I've generated forms containing text boxes, check boxes, text areas, drop boxes, radio
buttons & hidden fields as an HTML table with two columns, the first for the
desciption, the second, the field. I also have a final row for the Submit button.
I also have a function which takes an array of my field_commander objects as follows:
$fca = array(new field_commander("Yes, we would like to have our logo
featured:",40,"C","",$fld_count++),
new field_commander("Exhibiting Company Name:",40,"T","",$fld_count++),
new field_commander("Please list our company under the
alphabet:",40,"D",$a,$fld_count++));
new field_commander("",40,"R",$a,$fld_count++));
Now for the part which I have no idea as to how it can be done. When the form is
submitted, it should be processed to show a table that presents the data as text
instead of input controls. The table should be in a string - which is then printed,
i.e. do not print the parts directly.
I would very much appreciate it if you can show me some examples & furnish me with the
explanations.
Thanks & regards,
Hafidz
Re: [PHP-DB] letting a table name be a constant
On Tuesday 24 August 2004 08:18, Ben Galin wrote: > You're right. It doesn't run. I retyped instead of copy-and-paste'd; > that's a typo. Please, when you post code make sure they're verbatim by using copy & paste. That way people can focus on your actual problem rather than on your typos. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* The Marines: The few, the proud, the dead on the beach. */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] Re: Tables
1) 5$ :)
2) It`s not for php.db list
3) May be:
class field_commander
{
var $value;
var $name;
var ...
function field_commander($label, $width, $name, ...)
{
if (isset($_POST[$this->])) {
$this->echo_input();
} else {
$this->echo_entered_result();
}
}
...
function echo_input() {
...
}
function echo_entered_result() {
...
}
...
}
"Hafidz Abdullah" <[EMAIL PROTECTED]> ???/ ?
?: news:[EMAIL PROTECTED]
Hi everyone.
I'm new to PHP. And so I'm so keen on finding people who are willing to
share their knowledge with me.
I've generated forms containing text boxes, check boxes, text areas, drop
boxes, radio buttons & hidden fields as an HTML table with two columns, the
first for the desciption, the second, the field. I also have a final row for
the Submit button.
I also have a function which takes an array of my field_commander objects as
follows:
$fca = array(new field_commander("Yes, we would like to have our logo
featured:",40,"C","",$fld_count++),
new field_commander("Exhibiting Company
Name:",40,"T","",$fld_count++),
new field_commander("Please list our company under the
alphabet:",40,"D",$a,$fld_count++));
new field_commander("",40,"R",$a,$fld_count++));
Now for the part which I have no idea as to how it can be done. When the
form is submitted, it should be processed to show a table that presents the
data as text instead of input controls. The table should be in a string -
which is then printed, i.e. do not print the parts directly.
I would very much appreciate it if you can show me some examples & furnish
me with the explanations.
Thanks & regards,
Hafidz
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
