Re: [PHP-DB] use php variable within postgresql query
Meanwhile, you should probably use prepared statements to avoid SQL injection. On Mon, 12 Jun 2023 at 16:03, e-letter wrote: > First, sorry for the mistake to type a sanitised version of code. > Should have been: > "$query=$_GET['databasecolumn'];" > > After some rtfm, confused as a non-computer-programmer why it is > necessary to set the $_GET parameter. > > The overall simple scenario is to view a postgresql database in a > series of html web pages of more details of data ("drill down"?). > > php code within html file 1: > " > $databasequery=pg_query($databaseconnection,'SELECT > databasecolumn1, > databasecolumn2 FROM databasetable'); > if (!$databasequery) { > echo 'rubbish code'; > exit; > } > while > ($databasequery1=pg_fetch_assoc($databasequery)) { > echo ' > href="localfile.php?databasecolumn1='.$databasequery1['databasecolumn1'].'">'.$databasequery1['databasecolumn1'].''; > echo ' ' > .$databasequery1['databasecolumn2'].''; > '; > } > " > > The first html file shows successfully the a list of hyperlinks from > the database, for tuples in 'databasecolumn1'. The desired behaviour > is that the second html file shows another database query result for > each tuple in the first html file, i.e. more detail from the database > for each tuple in 'databasecolumn1'. > > > php code within html file 2: > " > $databasequery2=pg_query($databasequery1); > $databasequery3=pg_query("SELECT * FROM databasetable WHERE > databasecolumn1='{$databasequery2['databasecolumn']}'"); > echo $databasequery3 > " > > The html file 2 shows: > " > resource id#3 > " > > The expected result was to show all columns for the row constraint > (...WHERE ...) > > It seems that the use of a php variable within a postgresql query is > not understood. What relevant terminology to read next please? > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- *Thanks In Advance,* *Michael OKI* *CBSA* *Technologist* *+34663549276* *"Impossible Is Nothing"* *Scan and share QR codes on the mycodescanner <https://play.google.com/store/apps/details?id=com.inspirati.mycodescanner=en_US=US>app* BTA Certified Blockchain Solution Architect & IEEE member https://michaeloki.blogspot.com
Re: [PHP-DB] Bluefish for PHP
Simply install wamp server and save yourself from separate installation of MySQL,PHP,Apache server,phpMyAdmin and sqlite. Check the link below. http://wampserver.com On 23 August 2013 01:29, Ethan Rosenberg erosenb...@hygeiabiomedical.comwrote: Dear List - How do I configure Bluefish for PHP? I am running version 2.2.4 of Bluefish. TIA Ethan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Bluefish for PHP
Install Komodo IDE or Adobe Dreamweaver. They'll highlight errors and warnings. On 23 August 2013 08:20, Lester Caine les...@lsces.co.uk wrote: Ethan Rosenberg wrote: Dear List - How do I configure Bluefish for PHP? I am running version 2.2.4 of Bluefish. I'd forgotten about bluefish. You should not need to do anything. PHP files are just processed as PHP? But it's more an HTML editor and geared to producing and verifying HTML so not as good when editing code. My Eclipse setup does a very similar job on the html/js and css so I've not used it in many years. I don't think the colour selections were very good if memory serves. -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=**contacthttp://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.**ukhttp://rainbowdigitalmedia.co.uk -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql query
Try the insertion like this: $sql2 = mysql_query(insert into Inventory (`UPC` , `quant`, `manuf`, `item`, `orderpt`, `ordrpt_flag`, `stock`) .values ('$upc', $qnt,'$mnf','$itm', '$odrpt', '0', '$stk') ) or die(mysql_error()); On 22 August 2013 05:10, Daniel Krook kr...@us.ibm.com wrote: Ethan, What about: $result2 = mysqli_query(cxn, $sql2); Doesn't look like you're sending it a connection link as a variable ($cxn) and that's passed through as a literal? Thanks, Daniel Krook Software Engineer, Advanced Cloud Solutions, GTS IBM Senior Certified IT Specialist - L3 Thought Leader The Open Group Certified IT Specialist - L3 Distinguished Cloud, Java, PHP, BlackBerry, DB2 Solaris Certified Ethan Rosenberg erosenb...@hygeiabiomedical.com wrote on 08/21/2013 11:59:19 PM: From: Ethan Rosenberg erosenb...@hygeiabiomedical.com To: Daniel Krook/White Plains/IBM@IBMUS Cc: PHP Database List php-db@lists.php.net Date: 08/21/2013 11:59 PM Subject: Re: [PHP-DB] mysql query On 08/21/2013 11:30 PM, Daniel Krook wrote: Ethan, It's hard to tell from the code formatting in your email what the exact problem might be, but a few reasons that this might fail in PHP rather than when sent to MySQL with hardcoded values: 1. var_dump/print_r $_POST to see what you're getting as input is what you expect (and sanitize!). 2. Check that the SQL statement concatenation in PHP is building the string you're expecting. It looks like you're joining 2 strings when defining $sql2 that doesn't leave a space between the close parentheses and values. Compare this against what you're sending on the command line. 3. Get rid of all single quotes... escape your double quotes where needed. This will avoid any variable-in-string interpolation errors and may help you find the issue with input data. Same with your echo $sql2 statement... that's not going to give you the same thing as the print_r below it. Thanks, Daniel Krook Software Engineer, Advanced Cloud Solutions, GTS IBM Senior Certified IT Specialist - L3 Thought Leader The Open Group Certified IT Specialist - L3 Distinguished Cloud, Java, PHP, BlackBerry, DB2 Solaris Certified Ethan Rosenberg erosenb...@hygeiabiomedical.com wrote on 08/21/ 2013 07:48:12 PM: From: Ethan Rosenberg erosenb...@hygeiabiomedical.com To: PHP Database List php-db@lists.php.net Date: 08/21/2013 07:48 PM Subject: [PHP-DB] mysql query Dear List - I can't figure this out mysql describe Inventory; +-+-+--+-+-+---+ | Field | Type| Null | Key | Default | Extra | +-+-+--+-+-+---+ | UPC | varchar(14) | YES | | NULL | | | quant | int(5) | NO | | NULL | | | manuf | varchar(20) | YES | | NULL | | | item| varchar(50) | YES | | NULL | | | orderpt | tinyint(4) | NO | | NULL | | | ordrpt_flag | tinyint(3) | YES | | NULL | | | stock | int(3) | YES | | NULL | | +-+-+--+-+-+---+ Here are code snippets - $upc = $_SESSION['UPC']; $qnt = $_POST['quant']; $mnf = $_POST['manuf']; $itm = $_POST['item']; $odrpt = $_POST['oderpt']; $opf = $_POST['ordrpt_flag']; $stk= $_POST['stock']; $sql2 = insert into Inventory (UPC, quant, manuf, item, orderpt, ordrpt_flag, stock) .values ('$upc', $qnt,'$mnf','$itm', odrpt, 0, $stk); $result2 = mysqli_query(cxn, $sql2); echo '$sql2br /'; print_r($sql2); echo br /$upc $qnt $mnf $itm $odrpt $opf $stkkbr /; if (!$result2) die('Could not enter data: ' . mysqli_error()); The mysql query fails. I cannot figure out why. It works from the command line. TIA Ethan Daniel - Thanks. Tried all your suggestions. Sorry, no luck. Ethan
Re: [PHP-DB] Re: Problem with query
I'm sorry I've not been following the last three responses. In a nutshell, what EXACTLY does the poster of this issue want? On 25 June 2013 11:06, Toby Hart Dyke t...@hartdyke.com wrote: What Jim means is here in the manual: http://www.php.net/manual/en/**language.types.array.php#** language.types.array.dontshttp://www.php.net/manual/en/language.types.array.php#language.types.array.donts In a nutshell: Always use quotes around a string literal array index. For example, /$foo['bar']/ is correct, while /$foo[bar]/ is not. The reason is that without the quotes, you are generating an undefined constant (bar) rather than using a string index ('bar'). It works, but could have side effects in the future, so it's bad form to do it. As for general politeness, you seem to be unaware of recent history in this (an associated) groups. The OP has often committed the ultimate sine. Not posting slightly wild code (we've all been/are there!) He doesn't seem to listen or learn too well. Many posters (including Jim) have offered a lot of of extremely good (and detailed) advice which seems to be rarely taken... Toby On 6/25/2013 7:32 AM, OJFR wrote: Yeah, Jim, please explain what u mean by Per the manual, associative arrays using string indices should always use ' ' around them. They work (as mentioned in the manual) but are wrong. As long as I remember I could use associative arrays in that way (ex. $_SESSION['Cust_Num']). There's another way to do that using string indices? Why do you say it's wrong? It's obsolete? I would like to make a call to all the members of this mailing list: knowledge is a wonderful gift so, why we don't share it politely and efficiency. Jim, I will take you as an example. You start saying Against my better judgement, here I go again.
Re: [PHP-DB] Re: AJAX/Javascript??
Create a form and add a submit button that will run a php file. The SQL query in the php file will have something like SELECT custName FROM table WHERE lname='$lname'; This will come after you have retrieved the data from a form like this $lname = $_POST['lname']; On 10 February 2013 15:45, Jim Giner jim.gi...@albanyhandball.com wrote: On 2/9/2013 10:51 PM, Ethan Rosenberg, PhD wrote: I know that this might be an Ajax/Javascript question. Hopefully you can help. I do not know of any other source for good info. I would like to be able to click on one field in a table, and retrieve the data in another field. Here is the information: The table is: +--+--**+--+-+-+--**-+ | Field| Type | Null | Key | Default | Extra | +--+--**+--+-+-+--**-+ | Cust_Num | smallint(5) unsigned | NO | PRI | NULL| | | Fname| varchar(25) | NO | | NULL| | | Lname| varchar(25) | NO | | NULL| | | Street | varchar(25) | NO | | NULL| | | City | varchar(25) | NO | | NULL| | | State| varchar(2) | NO | | NULL| | | Zip | mediumint(9) | NO | | NULL| | | Phone| int(10) | NO | | NULL| | | Date | date | NO | | NULL| | | Notes| text | YES | | NULL| | | P1 | int(3) | YES | | NULL| | | P2 | int(3) | YES | | NULL| | | P3 | int(4) | YES | | NULL| | +--+--**+--+-+-+--**-+ Click on Lname and retrieve the Cust_Num. Here is the sql query that will be used: $sql12 = 'SELECT Cust_Num, Fname, Lname, Street, City, State, Zip, Phone, Notes FROM Customers WHERE Cust_Num = $_POST['Cust_Num']; [I'm actually doing this w/ prepared statements] $i = 0; do { { $vara2 = array(array($Cust_Num, $Fname, $Lname, $Street, $City, $State, $Zip, $Phone, $Notes)); $vara2[$i][0]= $Cust_Num; $vara2[$i][1]= $Fname; $vara2[$i][2]= $Lname; $vara2[$i][3]= $Street; $vara2[$i][4]= $City; $vara2[$i][5]= $State; $vara2[$i][6]= $Zip; $vara2[$i][7]= $Phone; $vara2[$i][8]= $Notes; $_SESSION['exe'] = 2; ? tr td class=cn ?php echo $vara2[$i][0]? /td td ?php echo $vara2[$i][1]? /td tdclass=ln ?php echo $vara2[$i][2]? /td td ?php echo $vara2[$i][3]? /td td ?php echo $vara2[$i][4]? /td td ?php echo $vara2[$i][5]? /td td ?php echo $vara2[$i][6]? /td td ?php echo $vara2[$i][7]? /td td class=first-col?php echo $vara2[$i][8] ?/td ?php echo /tr\n; $i = $i + 1; } } while (mysqli_stmt_fetch($stmt)); //end do-while $imax = $i; echo /table; echo /center; }//end count($errors_array) Any ideas? Eitan I'm not sure what you are going to do with the customer number when you get it since you are outside of php but here's one way of getting it on the fly: As you build your html table wtih php, assign an id to the name fields and the custno fields, such as 'id=name1' id='name2', etc. and 'id=cust1', 'it=cust2' and so on. On the name field also add an onclick=getCustNo($i) where $i has the value of the id value. Then write a javascript function like: function getCustNo(id) { var cno = cust+id; var cname = name+id; namefld = document.getElementById(cname)**.value; custno = document.getElementById(cno).**value; alert(Customer +namefld+ has customer number +custno); return; } As I said - I don't know what you think you are going to do now but you got it. PS - I might have used .value when it should be .innerHTML in the js code. You'll have to experiment. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php