Re: [PHP-DB] use php variable within postgresql query
Meanwhile, you should probably use prepared statements to avoid SQL
injection.
On Mon, 12 Jun 2023 at 16:03, e-letter wrote:
> First, sorry for the mistake to type a sanitised version of code.
> Should have been:
> "$query=$_GET['databasecolumn'];"
>
> After some rtfm, confused as a non-computer-programmer why it is
> necessary to set the $_GET parameter.
>
> The overall simple scenario is to view a postgresql database in a
> series of html web pages of more details of data ("drill down"?).
>
> php code within html file 1:
> "
> $databasequery=pg_query($databaseconnection,'SELECT
> databasecolumn1,
> databasecolumn2 FROM databasetable');
> if (!$databasequery) {
> echo 'rubbish code';
> exit;
> }
> while
> ($databasequery1=pg_fetch_assoc($databasequery)) {
> echo '
> href="localfile.php?databasecolumn1='.$databasequery1['databasecolumn1'].'">'.$databasequery1['databasecolumn1'].'';
> echo ' '
> .$databasequery1['databasecolumn2'].'';
> ';
> }
> "
>
> The first html file shows successfully the a list of hyperlinks from
> the database, for tuples in 'databasecolumn1'. The desired behaviour
> is that the second html file shows another database query result for
> each tuple in the first html file, i.e. more detail from the database
> for each tuple in 'databasecolumn1'.
>
>
> php code within html file 2:
> "
> $databasequery2=pg_query($databasequery1);
> $databasequery3=pg_query("SELECT * FROM databasetable WHERE
> databasecolumn1='{$databasequery2['databasecolumn']}'");
> echo $databasequery3
> "
>
> The html file 2 shows:
> "
> resource id#3
> "
>
> The expected result was to show all columns for the row constraint
> (...WHERE ...)
>
> It seems that the use of a php variable within a postgresql query is
> not understood. What relevant terminology to read next please?
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
*Thanks In Advance,*
*Michael OKI*
*CBSA*
*Technologist*
*+34663549276*
*"Impossible Is Nothing"*
*Scan and share QR codes on the mycodescanner
<https://play.google.com/store/apps/details?id=com.inspirati.mycodescanner=en_US=US>app*
BTA Certified Blockchain Solution Architect & IEEE member
https://michaeloki.blogspot.com
Re: [PHP-DB] Bluefish for PHP
Simply install wamp server and save yourself from separate installation of MySQL,PHP,Apache server,phpMyAdmin and sqlite. Check the link below. http://wampserver.com On 23 August 2013 01:29, Ethan Rosenberg erosenb...@hygeiabiomedical.comwrote: Dear List - How do I configure Bluefish for PHP? I am running version 2.2.4 of Bluefish. TIA Ethan -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Bluefish for PHP
Install Komodo IDE or Adobe Dreamweaver. They'll highlight errors and warnings. On 23 August 2013 08:20, Lester Caine les...@lsces.co.uk wrote: Ethan Rosenberg wrote: Dear List - How do I configure Bluefish for PHP? I am running version 2.2.4 of Bluefish. I'd forgotten about bluefish. You should not need to do anything. PHP files are just processed as PHP? But it's more an HTML editor and geared to producing and verifying HTML so not as good when editing code. My Eclipse setup does a very similar job on the html/js and css so I've not used it in many years. I don't think the colour selections were very good if memory serves. -- Lester Caine - G8HFL - Contact - http://lsces.co.uk/wiki/?page=**contacthttp://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.**ukhttp://rainbowdigitalmedia.co.uk -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysql query
Try the insertion like this:
$sql2 = mysql_query(insert into Inventory (`UPC`
, `quant`, `manuf`, `item`, `orderpt`, `ordrpt_flag`, `stock`)
.values ('$upc', $qnt,'$mnf','$itm',
'$odrpt', '0', '$stk') ) or die(mysql_error());
On 22 August 2013 05:10, Daniel Krook kr...@us.ibm.com wrote:
Ethan,
What about:
$result2 = mysqli_query(cxn, $sql2);
Doesn't look like you're sending it a connection link as a variable ($cxn)
and that's passed through as a literal?
Thanks,
Daniel Krook
Software Engineer, Advanced Cloud Solutions, GTS
IBM Senior Certified IT Specialist - L3 Thought Leader
The Open Group Certified IT Specialist - L3 Distinguished
Cloud, Java, PHP, BlackBerry, DB2 Solaris Certified
Ethan Rosenberg erosenb...@hygeiabiomedical.com wrote on 08/21/2013
11:59:19 PM:
From: Ethan Rosenberg erosenb...@hygeiabiomedical.com
To: Daniel Krook/White Plains/IBM@IBMUS
Cc: PHP Database List php-db@lists.php.net
Date: 08/21/2013 11:59 PM
Subject: Re: [PHP-DB] mysql query
On 08/21/2013 11:30 PM, Daniel Krook wrote:
Ethan,
It's hard to tell from the code formatting in your email what the
exact problem might be, but a few reasons that this might fail in
PHP rather than when sent to MySQL with hardcoded values:
1. var_dump/print_r $_POST to see what you're getting as input is
what you expect (and sanitize!).
2. Check that the SQL statement concatenation in PHP is building
the string you're expecting. It looks like you're joining 2 strings
when defining $sql2 that doesn't leave a space between the close
parentheses and values. Compare this against what you're sending
on the command line.
3. Get rid of all single quotes... escape your double quotes where
needed. This will avoid any variable-in-string interpolation errors
and may help you find the issue with input data. Same with your echo
$sql2 statement... that's not going to give you the same thing as
the print_r below it.
Thanks,
Daniel Krook
Software Engineer, Advanced Cloud Solutions, GTS
IBM Senior Certified IT Specialist - L3 Thought Leader
The Open Group Certified IT Specialist - L3 Distinguished
Cloud, Java, PHP, BlackBerry, DB2 Solaris Certified
Ethan Rosenberg erosenb...@hygeiabiomedical.com wrote on 08/21/
2013 07:48:12 PM:
From: Ethan Rosenberg erosenb...@hygeiabiomedical.com
To: PHP Database List php-db@lists.php.net
Date: 08/21/2013 07:48 PM
Subject: [PHP-DB] mysql query
Dear List -
I can't figure this out
mysql describe Inventory;
+-+-+--+-+-+---+
| Field | Type| Null | Key | Default | Extra |
+-+-+--+-+-+---+
| UPC | varchar(14) | YES | | NULL | |
| quant | int(5) | NO | | NULL | |
| manuf | varchar(20) | YES | | NULL | |
| item| varchar(50) | YES | | NULL | |
| orderpt | tinyint(4) | NO | | NULL | |
| ordrpt_flag | tinyint(3) | YES | | NULL | |
| stock | int(3) | YES | | NULL | |
+-+-+--+-+-+---+
Here are code snippets -
$upc = $_SESSION['UPC'];
$qnt = $_POST['quant'];
$mnf = $_POST['manuf'];
$itm = $_POST['item'];
$odrpt = $_POST['oderpt'];
$opf = $_POST['ordrpt_flag'];
$stk= $_POST['stock'];
$sql2 = insert into Inventory (UPC, quant,
manuf, item, orderpt, ordrpt_flag, stock)
.values ('$upc', $qnt,'$mnf','$itm',
odrpt, 0, $stk);
$result2 = mysqli_query(cxn, $sql2);
echo '$sql2br /';
print_r($sql2);
echo br /$upc $qnt $mnf $itm $odrpt $opf
$stkkbr /;
if (!$result2)
die('Could not enter data: ' .
mysqli_error());
The mysql query fails. I cannot figure out why. It works from the
command line.
TIA
Ethan
Daniel -
Thanks.
Tried all your suggestions.
Sorry, no luck.
Ethan
Re: [PHP-DB] Re: Problem with query
I'm sorry I've not been following the last three responses. In a nutshell,
what EXACTLY does the poster of this issue want?
On 25 June 2013 11:06, Toby Hart Dyke t...@hartdyke.com wrote:
What Jim means is here in the manual:
http://www.php.net/manual/en/**language.types.array.php#**
language.types.array.dontshttp://www.php.net/manual/en/language.types.array.php#language.types.array.donts
In a nutshell:
Always use quotes around a string literal array index. For example,
/$foo['bar']/ is correct, while /$foo[bar]/ is not.
The reason is that without the quotes, you are generating an undefined
constant (bar) rather than using a string index ('bar'). It works, but
could have side effects in the future, so it's bad form to do it.
As for general politeness, you seem to be unaware of recent history in
this (an associated) groups. The OP has often committed the ultimate sine.
Not posting slightly wild code (we've all been/are there!) He doesn't seem
to listen or learn too well. Many posters (including Jim) have offered a
lot of of extremely good (and detailed) advice which seems to be rarely
taken...
Toby
On 6/25/2013 7:32 AM, OJFR wrote:
Yeah, Jim, please explain what u mean by Per the manual, associative
arrays
using string indices should always use ' ' around them. They work (as
mentioned in the manual) but are wrong. As long as I remember I could
use
associative arrays in that way (ex. $_SESSION['Cust_Num']). There's
another
way to do that using string indices? Why do you say it's wrong? It's
obsolete?
I would like to make a call to all the members of this mailing list:
knowledge is a wonderful gift so, why we don't share it politely and
efficiency. Jim, I will take you as an example. You start saying Against
my better judgement, here I go again.
Re: [PHP-DB] Re: AJAX/Javascript??
Create a form and add a submit button that will run a php file.
The SQL query in the php file will have something like
SELECT custName FROM table WHERE lname='$lname';
This will come after you have retrieved the data from a form like this
$lname = $_POST['lname'];
On 10 February 2013 15:45, Jim Giner jim.gi...@albanyhandball.com wrote:
On 2/9/2013 10:51 PM, Ethan Rosenberg, PhD wrote:
I know that this might be an Ajax/Javascript question. Hopefully you
can help. I do not know of any other source for good info.
I would like to be able to click on one field in a table, and retrieve
the data in another field. Here is the information:
The table is:
+--+--**+--+-+-+--**-+
| Field| Type | Null | Key | Default | Extra |
+--+--**+--+-+-+--**-+
| Cust_Num | smallint(5) unsigned | NO | PRI | NULL| |
| Fname| varchar(25) | NO | | NULL| |
| Lname| varchar(25) | NO | | NULL| |
| Street | varchar(25) | NO | | NULL| |
| City | varchar(25) | NO | | NULL| |
| State| varchar(2) | NO | | NULL| |
| Zip | mediumint(9) | NO | | NULL| |
| Phone| int(10) | NO | | NULL| |
| Date | date | NO | | NULL| |
| Notes| text | YES | | NULL| |
| P1 | int(3) | YES | | NULL| |
| P2 | int(3) | YES | | NULL| |
| P3 | int(4) | YES | | NULL| |
+--+--**+--+-+-+--**-+
Click on Lname and retrieve the Cust_Num.
Here is the sql query that will be used:
$sql12 = 'SELECT Cust_Num, Fname, Lname, Street, City, State, Zip,
Phone, Notes FROM Customers WHERE Cust_Num = $_POST['Cust_Num'];
[I'm actually doing this w/ prepared statements]
$i = 0;
do
{
{
$vara2 = array(array($Cust_Num, $Fname,
$Lname, $Street, $City, $State, $Zip, $Phone, $Notes));
$vara2[$i][0]= $Cust_Num;
$vara2[$i][1]= $Fname;
$vara2[$i][2]= $Lname;
$vara2[$i][3]= $Street;
$vara2[$i][4]= $City;
$vara2[$i][5]= $State;
$vara2[$i][6]= $Zip;
$vara2[$i][7]= $Phone;
$vara2[$i][8]= $Notes;
$_SESSION['exe'] = 2;
?
tr
td class=cn ?php echo $vara2[$i][0]? /td
td ?php echo $vara2[$i][1]? /td
tdclass=ln ?php echo $vara2[$i][2]? /td
td ?php echo $vara2[$i][3]? /td
td ?php echo $vara2[$i][4]? /td
td ?php echo $vara2[$i][5]? /td
td ?php echo $vara2[$i][6]? /td
td ?php echo $vara2[$i][7]? /td
td class=first-col?php echo $vara2[$i][8] ?/td
?php
echo /tr\n;
$i = $i + 1;
}
} while (mysqli_stmt_fetch($stmt)); //end
do-while
$imax = $i;
echo /table;
echo /center;
}//end count($errors_array)
Any ideas?
Eitan
I'm not sure what you are going to do with the customer number when you
get it since you are outside of php but here's one way of getting it on the
fly:
As you build your html table wtih php, assign an id to the name fields and
the custno fields, such as 'id=name1' id='name2', etc. and 'id=cust1',
'it=cust2' and so on.
On the name field also add an onclick=getCustNo($i) where $i has the value
of the id value. Then write a javascript function like:
function getCustNo(id)
{
var cno = cust+id;
var cname = name+id;
namefld = document.getElementById(cname)**.value;
custno = document.getElementById(cno).**value;
alert(Customer +namefld+ has customer number +custno);
return;
}
As I said - I don't know what you think you are going to do now but you
got it.
PS - I might have used .value when it should be .innerHTML in the js
code. You'll have to experiment.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
