|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
Stay one step ahead of the competition. Evaluate and give feedback
on some of the hottest web development tools on the market today.
Make your opinion heard! Click
Here
|
|
#1
August 3rd, 2003, 06:15 AM
|
|||
|
|||
|
Help Urgently Php/mysql
Hi All:
I am designing a web page using PHP/MYSQL to allow user to input any query you want. I set a var to store the SQL query users input and then use mysql_query($var) to execute. But I will get error, if I run below: SELECT title,price FROM paper WHERE periodicity='weekly' ORDER BY price DESC Obviously, it runs well in command line. but if this statement is stored into a var, it will not work, just because the single quote can not be handled in variable. How can sort out the problem Anyone can help ME????? Thank you all
|
|
#2
August 3rd, 2003, 09:31 AM
|
|||
|
|||
|
Hi Andy,
You should be able to store your query in a variable like so: $var = "SELECT title, price FROM paper WHERE periodicity='weekly' ORDER BY price DESC" What does your code look like? Can you post the snipper that's giving you problems? Also, when testing your code, be sure to echo out the actual contents of $var, so that you can see how the PHP engine is receiving it.
__________________
____________________________________________ Developer Shed Weekly Writer | DevArticles Forum Moderator Build Your Own KlipFolio Klip With PHP FrankManno.com - Under Construction Design Interactive Group - Under Construction
|
|
#3
August 4th, 2003, 07:08 AM
|
||||
|
||||
|
Umm, and you might want to be careful about letting people execute whatever queries they want to. What if somebody types "DELETE FROM price" or "DROP TABLE price"? You should consider validating queries prior to submitting them to the mysql server (checking for vars that begin with DELETE or contain semicolons and additional text), and you should also make sure the database user your script logs in as has only the permissions it needs. (Chances are that it doesn't need DROP or ALTER, for example).
|
|
#5
August 4th, 2003, 08:20 AM
|
|||
|
|||
|
try this...
[PHP] <?php if($request) { $sql2 = mysql_query($sql) or die('Query Error'); // prob better to use $_GET['sql'] while ($row = mysql_fetch_object($sql2)) { // Do Some Output using $row-> and field name } } ?> <HTML> <HEAD> <TITLE>Sql Run</TITLE> </HEAD> <BODY> <FORM name="request" method="post" action="<?=$PHP_SELF?>"> <INPUT type="text" name="sql"> </FORM> </BODY> </HTML> I Think that should do it, but this is as long as you know what you want to output... Harvey
|
|
#6
August 4th, 2003, 09:46 AM
|
|||
|
|||
|
I set:
$var="select title,price FROM paper WHERE periodicity='weekly' ORDER BY price DESC" Then transfer the value to next page, I use echo $var It shows: select title,price FROM paper WHERE periodicity=\'weekly\' ORDER BY price DESC and inform me that there is error in \'weekly\' . How to sort out it?
|
|
#7
August 4th, 2003, 10:48 AM
|
|||
|
|||
|
try this...
$var = mysql_query("select title,price FROM paper WHERE periodicity='weekly' ORDER BY price DESC") or die ("Query Error:" . mysql_errno() . mysql_error()); You need to ensure that you specify your string into the mysql_query() function, so that it completes the query. Hope this helps... Harvey
|
|
#8
August 4th, 2003, 11:16 AM
|
||||
|
||||
|
You might also try using the stripslashes function to remove slashes from in front of the quotes. Those're what's actually giving your mysql server problems.
|
|
| Viewing: Dev Articles Community Forums > Databases > MySQL Development > Help Urgently Php/mysql |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
