|
PHP - Store Query Strings In Mysql Database
I am building a project that requires I store query strings in a table (stage_reqs) which are called to determine permissions. These strings will look something like this:
Code: [Select] select salesman from jobs where salesman is not NULL and job_id='".$this->job_id."' limit 1 The variable value needs to be determined from within the function it is being accessed in. Can I use eval to do this? Thanks, Chris Similar TutorialsHi, how do I store as a string (in a variable) a mysql query b/c what I'm doing below outputs Resource id in client browser: Code: [Select] <?php //database connection set up etc $show=mysql_query("SELECT file_Name FROM xdocument WHERE doc_id=95"); print $show; ?> Any help much appreciated, thanks. Hi, I have this form which will create a checkbox list using data from my database and also determin if a checkbox had been checked before and check if it had. <form style="text-align:center" name="PrefRestaurant" id="PrefRestaurant" action="preferances_check.php" method="post"><table align="center"> <?php checkbox(id, name, restaurants, id); ?></table> <input type="submit" name="Prefer" id="Prefer" value="Επιλογή"/></form> function checkbox($intIdField, $strNameField, $strTableName, $strOrderField, $strMethod="asc") { $strQuery = "select $intIdField, $strNameField from $strTableName order by $strOrderField $strMethod"; $rsrcResult = mysql_query($strQuery); while ($arrayRow = mysql_fetch_assoc($rsrcResult)) { $testqry = "SELECT * FROM user_restaurant WHERE user_id = $_SESSION[UserId] AND restaurant_id = $arrayRow[id]"; $rsltestqry = mysql_query($testqry); $numrows = mysql_num_rows($rsltestqry); if ($numrows == 1) { echo "<tr align=\"left\"><td><input type=\"checkbox\" name=\"restaurant[]\" value=\"$arrayRow[id]\" checked/>$arrayRow[name]</td></tr>"; } else{ echo "<tr align=\"left\"><td><input type=\"checkbox\" name=\"restaurant[]\" value=\"$arrayRow[id]\" />$arrayRow[name]</td></tr>"; } } } Now the part which I can't get to work is when I'm trying to store the new values in my database. When I click the submit button I clear my database of any row that is related to the currently loggedin user and I want to store his new preferences (checked cheboxes). I've read that only the cheked checkboxes' values are POSTed so I did this (preferances_check.php) foreach($_POST['restaurant'] as $value) { $query="INSERT INTO user_restaurant VALUES ('$_SESSION[UserId]','$value')"; } But it is not working, nothing gets written in my table Could someone please enlighten me on this? Thnks! Hi Guys, I have been contacted by a client who wants me to develop an application which performs the following functionality: Lets say the domain name is xyz.com . We provide an email of our domain to the person who signup on our website for our services. Lets say the email that is given to the customer is email@xyz.com The client wants to built PHP application in which if an email is sent to email@xyz.com it gets downloaded and is stored in the MySql Database. After the download there is going to be a set of algorithms which will decided whether to forward this email to the client or not on his email address. I have no idea how to accomplish this functionality. Any suggestions would be appreciated. Thanks Sadan Masroor. I have posted one set of values into my database and it worked fine but when i input another set they wont go inside unless i changes the value of the primary index colum. I want to be able to insert a new values regardless of the primary index value. Any idears...? Say a user puts in a support request, and for every request it generates a unqiue string, and enters it into the database. Ok, now say there is a text field, when the user enters their unique string and it finds a match, it displays the data along with it. How can I accomplish this? Im kind of new to mysql, but I know basic SQL. Would be great if somebody could point me in the right direction! Thanks Hi All, First time posting here. I've googled the problem, but can't seem to find a response that's the same. All I want to do is have a list of id numbers and for each id number in the array, submit a MySQL query to retrieve information relating to the id number. When I execute the code below however, I end up with only the last item in the array being printed in the echo statement. Any clues? Thanks, Code: [Select] // get array of ids $ids = getIDs($ids); // loop through input list foreach ($ids as &$id) { getVarDetails($id); } function getVarDetails($local) { $con = mysql_connect('localhost:3306', 'root', '********'); if (!$con) { die('Could not connect: ' . mysql_error()); } // set database as Ensembl mysql_select_db("Ensembl", $con); $result = mysql_query("SELECT * FROM variations WHERE name = '$local' LIMIT 1"); $row = mysql_fetch_array($result) while($row = mysql_fetch_array($result)) { echo $row['name'] . " " . $row['id']; echo "<br />"; } // close connection mysql_close($con); } I have a form on our website that a user can fill out for custom product. I want the form data to be 1) stored into a mysql database AND after storing said data, 2) email the same data to our sales department. 1) The form data DOES get stored into mysql database (except for the first two fields, for some weird reason) 2) I added a "mail" section to the php file that stores the data into the database, but it is not working correctly. I have stripped the email portion down to sending just one of the fields in the "message" to make it easier for troubleshooting I have included here, both the form section of the html file, and the formdata.php file that processes the data for your analysis. I am relatively new to php so there are going to be some issues with security, but I can work on those after I get the store & email process to work correctly. Please review my code and see if anyone can be of assistance. I looked through the forums and couldn't find another issue that was the same as mine. If I just overlooked, please tell me the thread post #. Thanks THE FORM WHICH COLLECTS THE DATA ******************************* <form method=POST action=formdata.php> <table width="640" border=0 align="center"> <tr> <td align=right><b>First Name</b></td> <td><input type=text name=FName size=25></td> <td><div align="right"><b>Telephone</b></div></td> <td><input type=text name=Tel size=25></td> </tr> <tr> <td align=right><b>Last Name</b></td> <td><input type=text name=LName size=25></td> <td><div align="right"><b>Fax</b></div></td> <td><input type=text name=Fax size=25></td> </tr> <tr> <td align=right><b>Title</b></td> <td><input type=text name=Title size=25></td> <td><div align="right"><b>Email</b></div></td> <td><input type=text name=Email size=50></td> </tr> <tr> <td align=right><b>Company</b></td> <td><input type=text name=Comp size=25></td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>Address</b></td> <td><input type=text name=Addr size=25></td> <td><div align="right"><b>Estimated Annual Volume</b></div></td> <td><input type=text name=EAV size=25></td> </tr> <tr> <td align=right><b>City</b></td> <td><input type=text name=City size=25></td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>State/Province</b></td> <td><input type=text name=SProv size=25></td> <td><div align="right"><b>Application</b></div></td> <td><input type=text name=Appl size=25></td> </tr> <tr> <td align=right><b>Country</b></td> <td><input type=text name=Ctry size=25></td> <td><div align="right"><b>Type of System</b></div></td> <td><input type=text name=Syst size=25></td> </tr> <tr> <td align=right><b>Zip/Postal Code</b></td> <td><input type=text name=ZPC size=25></td> <td> </td> <td> </td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right> </td> <td><div align="right"><strong><font color="#FFFF00" face="Arial, Helvetica, sans-serif">COIL DESIGN</font></strong></div></td> <td><font color="#FFFF00" face="Arial, Helvetica, sans-serif"><strong>PARAMETERS</strong></font></td> <td> </td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>Primary Resistance (ohms)</b></td> <td><input type=text name=Pres size=25></td> <td><div align="right"><b>Primary Inductance (mH)</b></div></td> <td><input type=text name=Pind size=25></td> </tr> <tr> <td align=right><b>Secondary Resistance (ohms)</b></td> <td><input type=text name=Sres size=25></td> <td><div align="right"><b>Secondary Inductance (H)</b></div></td> <td><input type=text name=Sind size=25></td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>Peak Operating Current (Amps)</b></td> <td><input type=text name=POC size=25></td> <td> </td> <td> </td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right><b>Output Energy (mJ)</b></td> <td><input type=text name=Egy size=25></td> <td><div align="right"><b>Output Voltage (kV)</b></div></td> <td><input type=text name=Volt size=25></td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right><b># HV Towers per Coil</b></td> <td><input type=text name=TPC size=25></td> <td><div align="right"><b># of Coils per Package</b></div></td> <td><input type=text name=CPP size=25></td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td align=right> </td> <td> </td> <td> </td> <td> </td> </tr> <tr> <th colspan=4><b>Please enter any additional information he </b></th> </tr> <tr> <th colspan=4><textarea name=Mess cols=50 rows=10 id="Message"></textarea></th> </tr> </table> </dl> <div align="center"> <p> <input type=hidden name=BodyTag value="<body bgcolor="#484589" text="#FFFFFF" link="#FFFF00" alink="#FFFFFF" vlink="#FF7F00">"> <input type=hidden name=FA value=SendMail> </p> <p><font color="#FFFF00" face="Arial, Helvetica, sans-serif"><strong>PLEASE MAKE SURE ALL INFORMATION<br> IS CORRECT BEFORE SUBMITTING</strong></font></p> <p> <input type=submit value="Submit Form"> </p> </div> </form> THE FILE THAT PROCESSES THE FORM DATA (formdata.php) *********************************************** <?php $con = mysql_connect("localhost","XXX","XXX"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("customform", $con); $sql="INSERT INTO formdata (Fname, Lname, Title, Comp, Addr, City, SProv, Ctry, ZPC, Tel, Fax, Email, EAV, Appl, Syst, Pres, Pind, Sres, Sind, POC, Egy, Volt, TPC, CPP, Mess) VALUES ('$_POST[Fname]','$_POST[Lname]','$_POST[Title]','$_POST[Comp]','$_POST[Addr]','$_POST[City]','$_POST[SProv]','$_POST[Ctry]','$_POST[ZPC]','$_POST[Tel]','$_POST[Fax]','$_POST[Email]','$_POST[EAV]','$_POST[Appl]','$_POST[Syst]','$_POST[Pres]','$_POST[Pind]','$_POST[Sres]','$_POST[Sind]','$_POST[POC]','$_POST[Egy]','$_POST[Volt]','$_POST[TPC]','$_POST[CPP]','$_POST[Mess]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Your Information Was Successfully Posted"; mysql_close($con); $to = "recipient email address here"; $subject = "Custom Form"; $email = $_POST['Email'] ; $message = $_POST['Comp'] ; $headers = "From: $Email"; $sent = mail($to, $subject, $message, $headers) ; if($sent) {print "Your mail was sent successfully"; } else {print "We encountered an error sending your mail"; } ?> Hi Guys Again, another noob question that I can't seem to find a concise answer to. What is the best way to append a query string to a url? I've tried using the Header() function but this didn't seem to work - i.e. Code: [Select] Header("Location: enc.php?ID=test"); My goal is to change the query string depending on the output of various if else statements. For instance if $test isset then execute some code. The script will be self contained so it'll be posting back to itself with the query string and reacting differently depending on the query string. Any ideas? PS sorry if i am asking too many questions. Eager to learn and struggling to find answers to some things. What I basically want to do (and not sure if this is possible) is to append a different query string based on strings from a field(type: VARCHAR(4000)) are being truncated at 255 characters. Apparently this is how varchars work(how is that useful?). I've found these two solutions on the internet but neither of them seemed to work. first, some people thought it might be a php.ini thing, so I put this at the top of my php file: Code: [Select] ini_set ( 'mssql.textlimit' , '65536' ); ini_set ( 'mssql.textsize' , '65536' ); that didn't work, so other people suggested using the text field type instead but these two queries return nothing, so I must be doing something wrong or this just isn't the answer: Code: [Select] $bquery="SELECT CONVERT(TEXT,description) FROM table WHERE userID='$row[userID]'"; $bquery="SELECT CAST(description AS TEXT) FROM table WHERE userID='$row[userID]'"; Hello there, i`m trying to figure out a way to reorder a query string depending on variables. So the url would have the following query: /result/index.php?page=Weissenfels+Clack+and+Go&tyre=155_70_12&option1=30_02&option2=43_02&v_t=car&options=2 It should depend what page they come from if the page is equal to option2 then option1 is op1 and option2 is op2 To make it myself easier i have converted some variables On every first two digits ie 43 from the 43_02 can have 13 different ending digits, ie _03 or _04 or _05 etc... So i have converted all 43_02 43_03 etc to one variable ie $chain1 or $chain2 which holds in this case 43 a 43 is equal to Weissenfels+Clack+and+Go in the index page i have included the following process. At the moment i can only use php coding, unfortunately no mysql atm thank you in advance. Code: [Select] <?php $tyre = $_GET['tyre']; // finds the tyre size $op1 = $_GET['option1']; // finds the first chain size if applicable $op2 = $_GET['option2']; // finds the second chain size if applicable $op3 = $_GET['option3']; // finds the third chain size if applicable $op4 = $_GET['option4']; // finds the fourth chain size if applicable $op5 = $_GET['option5']; // finds the fith chain size if applicable $op6 = $_GET['option6']; // finds the sixth chain size if applicable $op7 = $_GET['option7']; // finds the seventh chain size if applicable $op8 = $_GET['option8']; // finds the eighth chain size if applicable $options = $_GET['options']; $page = $_GET['page']; $error = $_GET['info']; $vehicle_type = $_GET['v_t']; // finds the vehicle type $b = "Weissenfels+WeissTech+Tecna"; $c = "Weissenfels+Clack+and+Go"; if (($op1 == "30_02") || ($op1 == "30_03")) { $chain1 = "m30"; } elseif (($op2 == "43_02") || ($op2 == "43_03")) { $chain2 = "m43"; } else echo "error"; switch ($page) { case (($page == $c) && ($chain1 == "m43")); $option1 = $op1; $option2 = $op2; break; case (($page == $c) && ($chain2 == "m43")); $option1 = $op2; $option2 = $op1; break; default; $option1 = $op1; $option2 = $op2; break; } if ($options=="1") // calculates the possible combination { // outputs the results include 'options_1.php'; // type the amount of possible chains in here ie options_3 options_4 etc } elseif ($options=="2") { // outputs the results include 'options_2.php'; // type the amount of possible chains in here ie options_3 options_4 etc } elseif ($options=="3") { // outputs the results include 'options_3.php'; // type the amount of possible chains in here ie options_3 options_4 etc } elseif ($options=="4") { // outputs the results include 'options_4.php'; // type the amount of possible chains in here ie options_3 options_4 etc } elseif ($options=="5") { // outputs the results include 'options_5.php'; // type the amount of possible chains in here ie options_3 options_4 etc } elseif ($options=="6") { // outputs the results include 'options_6.php'; // type the amount of possible chains in here ie options_3 options_4 etc } elseif ($options=="7") { // outputs the results include 'options_7.php'; // type the amount of possible chains in here ie options_3 options_4 etc } elseif ($options=="8") { // outputs the results include 'options_8.php'; // type the amount of possible chains in here ie options_3 options_4 etc } else echo "there is an error on process_action2"; ?> Is it possible to have a link like this, http://www.somesite.com/?id=243 and transfer the "id" (or another query string) into the website from the link but at the same time, not affect the website (since "id" isn't a query string originally used in the website's URL)? I hope that makes sense.. Anyone could help or giude how to secure this script by storing session into database?
login.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Get ip
function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP'])
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if($_SERVER['HTTP_X_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if($_SERVER['HTTP_X_FORWARDED'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if($_SERVER['HTTP_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if($_SERVER['HTTP_FORWARDED'])
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if($_SERVER['REMOTE_ADDR'])
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$ip = get_client_ip();
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
/* if($login != '' || $password != '') {
if($login !='admin' && $ip !=''.$log_ip.''){
$errmsg_arr[] = 'Your IP <b>'.$ip.'</b> is not recognized...';
$errflag = true;
}
}
*/
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
//header("location: index.php");
echo ('<meta http-equiv="refresh" content="0;url=index.php">');
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_LOGIN_NAME'] = $member['login'];
$_SESSION['SESS_PASS'] = $member['passwd'];
session_write_close();
//header("location: member-index.php");
echo ('<meta http-equiv="refresh" content="0;url=member-index.php">');
exit();
}else {
//Login failed
//header("location: login-failed.php");
echo ('<meta http-equiv="refresh" content="0;url=login-failed.php">');
exit();
}
}else {
die("Query failed");
}
?>
auth.php (included on top of all php pages
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
//header("location: access-denied.php");
echo ('<meta http-equiv="refresh" content="0;url=access-denied.php">');
exit();
}
?>
What is the better way, in terms of best practice and also speed of storing PHP objects in a database? Is it: Serialize Code: [Select] $SQL = "INSERT INTO my_table (my_object) VALUES ('" . seralize($php_object). "')"; OR JSON Code: [Select] $SQL = "INSERT INTO my_table (my_object) VALUES ('" . json_encode($php_object). "')"; Any idea which is faster serialize() / unserialize() or json_ecode() / json_decode()? I've been doing some research and I was wondering what the best way is to store IP addresses in a MySQL database, and what would be the field type and length? I've seen that you can use the inet_aton() function but supposedly this doesn't support IPv4. So is there a workaround using these functions? Alternatively, if I was to just store the IP address as it is, what type of field and length would I be looking at? I've read somewhere that 45 is the max? Hey guys!, Any help is greatly appreciated! what i want to do is store a link to a pdf file which will open the file when clicked. just now when clicked will only open the file name but not with the extension .pdf? Thanks! Hi, I'm trying to store the first+lastname from my mysql user datababase into arrays like this: // Fill up array with names $a[]="Anna"; $a[]="Brittany"; $a[]="Cinderella"; $a[]="Diana"; $a[]="Eva"; $a[]="Fiona"; $a[]="Gunda"; $a[]="Hege"; $a[]="Inga"; $a[]="Johanna"; $a[]="Kitty"; $a[]="Linda"; $a[]="Nina"; $a[]="Ophelia"; $a[]="Petunia"; $a[]="Amanda"; $a[]="Raquel"; $a[]="Cindy"; $a[]="Doris"; $a[]="Eve"; $a[]="Evita"; $a[]="Sunniva"; $a[]="Tove"; $a[]="Unni"; $a[]="Violet"; Is there a recommended BEST PRACTICE for storing (and retrieving) telephone numbers from a database table? Is it best to store (in the USA) the area code separate from the rest of the number? Remove parenthesis and/or dashes? Or is there no reason to concern myself with performance or hacking issues regarding the storage of phone numbers as 323-555-1212 or (323)555-1212 inside my table? Hi! So I'm fairly new to PHP, and am currently making a website from scratch including as much PHP functionality as I can for learning purposes. As I have just finished making a blog function, I started to wonder. Is it normal to store every part of a website in a the database? The blog part of the website I just created has of course all the differet blog entries stored in a table in the db, but is it also normal practice to store about, contact etc. in tables too? Or should categories like these be created using brand new .php documents? I am in the progress of making a page controller and thought I should clearify things first, before I go any further. This question may seem stupid, but I don't know alot about what the normal practices of doing things like these in php are. Anyways, hope someone can help me out! Hey guys, I have used this code before on a linux server and know that it works, however after porting my site over to a windows server running apache, php and mysql; the following code seems to make one of my scripts crash. $queryfam1 = "SELECT * FROM wp_users WHERE user_login='$username'"; $resultfam1 = mysql_query($queryfam1) or die(mysql_error()); $row21 = mysql_fetch_array($resultfam1) or die(mysql_error()); I have no idea of a result as there is no error reported, it simply dies and does not tell me what is happening with it. Any ideas? Hey, i need help storing an image in my database via the URL(image location) at the moment my php code is storing the image in a folder on the directory called upload. here is the code: <?php // Where the file is going to be placed $target_path = "upload /"; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $target_path = "upload/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } ?> Click <a href="products.php">HERE</a> to go back to form if someone could help me i'd be very grateful |
|||||||