|
PHP - Properly Remove A Query String
Hi, i have a query string id=5&start=0 that i want to remove from the url and return the url without it. I am searching a cleaner way for doing it. Here is an example :
Before : http://www.example.com/?a=3&id=5&start=0 After : http://www.example.com/?a=3 Before : http://www.example.com/?id=5&start=0 After : http://www.example.com/ Before : http://www.example.com/?alpha=1&id=5&start=0&beta=2 After : http://www.example.com/?alpha=1&beta=2Thank you Edited by Dareros, 11 August 2014 - 04:06 PM. Similar TutorialsI have some data in a table and some of it is Artist names stored as "Last, First" I need to be able to have the script search weather or not someone types "last, first" or "first last". Any ideas? Here's my code: <html> <head> <title>search script</title> </head> <body> <form name="form" action="search.php" method="get"> <input type="text" name="q" /> <input type="submit" name="Submit" value="Search" /> </form> <?php // Get the search variable from URL $var = @$_GET['q'] ; $trimmed = trim($var); //trim whitespace from the stored variable // rows to return $limit=100; // check for an empty string and display a message. if ($trimmed == "") { echo "<p>Please enter a search...</p>"; exit; } // check for a search parameter if (!isset($var)) { echo "<p>We dont seem to have a search parameter!</p>"; exit; } //connect to your database ** EDIT REQUIRED HERE ** mysql_connect("localhost","username","password"); //(host, username, password) //specify database mysql_select_db("mydb") or die("Unable to select database"); //select which database we're using // Build SQL Query $query = "select * from songs where Title like \"%$trimmed%\" or Artist like \"%$trimmed%\" order by Title"; // EDIT HERE and specify your table and field names for the SQL query $numresults=mysql_query($query); $numrows=mysql_num_rows($numresults); // If we have no results, offer a google search as an alternative if ($numrows == 0) { echo "<h4>Results</h4>"; echo "<p>Sorry, your search: "" . $trimmed . "" returned zero results</p>"; } // next determine if s has been passed to script, if not use 0 if (empty($s)) { $s=0; } // get results $query .= " limit $s,$limit"; $result = mysql_query($query) or die("Couldn't execute query"); // display what the person searched for echo "<p>You searched for: "" . $var . ""</p>"; // begin to show results set echo "Results"; $count = 1 + $s ; // now you can display the results returned echo "<table border=1>"; while ($row= mysql_fetch_array($result)) { $title = $row["Title"]; $artist = $row["Artist"]; $number = $row["Number"]; echo "<tr><td>$count.)</td><td>$title</td><td>$artist</td><td>$number</td></tr>" ; $count++ ; } echo "</table>"; $currPage = (($s/$limit) + 1); //break before paging echo "<br />"; // next we need to do the links to other results if ($s>=1) { // bypass PREV link if s is 0 $prevs=($s-$limit); print " <a href=\"$PHP_SELF?s=$prevs&q=$var\"><< Prev 10</a>  "; } // calculate number of pages needing links $pages=intval($numrows/$limit); // $pages now contains int of pages needed unless there is a remainder from division if ($numrows%$limit) { // has remainder so add one page $pages++; } // check to see if last page if (!((($s+$limit)/$limit)==$pages) && $pages!=1) { // not last page so give NEXT link $news=$s+$limit; echo " <a href=\"$PHP_SELF?s=$news&q=$var\">Next 20 >></a>"; } $a = $s + ($limit) ; if ($a > $numrows) { $a = $numrows ; } $b = $s + 1 ; echo "<p>Showing results $b to $a of $numrows</p>"; ?> </body> </html> Hi guys, I have stuck with this issue for over 3 hours now. My remove all button just wouldn't work.
Can anyone tell me what's the issue? I have 2 pages, one parent and another pop-up page that takes the values (cartSubmit) from parent. And I wrote out the code for both pages but I just cannot get it to work.
I apologize in advanced if my code looks messy or doesn't make any sense.
Please take a look at the code and let me know if you could spot anything wrong with it. Any help is greatly appreciated.
Here is the code related to the remove all button in the parent page:
if(isset($_POST['finalSelected']))
{ echo "<br/>inside";
if(!empty($_POST['fSelected']))
{ echo "<br/>if NOT empty";
$chosen = $_POST['fSelected'];
foreach ($chosen as $item)
echo "</br>aID selected: $item </br>";
//implode function to transform an array to a string
//chosen(array) to $delimit(String)
$delimitStr = implode(", ", $chosen);
//Save the selected String to SESSION
if(!isset($_SESSION["final"]))
{
$_SESSION["final"] .= "$delimitStr";
}
else
{
$_SESSION["final"] .= ", $delimitStr";
}
//Explode function to transform the SESSION variable back to an array for further trimming.
$arraySession = explode(', ', $_SESSION["final"]);
//Array unique to filter out duplicates.
$uniqueArray = array_unique($arraySession);
$cartSubmit = implode(", ",$uniqueArray);
$_SESSION['cartSubmit'] = $cartSubmit;
}
else
{
echo "<br/>else empty";
$noSubmit = $_SESSION["final"];
//Explode function to transform the SESSION variable back to an array for further trimming.
$arraySession = explode(', ', $_SESSION["final"]);
//Array unique to filter out duplicates.
$uniqueArray = array_unique($arraySession);
$cartSubmit = implode(", ",$uniqueArray);
$_SESSION['cartSubmit'] = $cartSubmit;
}
}
<form name= "finalForm" method="POST" action="test6-1.php" target = "_self">
<input type="Submit" name="finalSelected"/>
<a href="javascript:popup('test6-3.php?aID=
<?php if(empty($_SESSION['final']) && empty($_SESSION['cartSubmit'])) echo "0";
else if(empty($cartSubmit)) echo "0"; else echo $_SESSION['cartSubmit'];?>')">Cart</a>
<?php if(isset($FinalName))
{ foreach($FinalName as $key => $item)
{?>
<tr><td>
<input type="checkbox" name="fSelected[]" value="<?php echo htmlspecialchars($FinalID[$key])?>" />
<?php echo "$FinalID[$key] & $item";?>
</td></tr>
<?php }
}?>
</form>
And here is the code in the pop-up page.
<script> window.onunload = refreshParent;
function refreshParent()
{
window.opener.location.reload();
}
</script>
if(isset($_POST['removeAll']))
{ $aID = "0";
unset($_SESSION['cartSubmit']);
unset($_SESSION['final']);
header("Location : test6-3.php?aID=0");
}
Edited by Cyjm1120, 18 November 2014 - 12:16 PM. Please can someone advise how I remove the | characters from a string? I tried the following but get errors that... Warning: preg_replace() [function.preg-replace]: No ending delimiter '|' Code: [Select] $value = preg_replace("|", "", $value); Is there a way/function to not only remove <script>, <embed> tags etc but also remove the content within the tags so this: " some text <script> functionhere(); </script> some more text " to this: " some text some more text " In effect remove the whole tag and content within the tags? Havent been able to find anything online that works Many thanks in advance. Simon Am looking forward to removing all the numeric characters upto and including the leading "/" in 90/_featuredarticles/2011/12 Regards Hello again to all I would like to ask if how can i removed the first 3 words on this string? Quote Lorem ipsum dolor sit amet, consectetur adipiscing elit. Pellentesque hendrerit accumsan turpis, vitae rutrum quam cursus id. Sed quis pulvinar eros. Integer vel tellus turpis. Donec tortor dolor, convallis in mollis et, rhoncus eu lacus. Etiam quam risus, fringilla ac tempor in, congue vel felis. Mauris eu luctus augue. Fusce nisl neque, convallis a posuere a, ultricies et metus. thanks in advance Hi, How would i strip out both the " and ' characters from a php string? Thanks Fraser hi folks, i have a variable in which some common words are stored and another variable in which a sentence is stored. I want to remove the common words from the sentence> Is there any way of doing this in PHP? Code: [Select] <?php $common_words = "to, this, all, the, from"; $sentence = "I want to remove all the common words from this sentence"; ?>the final output should be: "I remove common words sentence." Hi, Im looking at using a statement like this to remove all text characters from a string. $outgoing = substr_replace($incoming,"",-1); The string is a currency that has a currency symbol in the beginning of the string, like "R500.00" I would like to remove the R, so it is just a numeric value... Please can you help me with any ideas on how to get this going? Been reading so much and its all confused me too badly. Regards, Chris Hi is there anyway to check a string for any instances of something like this "(3)" where the number "3" could be any integer. So basically I want to search a string for any instances of a integer in brackets "(integer)" and remove it. So my string was something like $string = "String (2) string string string (7)" function($string) output would be "String string string string" where there integers in brackets could be any number I know this one is probably super easy for you programmer types.. but I just need to know.. If a string ends with a dash (and not all of them will), how do I remove it? Thanks! The Query:
$query = "SELECT * FROM ttn01 WHERE id = $_GET['id']";I am getting an error. I'm a noob, tring to reverse engineer some current code. This code is grabbing the current URL: <?php function curPageURL() { $pageURL = 'http'; if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";} $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } return $pageURL; } ?> This form is adding "&limit=50" to the URL, to show 25, 50 or 100 results per page: Code: [Select] <form> <select name="link"> <option <? echo "$select25" ?> value="<? echo curPageURL(); ?>&limit=25">25 records per page</option> <option <? echo "$select50" ?> value="<? echo curPageURL(); ?>&limit=50">50 records per page</option> <option <? echo "$select100" ?> value="<? echo curPageURL(); ?>&limit=100">100 records per page</option> </select> </form> The problem is here (I think). This is supposed to flush the old limit before requesting a new one... but right now, I'm getting another one tacked on with each new request: www.website.com/members?sub[]=math&sub[]=science&lev[]=middleschool&limit=25 www.website.com/members?sub[]=math&sub[]=science&lev[]=middleschool&limit=25&limit=50 www.website.com/members?sub[]=math&sub[]=science&lev[]=middleschool&limit=25&limit=50&limit=100 <?php //remove any old limit from query $tmp = array(); foreach ($_GET as $fld => $val) if ($fld != 'limit') $tmp[] = $fld . '=' . $val; $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"] . '?' . implode('&',$tmp); ?> Any ideas? Thanks. ~Wayne My code Code: [Select] <?php set_time_limit (0); include("config.php"); $data = "<td><a href='/hospitals-in/Alabama'>Alabama</a></td> <td><a href='/hospitals-in/District-of-Columbia'>District of Columbia</a></td> <td><a href='/hospitals-in/Kentucky'>Kentucky</a></td> <td><a href='/hospitals-in/Montana'>Montana</a></td> <td><a href='/hospitals-in/Ohio'>Ohio</a></td> <td><a href='/hospitals-in/Texas'>Texas</a></td> <td><a href='/hospitals-in/Alaska'>Alaska</a></td> <td><a href='/hospitals-in/Florida'>Florida</a></td> <td><a href='/hospitals-in/Louisiana'>Louisiana</a></td> <td><a href='/hospitals-in/Nebraska'>Nebraska</a></td> <td><a href='/hospitals-in/Oklahoma'>Oklahoma</a></td> <td><a href='/hospitals-in/Utah'>Utah</a></td> <td><a href='/hospitals-in/America-Samoa'>America Samoa</a></td> <td><a href='/hospitals-in/Georgia'>Georgia</a></td> <td><a href='/hospitals-in/Maine'>Maine</a></td> <td><a href='/hospitals-in/Nevada'>Nevada</a></td> <td><a href='/hospitals-in/Oregon'>Oregon</a></td> <td><a href='/hospitals-in/Vermont'>Vermont</a></td> <td><a href='/hospitals-in/Arizona'>Arizona</a></td> <td><a href='/hospitals-in/Hawaii'>Hawaii</a></td> <td><a href='/hospitals-in/Maryland'>Maryland</a></td> <td><a href='/hospitals-in/New-Hampshire'>New Hampshire</a></td> <td><a href='/hospitals-in/Pennsylvania'>Pennsylvania</a></td> <td><a href='/hospitals-in/Virgin-Islands'>Virgin Islands</a></td> <td><a href='/hospitals-in/Arkansas'>Arkansas</a></td> <td><a href='/hospitals-in/Idaho'>Idaho</a></td> <td><a href='/hospitals-in/Massachusetts'>Massachusetts</a></td> <td><a href='/hospitals-in/New-Jersey'>New Jersey</a></td> <td><a href='/hospitals-in/Puerto-Rico'>Puerto Rico</a></td> <td><a href='/hospitals-in/Virginia'>Virginia</a></td> <td><a href='/hospitals-in/California'>California</a></td> <td><a href='/hospitals-in/Illinois'>Illinois</a></td> <td><a href='/hospitals-in/Michigan'>Michigan</a></td> <td><a href='/hospitals-in/New-Mexico'>New Mexico</a></td> <td><a href='/hospitals-in/Rhode-Island'>Rhode Island</a></td> <td><a href='/hospitals-in/Washington'>Washington</a></td> <td><a href='/hospitals-in/Colorado'>Colorado</a></td> <td><a href='/hospitals-in/Indiana'>Indiana</a></td> <td><a href='/hospitals-in/Minnesota'>Minnesota</a></td> <td><a href='/hospitals-in/New-York'>New York</a></td> <td><a href='/hospitals-in/South-Carolina'>South Carolina</a></td> <td><a href='/hospitals-in/West-Virginia'>West Virginia</a></td> <td><a href='/hospitals-in/Connecticut'>Connecticut</a></td> <td><a href='/hospitals-in/Iowa'>Iowa</a></td> <td><a href='/hospitals-in/Mississippi'>Mississippi</a></td> <td><a href='/hospitals-in/North-Carolina'>North Carolina</a></td> <td><a href='/hospitals-in/South-Dakota'>South Dakota</a></td> <td><a href='/hospitals-in/Wisconsin'>Wisconsin</a></td> <td><a href='/hospitals-in/Delaware'>Delaware</a></td> <td><a href='/hospitals-in/Kansas'>Kansas</a></td> <td><a href='/hospitals-in/Missouri'>Missouri</a></td> <td><a href='/hospitals-in/North-Dakota'>North Dakota</a></td> <td><a href='/hospitals-in/Tennessee'>Tennessee</a></td> <td><a href='/hospitals-in/Wyoming'>Wyoming</a></td>"; preg_match_all("~<td><a\s+href='(.*?)'>(.*?)</a></td>~", $data, $link); echo '<pre>'; echo print_r($link); echo '</pre>' ; $countlink = count($link[1]); for($i=0 ; $i < $countlink; $i++) { if (is_array($link)) { $sitelink = "http://www.xxx.com".$link[1][$i]; $hospitallink = file_get_contents("$sitelink"); preg_match_all("~<td><a href=\"/hospital/(.*?)\">(.*?)</a></td>~", $hospitallink, $hospitalinfo); $city = $link[2][$i]; $countinfo = count($hospitalinfo[1]); for($j=0 ; $j < $countinfo ; $j++) { $infolink = "http://www.xxx.com/hospital/".$hospitalinfo[1][$j]; $getinfo = file_get_contents("$infolink"); $regex = "~<b>Name:</b>\s+(.*?)\s+</p>\s+<p>\s+<b>Address:</b>\s+(.*?)\s+</p>\s+<p>\s+<b>Phone:</b>\s+(.*?)\s+</p>\s+<p>\s+<b>Number\s+of\s+Beds:</b>\s+(.*?)\s+</p>\s+<p>\s+<b>Type:</b>\s+(.*?)\s+</p>\s+<p>\s+<b>System:</b>\s+(.*?)\s+</p>\s+<p>\s+<b>Website:</b>\s+<a href=\"(.*?)\">(.*?)</a>\s+</p>\s+<p>\s+(.*?)</p>~s"; preg_match_all($regex, $getinfo, $critinfo); preg_match_all("~<li>\s+(.*?)</li>~s", $getinfo, $servinfo); preg_match_all("~<h4>Hospital\s+Quality\s+and\s+Rating\s+information</h4>\s+<p>Data\s+based\s+on\s+2010\s+Health\s+Quality\s+Alliance\s+database</p>\s+<p>\s+<b>(.*?)</b><br>\s+(.*?)</p>~s", $getinfo, $mortality); preg_match_all("/(\d+)?\.?(\d+)?%/", $mortality[2][0], $number); $name = $critinfo[1][0]; $address = preg_replace('/\s\s+/', ' ', $address); $number = implode(",", $number[0]); $servinfo = implode(",", $servinfo[1]); $sql = "INSERT INTO hospital (name, address, servinfo, mortality) VALUES ('$name', '$address', '$servinfo', '$number')"; $exec_sql = mysql_query($sql); } } } ?> print_r($link) shows this :- Code: [Select] Array ( [0] => Array ( [0] => Alabama [1] => District of Columbia [2] => Kentucky [3] => Montana [4] => Ohio [5] => Texas [6] => Alaska [7] => Florida [8] => Louisiana [9] => Nebraska [10] => Oklahoma [11] => Utah [12] => America Samoa [13] => Georgia [14] => Maine [15] => Nevada [16] => Oregon [17] => Vermont [18] => Arizona [19] => Hawaii [20] => Maryland [21] => New Hampshire [22] => Pennsylvania [23] => Virgin Islands [24] => Arkansas [25] => Idaho [26] => Massachusetts [27] => New Jersey [28] => Puerto Rico [29] => Virginia [30] => California [31] => Illinois [32] => Michigan [33] => New Mexico [34] => Rhode Island [35] => Washington [36] => Colorado [37] => Indiana [38] => Minnesota [39] => New York [40] => South Carolina [41] => West Virginia [42] => Connecticut [43] => Iowa [44] => Mississippi [45] => North Carolina [46] => South Dakota [47] => Wisconsin [48] => Delaware [49] => Kansas [50] => Missouri [51] => North Dakota [52] => Tennessee [53] => Wyoming ) [1] => Array ( [0] => /hospitals-in/Alabama [1] => /hospitals-in/District-of-Columbia [2] => /hospitals-in/Kentucky [3] => /hospitals-in/Montana [4] => /hospitals-in/Ohio [5] => /hospitals-in/Texas [6] => /hospitals-in/Alaska [7] => /hospitals-in/Florida [8] => /hospitals-in/Louisiana [9] => /hospitals-in/Nebraska [10] => /hospitals-in/Oklahoma [11] => /hospitals-in/Utah [12] => /hospitals-in/America-Samoa [13] => /hospitals-in/Georgia [14] => /hospitals-in/Maine [15] => /hospitals-in/Nevada [16] => /hospitals-in/Oregon [17] => /hospitals-in/Vermont [18] => /hospitals-in/Arizona [19] => /hospitals-in/Hawaii [20] => /hospitals-in/Maryland [21] => /hospitals-in/New-Hampshire [22] => /hospitals-in/Pennsylvania [23] => /hospitals-in/Virgin-Islands [24] => /hospitals-in/Arkansas [25] => /hospitals-in/Idaho [26] => /hospitals-in/Massachusetts [27] => /hospitals-in/New-Jersey [28] => /hospitals-in/Puerto-Rico [29] => /hospitals-in/Virginia [30] => /hospitals-in/California [31] => /hospitals-in/Illinois [32] => /hospitals-in/Michigan [33] => /hospitals-in/New-Mexico [34] => /hospitals-in/Rhode-Island [35] => /hospitals-in/Washington [36] => /hospitals-in/Colorado [37] => /hospitals-in/Indiana [38] => /hospitals-in/Minnesota [39] => /hospitals-in/New-York [40] => /hospitals-in/South-Carolina [41] => /hospitals-in/West-Virginia [42] => /hospitals-in/Connecticut [43] => /hospitals-in/Iowa [44] => /hospitals-in/Mississippi [45] => /hospitals-in/North-Carolina [46] => /hospitals-in/South-Dakota [47] => /hospitals-in/Wisconsin [48] => /hospitals-in/Delaware [49] => /hospitals-in/Kansas [50] => /hospitals-in/Missouri [51] => /hospitals-in/North-Dakota [52] => /hospitals-in/Tennessee [53] => /hospitals-in/Wyoming ) [2] => Array ( [0] => Alabama [1] => District of Columbia [2] => Kentucky [3] => Montana [4] => Ohio [5] => Texas [6] => Alaska [7] => Florida [8] => Louisiana [9] => Nebraska [10] => Oklahoma [11] => Utah [12] => America Samoa [13] => Georgia [14] => Maine [15] => Nevada [16] => Oregon [17] => Vermont [18] => Arizona [19] => Hawaii [20] => Maryland [21] => New Hampshire [22] => Pennsylvania [23] => Virgin Islands [24] => Arkansas [25] => Idaho [26] => Massachusetts [27] => New Jersey [28] => Puerto Rico [29] => Virginia [30] => California [31] => Illinois [32] => Michigan [33] => New Mexico [34] => Rhode Island [35] => Washington [36] => Colorado [37] => Indiana [38] => Minnesota [39] => New York [40] => South Carolina [41] => West Virginia [42] => Connecticut [43] => Iowa [44] => Mississippi [45] => North Carolina [46] => South Dakota [47] => Wisconsin [48] => Delaware [49] => Kansas [50] => Missouri [51] => North Dakota [52] => Tennessee [53] => Wyoming ) ) 1 Earlier it was giving an error without if (is_array($link)) { Code: [Select] Fatal error: Cannot use string offset as an array However after adding it, it wont go to /hospitals-in/District-of-Columbia which is $link[1][1]; Can someone please point me my mistake I have sen this function before but can not remember what it is or how to code it. It allows you remove only defined characters from the end of the string. I am not looking to replace any occurrence anywhere in the phrase, just the end. For example lets say I want to remove"ld!" from phrase "Hello World!" That function would return "Hello Wor" Thanks $db->query( "UPDATE user_resources, user_buildings, user_units_nonbattle SET user_resources.uGold=user_resources.uGold+(user_buildings.uTownCenterLevel*(user_units_nonbattle.uMiner*10))" ); When the cron runs, it updates everyone the same regardless. Any idea what i'm doing wrong? I have a form with some dropdownlist that get populated dynamically(depends on what the user chooses) with jquery and an xml file. In the form I have a button that takes the info and populates another form with the values of the ddl. I have coded script which populates the second form with jquery and the name of each input get dynamically added like so: Code: [Select] <input type="text" value="'+model+'" name="Model_'+model+'" id="'+model+'" readonly size="'+model.length+'" /> <input type="text" value="'+model+'" name="Model'+model+'" id="'+model+'" readonly size="'+model.length+'" />> <input type="text" value="'+color+'" name="Color'+color+'" id="'+color+'" readonly size="'+color.length+'" /> <input type="text" value="'+part+'" name="Part'+part+'" id="'+part+'" readonly size="'+part.length+'" /> <input type="text" value="$'+price+'" name="Price'+price+'" id="'+price+'" readonly size="'+price.length+'" /> <input type="text" value="'+qty+'" name="Quantity'+qty+'" id="'+qty+'" readonly size="'+qty.length+'" /> <input type="text" value="'+total+'" name="Total'+total+'" id="'+total+'" readonly size="'+total.length+'" /> What I want to do is grab the name of the element and remove the underscore and everything else form rileft to right so I am left with just the word before the underscore. I tried using substr($key,0,-28) but that wont work since everything after the underscore will have a different length. I was wondering if there is a way i can keep everything before the underscore and remove the underscore and everything after that. Thanks in advance for any input I get. I have a simply query where I want show how many unique contests are there. So if I have 100 entries in a single contest, then each entry row will have the same contest id in this example. So even though there are 100 entries, they all belong to the same contest id. That means the echo of $total_contests should be 1. But instead I am getting the same count as the entry rows, which is 100. What am I doing wrong?
$global_user_id = 1;
$count_contests = $db->prepare("SELECT COUNT(*) FROM entries WHERE user_id = :user_id GROUP BY contest_id");
$count_contests->bindParam(':user_id', $global_user_id);
$count_contests->execute();
$total_contests = $count_contests->fetchColumn();
echo $total_contests;
Hey guys, New to the forum and a newer user of PHP / MySQL. I am having trouble with some code I've written up. I don't seem to get any errors when running it, but it's not updating my database the way that it should. hopefully a simple fix. I am thinking that it must be on the MySQL side of things. Couple of things to start. My html form is comprised completely of drop down list inputs. I'm the only user so I thought this would be the easiest approach. Because of that I've made my PHP as follows: Code: [Select] <?php $season = $_POST['season']; $month = $_POST['month']; $day = $_POST['day']; $year = $_POST['year']; $time = $_POST['time']; $event = $_POST['event']; $game = $_POST['game']; $buyin = $_POST['buyin']; $connect = mysql_connect('localhost','root','') or die('can not connect'); if ($connect) { echo "connected to database"; } $db = mysql_select_db('dpl') or die('can not find database'); if ($db) { echo "DPL Selected"; } $query = sprintf("INSERT INTO events (season , month , day , year , time , event , game , buyin) VALUES ('%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s' , '%s')", $season , $month , $day , $year , $time , $event , $game , $buyin ); if ($query) { echo "Your event has been added"; } ?> My connection is working, my database is selected and I'm even now getting confirmation that my query is working, but when i go to check my database there are no entries in it? any thoughts? I've tried the drop down variables as both VARCHAR and TEXT inputs in MySQL, but I can't seem to get it to work. Any help is greatly appreciated. Hello All,
I'm having trouble trying to "wrap my head around" how I can make the query in my code below more efficient, elegant, and certainly immune to a SQL-injection attack
So, I have a form (which can be seen in the attached screenshot) which has the user first select a search-type via a dropdown listbox. The two choices pertain to two columns in the underlying table i.e. store_name and item_description. Once that selection is completed the user is expected to enter a search-term (which is typically in relation to the choice selected in the first prompt).
Now, what I would like to happen is that the query be created based on both, the value in the search-type prompt, as well as the value in search-term textbox, and of course, the query must be a parameterized prepared statement (to minimize the possiblity of a SQL-inection attach).
Essentially I would like to get rid of the following code (which I believe is potentially redundant, and contains a hard-coded column name between the WHERE and LIKE), to make things less complicated and more elegant/flexible
if ($searchtype == "store_name")
{
$sql = "SELECT * FROM `shoplist` WHERE store_name LIKE :searchterm ORDER BY store_name ASC";
}
else if ($searchtype == "item_description")
{
$sql = "SELECT * FROM `shoplist` WHERE item_description LIKE :searchterm ORDER BY store_name ASC";
}
Here's what I tried:
// Tried this first but it didn't work...gave some kind of error pertaining to the parameter 2
// Prepare the query ONCE
$query = "SELECT * FROM `shoplist` WHERE ? LIKE ? ORDER BY ? ASC";
$searchterm = '%' . $searchterm . '%';
$statement = $conn->prepare($query);
$statement->bindValue(1, $searchtype);
$statement->bindParam(2, $searchterm);
$statement->bindValue(3, $searchtype);
$statement->execute();
// ----------------------------------------------------------------------------------------------------------- //
// Tried this as well, but was getting unexpected results (mostly all rows being returned, regardless of input)
// Prepare the query ONCE
$query = "SELECT * FROM `shoplist` WHERE :searchtype LIKE :searchterm ORDER BY :searchtype ASC";
$searchterm = '%' . $searchterm . '%';
$statement = $conn->prepare($query);
$statement->bindValue(':searchtype', $searchtype);
$statement->bindValue(':searchterm', '%' . $searchterm . '%');
$statement->execute();
Here's the complete code (pertaining to the problem/request):
// create short variable names
if(isset($_POST['searchtype']))
{
$searchtype=$_POST['searchtype'];
}
if(isset($_POST['searchterm']))
{
$searchterm=trim($_POST['searchterm']);
}
if(isset($_POST['searchtype']) && isset($_POST['searchterm']))
{
if (!get_magic_quotes_gpc())
{
$searchtype = addslashes($searchtype);
$searchterm = addslashes($searchterm);
}
}
if(isset($_POST['searchtype']) && isset($_POST['searchterm']))
{
// ****** Setup customized query ******
if ($searchtype == "store_name")
{
// The following statement is potentially open to SQL-inection attack and has therefore been REM(arked)
// $sql = "SELECT * FROM `shoplist` WHERE " . $searchtype . " LIKE :searchterm ORDER BY store_name ASC";
// The following may not be open to SQL-injection attack, but has the column name hard-coded in-between the WHERE and LIKE clauses
// I would like the the column name to be set based on the value chosen by the user in the form dropdown listbox for "searchtype"
$sql = "SELECT * FROM `shoplist` WHERE store_name LIKE :searchterm ORDER BY store_name ASC";
}
else if ($searchtype == "item_description")
{
// The following statement is potentially open to SQL-inection attack and has therefore been REM(arked)
// $sql = "SELECT * FROM `shoplist` WHERE " . $searchtype . " LIKE :searchterm ORDER BY item_description ASC";
// The following may not be open to SQL-injection attack, but has the column name hard-coded in-between the WHERE and LIKE clauses
// I would like the the column name to be set based on the value chosen by the user in the form dropdown listbox for "searchtype"
$sql = "SELECT * FROM `shoplist` WHERE item_description LIKE :searchterm ORDER BY item_description ASC";
}
$statement = $conn->prepare($sql);
$statement->bindValue(':searchterm', '%' . $searchterm . '%');
$statement->execute();
...
...
...
}
Thanks guys!
Attached Files
Search-Screen-SS.png 21.31KB
0 downloads |
|||||||