The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Hi there.
Yet another MYSQL problem/PHP advice thread...
Ok this is the deal.
I have a table called "keyfeatures"
In it contains 3 fields.
"KeyFID" - primary key
"AucID" - secondary key
"Keyfeature" - text
What i'm having problems with is returning all of the values that match the secondary key.
I.e. SELECT * FROM keyfeatures WHERE AucID='$theauc'
How would I return those values?
Say if I had this as sample data and $theauc == 2: -
1 2 "this is data"
2 2 "data"
3 4 "woo this is data"
The query should return the top two piece of data, correct?
What I want to do exactly is put these values into an array (I have an array which can size itself to how many rows match the query) so
$array[0] = "this is data"
$array[1] = "data"
Any advice would be appreciated.
Yet another MYSQL problem/PHP advice thread...
Ok this is the deal.
I have a table called "keyfeatures"
In it contains 3 fields.
"KeyFID" - primary key
"AucID" - secondary key
"Keyfeature" - text
What i'm having problems with is returning all of the values that match the secondary key.
I.e. SELECT * FROM keyfeatures WHERE AucID='$theauc'
How would I return those values?
Say if I had this as sample data and $theauc == 2: -
1 2 "this is data"
2 2 "data"
3 4 "woo this is data"
The query should return the top two piece of data, correct?
What I want to do exactly is put these values into an array (I have an array which can size itself to how many rows match the query) so
$array[0] = "this is data"
$array[1] = "data"
Any advice would be appreciated.
If the variable comes from a POST request or similar, it may not be escaped. Check your php.ini file to see whether the magic_quotes_gpc is on or off. If it's on, you don't need to worry, to otherwise you will need to escape your strings.
Basically, imagine an unescaped variable defined as follows:
$var = "'; DELETE * FROM table; SELECT * FROM table WHERE column='";
and entering this into the code similar to yours:
$result = mysql_query("SELECT * FROM table WHERE column='".$var."';");
This would actually give:
$result = mysql_query("SELECT * FROM table WHERE column=''; DELETE * FROM table; SELECT * FROM table WHERE column='';");
As you can see, this deletes all your data from the table. By escaping the string, you will stop characters like ' ; " etc from being processed by MySQL as command symbols, and thus prevent someone maliciously abusing your script.
You can escape many ways, the most logical of which if your version of PHP supports it is mysql_real_escape_string().
EDIT: The PHP Manual isn't a book - it's a download available from the PHP web site. You can get it in CHM format which is the same format as Windows Help files.
Basically, imagine an unescaped variable defined as follows:
$var = "'; DELETE * FROM table; SELECT * FROM table WHERE column='";
and entering this into the code similar to yours:
$result = mysql_query("SELECT * FROM table WHERE column='".$var."';");
This would actually give:
$result = mysql_query("SELECT * FROM table WHERE column=''; DELETE * FROM table; SELECT * FROM table WHERE column='';");
As you can see, this deletes all your data from the table. By escaping the string, you will stop characters like ' ; " etc from being processed by MySQL as command symbols, and thus prevent someone maliciously abusing your script.
You can escape many ways, the most logical of which if your version of PHP supports it is mysql_real_escape_string().
EDIT: The PHP Manual isn't a book - it's a download available from the PHP web site. You can get it in CHM format which is the same format as Windows Help files.
Yeah I probably should of read that before posting this, but searching for the right 'terms' to use is quite annoying.
Might have to pick myself up a few PHP books to stop bothering you guys :P
EDIT: also - what do you mean by "mysql safe"
Might have to pick myself up a few PHP books to stop bothering you guys :P
EDIT: also - what do you mean by "mysql safe"
*bows*
It may be of interest to you to know that the PHP manual has very good documentation for things such as this - I believe it has an example very similar to the code I have just provided.
It may be of interest to you to know that the PHP manual has very good documentation for things such as this - I believe it has an example very similar to the code I have just provided.
You, Mr Nimco, are a genius
$result = mysql_query("SELECT * FROM keyfeatures WHERE AucID='".$theauc."';"); // make sure you have made $theauc mysql safe
$array = array();
while ($row = mysql_fetch_assoc($result)) {
$array[] = $row['Keyfeature'];
}
?>
Hi there.
Yet another MYSQL problem/PHP advice thread...
Ok this is the deal.
I have a table called "keyfeatures"
In it contains 3 fields.
"KeyFID" - primary key
"AucID" - secondary key
"Keyfeature" - text
What i'm having problems with is returning all of the values that match the secondary key.
I.e. SELECT * FROM keyfeatures WHERE AucID='$theauc'
How would I return those values?
Say if I had this as sample data and $theauc == 2: -
1 2 "this is data"
2 2 "data"
3 4 "woo this is data"
The query should return the top two piece of data, correct?
What I want to do exactly is put these values into an array (I have an array which can size itself to how many rows match the query) so
$array[0] = "this is data"
$array[1] = "data"
Any advice would be appreciated.
Yet another MYSQL problem/PHP advice thread...
Ok this is the deal.
I have a table called "keyfeatures"
In it contains 3 fields.
"KeyFID" - primary key
"AucID" - secondary key
"Keyfeature" - text
What i'm having problems with is returning all of the values that match the secondary key.
I.e. SELECT * FROM keyfeatures WHERE AucID='$theauc'
How would I return those values?
Say if I had this as sample data and $theauc == 2: -
1 2 "this is data"
2 2 "data"
3 4 "woo this is data"
The query should return the top two piece of data, correct?
What I want to do exactly is put these values into an array (I have an array which can size itself to how many rows match the query) so
$array[0] = "this is data"
$array[1] = "data"
Any advice would be appreciated.