Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
take two - fetch items from a row.
2 views
Skip to first unread message
richard
May 3, 2013, 7:02:58 PM5/3/13
to
This code may reside on a page in a line.
< a href="http:www.code.com/gettable.php?number=1">
Where I show id=$number, is that the way I want to show it or is there a
beter way?
I want to retrieve the row corresponding to the id number given in the
link.
<?php
$number=$_GET["number"];
if (empty($number)) {$number=1;}
$number=(int)$number;
// connections code left out intentionally //
$result = mysql_query("SELECT id,email FROM people WHERE id = $number");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
?>
< a href="http:www.code.com/gettable.php?number=1">
Where I show id=$number, is that the way I want to show it or is there a
beter way?
I want to retrieve the row corresponding to the id number given in the
link.
<?php
$number=$_GET["number"];
if (empty($number)) {$number=1;}
$number=(int)$number;
// connections code left out intentionally //
$result = mysql_query("SELECT id,email FROM people WHERE id = $number");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
?>
richard
May 3, 2013, 7:13:18 PM5/3/13
to
On Fri, 3 May 2013 19:02:58 -0400, richard wrote:
> This code may reside on a page in a line.
> < a href="http:www.code.com/gettable.php?number=1">
>
>
My idea worked just fine.
> This code may reside on a page in a line.
> < a href="http:www.code.com/gettable.php?number=1">
>
>
http://www.mroldies.net/six0.php
Richard Yates
May 3, 2013, 7:32:59 PM5/3/13
to
On Fri, 3 May 2013 19:02:58 -0400, richard <nor...@example.com>
wrote:
Your code does work. There are details about it that could be improved
and others made suggestions about in response to your first post. I
notice that in this post your id field in the database is assumed to
be a number where the last time it seemed to be a string. Do yuou know
which it is?
Have you learned about validating and sanitizing user input yet?
wrote:
and others made suggestions about in response to your first post. I
notice that in this post your id field in the database is assumed to
be a number where the last time it seemed to be a string. Do yuou know
which it is?
Have you learned about validating and sanitizing user input yet?
richard
May 3, 2013, 7:54:33 PM5/3/13
to
database field.
the int() function changes the string to an integer so that's no big deal.
As with anything you do, you refine your output as time marches on.
After all, we all know YOU were born an expert in the field right?
Denis McMahon
May 3, 2013, 8:59:35 PM5/3/13
to
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
result resource in /home/richbull/public_html/mroldies.net/showtable.php
on line 94
I see that in 15 years you haven't learned a damn thing.
--
Denis McMahon, denismf...@gmail.com
Richard Yates
May 3, 2013, 10:20:52 PM5/3/13
to
On Fri, 3 May 2013 19:54:33 -0400, richard <nor...@example.com>
wrote:
No, i am a (possibly advanced) beginner and I am not sure what your
attitude is about. I've tried out your code and answered your
questions (twice). The (basic) beginner level of your code and
questions implied that a gentle question about input validation was
reasonable. Apparently not.
wrote:
attitude is about. I've tried out your code and answered your
questions (twice). The (basic) beginner level of your code and
questions implied that a gentle question about input validation was
reasonable. Apparently not.
Beauregard T. Shagnasty
May 3, 2013, 11:37:43 PM5/3/13
to
Richard Yates wrote:
> richard the sto0pid wrote:
>>After all, we all know YOU were born an expert in the field right?
>
> No, i am a (possibly advanced) beginner and I am not sure what your
> attitude is about. I've tried out your code and answered your questions
> (twice). The (basic) beginner level of your code and questions implied
> that a gentle question about input validation was reasonable. Apparently
> not.
This must be your first encounter with RtS - richard the sto0pid. As you
can see from Denis's reply, he knows RtS.
RtS is an idiot.
--
-bts
-This space for rent, but the price is high
> richard the sto0pid wrote:
>>After all, we all know YOU were born an expert in the field right?
>
> No, i am a (possibly advanced) beginner and I am not sure what your
> attitude is about. I've tried out your code and answered your questions
> (twice). The (basic) beginner level of your code and questions implied
> that a gentle question about input validation was reasonable. Apparently
> not.
can see from Denis's reply, he knows RtS.
RtS is an idiot.
--
-bts
-This space for rent, but the price is high
SwissCheese
May 4, 2013, 7:00:56 AM5/4/13
to
$number = isset($_GET["number"]) ? $_GET["number"] : 0;
$number = (is_numeric($number) && ctype_digit($number)) ? $number : 0;
if ($number == 0) {
/* bad input - do something here
since 1 is more than likely a valid record you may not want to give
out that data based on bad input.
*/
exit;
}
// ... connection code ...
$result = mysql_query("SELECT id.email FROM people WHERE id = $number");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
?>
There are many different ways to go about sanitising your input, some
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
?>
of which you can download.
...and here's a good source (found on bobby-tables.com):
http://download.oracle.com/oll/tutorials/SQLInjection/index.htm
--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
0 new messages