echo query results (php mysql)

phuschnickens

I'm still newbin' around with php. I've setup a query to look for a specific field in a specific row if it matches a given variable. The query is working correctly... or at least it's returning the correct number of results which is 2 and when I echo the result, it returns one of the correct values (the other one doesn't appear however). I'm attaching the code -->

Thank you!!

Linc

1. You need a while loop to run through your database results.

2. Don't ever just plug a string into a database query. Run it inside mysql_real_escape_string every time, all the time, for everything. It's your best defense against getting noobed by a SQL injection attack.

[php]
$r = mysql_query("SELECT * FROM adv
WHERE orgnum = '".mysql_real_escape_string($myusername)."'");

while( $a = mysql_fetch_array($r) ) {
echo $a;
}[/php]

3. Don't post your database connection info in public, even if you think it's not important.

phuschnickens

wow. thank you. I figured you'd be the one to respond. probably looks easy to you... looks like greek to me... or like php to me.

and thank you for tip three. i modified the attachment. i was being careless.

Linc

A neat trick is to make a "config.php" (or whatever) with all your database info in it, like this:
[php]function connect() { # Connect to database
$host = 'localhost';
$user = 'username';
$pass = 'password';
$connect = mysql_connect($host, $user, $pass);
if (!$connect){
die("Could not connect to database: " . mysql_error());
}
}

function query_dbname( $query ) {
mysql_select_db('dbname');
return mysql_query($query);
}

connect(); # Initiate a db connect for every script

[/php]

Then in your scripts, you include the config at the start:

[php]include_once('config.php');[/php]

And anywhere you need to talk to the database you just say:

[php]$result = query_dbname( 'query goes here' );[/php]

That saves retyping the same connect info all over the place. Just remember to keep config.php in the same directory you're working in or call it appropriately otherwise in the include line.

phuschnickens

everything you suggested works perfectly. i'm trying to get the desired results into different html cells of an html table (each cell will hold multiple mysql cells of the appropriate mysql row).

Thanks again for your help and I'll keep posting here as I run into roadblocks as long as you're willing to help.

If you feel like checking it out (it's still kinda in the baby stages), go to test.cathedraldirectories.com and user: mibif540 pass: 1234

Linc

Each record as its own row:
[php]$r = mysql_query("SELECT * FROM adv
WHERE orgnum = '".mysql_real_escape_string($myusername)."'");

echo '<table>';

while( $a = mysql_fetch_array($r) ) {
echo '<tr><td>'.$a.'</td></tr>';
}

echo '</table>';
[/php]

MachineDog

Lincoln wrote:

A neat trick is to make a "config.php" (or whatever) with all your database info in it, like this:
[php]function connect() { # Connect to database
$host = 'localhost';
$user = 'username';
$pass = 'password';
$connect = mysql_connect($host, $user, $pass);
if (!$connect){
die("Could not connect to database: " . mysql_error());
}
}

function query_dbname( $query ) {
mysql_select_db('dbname');
return mysql_query($query);
}

connect(); # Initiate a db connect for every script

[/php]Then in your scripts, you include the config at the start:

[php]include_once('config.php');[/php]And anywhere you need to talk to the database you just say:

[php]$result = query_dbname( 'query goes here' );[/php]That saves retyping the same connect info all over the place. Just remember to keep config.php in the same directory you're working in or call it appropriately otherwise in the include line.

I believe you can even put it in an apache password protected folder, which is just another step that's probably good to go with.

Linc

MachineDog wrote:

I believe you can even put it in an apache password protected folder, which is just another step that's probably good to go with.

It's unnecessary, and certainly needlessly confusing at this stage for phuschnickens.