echo query results (php mysql)

phuschnickensphuschnickens Beverly Hills, Michigan Member
edited May 2009 in Internet & Media
I'm still newbin' around with php. I've setup a query to look for a specific field in a specific row if it matches a given variable. The query is working correctly... or at least it's returning the correct number of results which is 2 and when I echo the result, it returns one of the correct values (the other one doesn't appear however). I'm attaching the code -->
adv.php.txt


Thank you!!

Comments

  • LincLinc Owner Detroit Icrontian
    edited April 2009
    1. You need a while loop to run through your database results.

    2. Don't ever just plug a string into a database query. Run it inside mysql_real_escape_string every time, all the time, for everything. It's your best defense against getting noobed by a SQL injection attack.

    [php]
    $r = mysql_query("SELECT * FROM adv
    WHERE orgnum = '".mysql_real_escape_string($myusername)."'");

    while( $a = mysql_fetch_array($r) ) {
    echo $a;
    }[/php]

    3. Don't post your database connection info in public, even if you think it's not important.

    :)
  • phuschnickensphuschnickens Beverly Hills, Michigan Member
    edited April 2009
    wow. thank you. I figured you'd be the one to respond. probably looks easy to you... looks like greek to me... or like php to me.

    and thank you for tip three. i modified the attachment. i was being careless.
  • LincLinc Owner Detroit Icrontian
    edited April 2009
    A neat trick is to make a "config.php" (or whatever) with all your database info in it, like this:
    [php]function connect() { # Connect to database
    $host = 'localhost';
    $user = 'username';
    $pass = 'password';
    $connect = mysql_connect($host, $user, $pass);
    if (!$connect){
    die("Could not connect to database: " . mysql_error());
    }
    }

    function query_dbname( $query ) {
    mysql_select_db('dbname');
    return mysql_query($query);
    }

    connect(); # Initiate a db connect for every script

    [/php]

    Then in your scripts, you include the config at the start:

    [php]include_once('config.php');[/php]

    And anywhere you need to talk to the database you just say:

    [php]$result = query_dbname( 'query goes here' );[/php]

    That saves retyping the same connect info all over the place. :) Just remember to keep config.php in the same directory you're working in or call it appropriately otherwise in the include line.
  • phuschnickensphuschnickens Beverly Hills, Michigan Member
    edited April 2009
    everything you suggested works perfectly. i'm trying to get the desired results into different html cells of an html table (each cell will hold multiple mysql cells of the appropriate mysql row).

    Thanks again for your help and I'll keep posting here as I run into roadblocks as long as you're willing to help.

    If you feel like checking it out (it's still kinda in the baby stages), go to test.cathedraldirectories.com and user: mibif540 pass: 1234
  • LincLinc Owner Detroit Icrontian
    edited April 2009
    Each record as its own row:
    [php]$r = mysql_query("SELECT * FROM adv
    WHERE orgnum = '".mysql_real_escape_string($myusername)."'");

    echo '<table>';

    while( $a = mysql_fetch_array($r) ) {
    echo '<tr><td>'.$a.'</td></tr>';
    }

    echo '</table>';
    [/php]
  • edited May 2009
    Lincoln wrote:
    A neat trick is to make a "config.php" (or whatever) with all your database info in it, like this:
    [php]function connect() { # Connect to database
    $host = 'localhost';
    $user = 'username';
    $pass = 'password';
    $connect = mysql_connect($host, $user, $pass);
    if (!$connect){
    die("Could not connect to database: " . mysql_error());
    }
    }

    function query_dbname( $query ) {
    mysql_select_db('dbname');
    return mysql_query($query);
    }

    connect(); # Initiate a db connect for every script

    [/php]Then in your scripts, you include the config at the start:

    [php]include_once('config.php');[/php]And anywhere you need to talk to the database you just say:

    [php]$result = query_dbname( 'query goes here' );[/php]That saves retyping the same connect info all over the place. :) Just remember to keep config.php in the same directory you're working in or call it appropriately otherwise in the include line.

    I believe you can even put it in an apache password protected folder, which is just another step that's probably good to go with.
  • LincLinc Owner Detroit Icrontian
    edited May 2009
    MachineDog wrote:
    I believe you can even put it in an apache password protected folder, which is just another step that's probably good to go with.
    It's unnecessary, and certainly needlessly confusing at this stage for phuschnickens.
Sign In or Register to comment.