Results 1 to 16 of 16
  1. #1
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    Little help with PHP please..?
    I'm not a programmer, I usually tend to cobble things together with sample scripts (and periodic help!). But I'm stumped today..

    I built my own little manual database to track a few items, found php code to display the results in xml (code below). But I can't figure out how to serve the results based on a variable (my own flag).

    myscript.php?myflag=new

    The XML output for hard-coded results:
    <?
    header("content-type:text/xml");
    function getXML($sql="Default Query")
    {
    $conn=mysql_connect("localhost","user","pw");
    $db=mysql_select_db("my_db");
    $result = mysql_query($sql,$conn);
    $columns="";
    echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
    echo "<myflag=\"new\">\n";
    while($row=mysql_fetch_assoc($result))
    {
    $columns.=" <promo>\n";
    foreach($row as $key => $value)
    {
    $columns.=" <$key>$value</$key>\n";
    }
    $columns.=" </promo>\n";
    }
    echo $columns;
    echo "</vendor>\n";
    }
    getXML("SELECT * FROM table where myflag = 'new' ");
    ?>
    I've tried to create a variable for the "where" statement at the bottom, but it doesn't work:

    $myflag = $_GET['myflag'];
    getXML("SELECT * FROM table where myflag = '.$myflag.' ");

    I just can't find the proper syntax - any help would be MUCH appreciated! I spent hours last night looking through php coding sites - something tells me this is quite basic, and I'm probably missing the obvious

    Thanks folks..

  2. #2
    ABW Veteran Mr. Sal's Avatar
    Join Date
    January 18th, 2005
    Posts
    6,795
    The XML output for hard-coded results:
    I'm not too sure about this but, I think you have a coupe of ; missing in that code.

    ?

  3. #3
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    This output actually works - not sure why, I just found a similar snippet & made it fit!

    Creating a variable in the "where" statement is what I can't figure out...

    Thanks

  4. #4
    ABW Ambassador Greg Rice's Avatar
    Join Date
    January 18th, 2005
    Location
    Ohio
    Posts
    4,889
    The query itself looks ok, did you try to run it by itself to see if you get any results, like a simple page or with phpMyAdmin?
    Greg Rice Affiliate Program Management
    www.gocmc.com info(AT)gocmc.com | 330-259-1223

    Join us! - MiNeeds.com | DiscountCandleShop/CheeseSupply | Feng Shui Plaza

  5. #5
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    This query is hard-coded results for "new".. it works but I don't want to create 3 php files for the different flags..

    I don't know how/where to create a variable for "new", "original", "modified" (my flags)

    myscript.php?myflag=new
    myscript.php?myflag=original
    myscript.php?myflag=modified

  6. #6
    ABW Veteran Mr. Sal's Avatar
    Join Date
    January 18th, 2005
    Posts
    6,795
    Quote Originally Posted by teezone
    This query is hard-coded results for "new".. it works but I don't want to create 3 php files for the different flags..

    I don't know how/where to create a variable for "new", "original", "modified" (my flags)

    myscript.php?myflag=new
    myscript.php?myflag=original
    myscript.php?myflag=modified
    would something like this work?

    if ($myflag == "new"){echo "$new";}
    if ($myflag == "original"){echo "$original";}
    if ($myflag == "modified"){echo "$modified";}

  7. #7
    ABW Ambassador Greg Rice's Avatar
    Join Date
    January 18th, 2005
    Location
    Ohio
    Posts
    4,889
    Quote Originally Posted by teezone
    This query is hard-coded results for "new".. it works but I don't want to create 3 php files for the different flags..

    I don't know how/where to create a variable for "new", "original", "modified" (my flags)

    myscript.php?myflag=new
    myscript.php?myflag=original
    myscript.php?myflag=modified
    Are you trying to pass this variable to a new page or trying to get this code working on a hard coded page?
    Greg Rice Affiliate Program Management
    www.gocmc.com info(AT)gocmc.com | 330-259-1223

    Join us! - MiNeeds.com | DiscountCandleShop/CheeseSupply | Feng Shui Plaza

  8. #8
    Full Member
    Join Date
    January 18th, 2005
    Posts
    396
    Probably adding more confusion than help but ...

    If you are trying to 'read' a variable in from - say www.mysite.com/myscript.php?myflag=new

    I would look at the php 'variable' $_GET[] as $FlagInfo = $_GET['myflag'];

  9. #9
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    Are you trying to pass this variable to a new page or trying to get this code working on a hard coded page?
    .. pass the variable in a new page.

    I created the hard-coded page, which worked (that was step 1). Step 2 would be to modify the code to allow a variable in the url.. (if I ever figure it out!).

    This approach should work:

    $myflag = $_GET['myflag'];
    getXML("SELECT * FROM table where myflag = '.$myflag.' ");

    But it doesn't.. not sure where it should be inserted, or how (syntax error, something in the existing code that stops it from working?)

  10. #10
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    The problem is here:

    Code:
    getXML("SELECT * FROM table where myflag = '.$myflag.' ");
    You've got .'s around $myflag which will not do what you want. Your resulting query looks something like this:

    Code:
    select * from table where myflag = '.new.'
    I think you're trying to concatenate the variable onto your query, but your syntax is incorrect for that. You really don't need it anyway. You can simply do it like this:

    Code:
    getXML("SELECT * FROM table where myflag = '$myflag' ");
    It's always best to set an SQL query to a variable first so you can check it for errors by echoing it. This would have made your mistake clear upon inspection of your query. For example:

    Code:
    $query = "SELECT * FROM table where myflag = '$myflag' ";
    echo $query;
    getXML($query);

    And lastly your code is susceptible to SQL injection. Somebody could append malicious code to your URL that deletes rows from your table or worse. You should always escape your inputs before sending them to mySQL:

    Code:
    $myflag = mysql_real_escape_string($_GET[ 'myflag' ]);
    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  11. #11
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    Hi Scott, thanks for the specifics, very helpful!

    Have implemented changes, but no results show from the database.. sorry to post the whole code, but can you take a quick gander at this?

    URL: myscript.php?myflag=new
    <?
    header("content-type:text/xml");
    function getXML($sql="Default Query")
    {
    $conn=mysql_connect("localhost","user","pw");
    $db=mysql_select_db("mydatabase");
    $myflag = $_GET[ 'flag' ];
    $result = mysql_query($sql,$conn);
    $columns="";
    echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
    echo "<flag id=\"flag\">\n";
    while($row=mysql_fetch_assoc($result))
    {
    $columns.=" <records>\n";
    foreach($row as $key => $value)
    {
    $columns.=" <$key>$value</$key>\n";
    }
    $columns.=" </records>\n";
    }
    echo $columns;
    echo "</flag>\n";
    }
    getXML("SELECT * FROM table where flag = '$myflag' ");
    ?>
    I just wish this was easier for me, lots to learn

    Have checked db/table/field names as well.
    Thanks a mil!

  12. #12
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    You forgot a line:

    Code:
    $myflag = mysql_real_escape_string($_GET[ 'myflag' ]);
    You can't use $myflag unless you define it.

    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  13. #13
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    Just want to point out that if you had done this you would have seen that $myflag is empty:

    Code:
    $query = "SELECT * FROM table where myflag = '$myflag' ";
    echo $query;
    getXML($query);
    This is a very important technique and will save you a lot of trouble down the road.

    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  14. #14
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    You're a genius!

    (I added $query in my own version, was just trying to keep code similar to first version posted)

    $myflag actually was defined near the top - the problem was that I used the table FIELD name (field name is 'flag' as opposed to variable in the url, which is 'myflag').

    For anyone looking for same, here is the new section:
    $myflag = $_GET[ 'myflag' ];
    $query = "SELECT * FROM table where flag = '$myflag' ";
    echo $query;
    getXML($query);
    This is brilliant Scott.. thank you SO much for your help!!


  15. #15
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    You're still missing mysql_real_escape_string. This will protect you from SQL injection, it's very important.

    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  16. #16
    Moderator
    Join Date
    April 6th, 2006
    Posts
    2,689
    It will be included, I'm just testing/formatting the output!

    Thanks again, you've been a real help...

  17. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. PHP question - include(file.php) with variables
    By teezone in forum Programming / Datafeeds / Tools
    Replies: 8
    Last Post: September 4th, 2009, 04:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •