| |||||||||||
| |||||||||||
Selecting information from a database table - fully validated
Using MySQL Databases in PHP Pages example from a Well House Consultants training course
More on Using MySQL Databases in PHP Pages [link] Source code: select2.php Module: H113
<head><title>Look up a place in an SQL table</title></head>
<body bgcolor=white> <h1>We know where you are!</h1> <form>What does your postcode start with? <input name=pc></form> <hr> <?php /////////////// See if the user completed a form or not if ($_GET[pc] == "") { print ("Your results will come here"); } else { /////////////// And if the user DID complete a form, make sure that the /////////////// data entered didn't contain any illegal characters $bpos=strspn( strtolower($_GET[pc]), "abcdefghihjlmnopqrstuvwxyz"); if ($bpos < strlen($_GET[pc])) { $pc = $_GET[pc]; ?> You are only allowed letters in the string to search in this particular example. You didn't :-( ....<br> <?php die ("First bad character was '$pc[$bpos]'"); } //////////////// Connect to the MySQL server, and flag any errors if //////////////// the connection cannot be established $dbid = mysql_connect("bhajee","trainee","abc123"); $dbid or die ("Sorry - SQL server is unavailable"); //////////////// Select the database called "test" and flag any errors //////////////// if the database selection fails mysql_select_db("test",$dbid) or die("No database called test"); /////////////// Make up the query. Note - we have already checked the /////////////// incoming variable for illegal characters, so there's no /////////////// need to addslashes here, nor to htmlspecialchars $query /////////////// in the printed text $query = 'SELECT * from dist WHERE code LIKE "%'. $_GET[pc]. '%"'; print ("My query is <b>$query</b><br>"); ////////////////// Run the query, and flag any error that are thrown up ////////////////// Could be a problem if user "trainee" doesn't have select_priv $result = mysql_query($query,$dbid) or die("Unable to run your query"); ////////////////// Fetch results back. No errors will be flagged; a false ////////////////// return will come back when results are completed while ($record = mysql_fetch_assoc($result)) { ////////////////// Apply htmlspecialchars to the fields back from the database ////////////////// in case the have lessthan ampersand quote or greaterthans in them print (htmlspecialchars($record[code])." is ". htmlspecialchars($record[description])."<br>"); $counter++; } ////////////////// If the result set was empty, tell the user - don't just give ////////////////// back an empty window! if ($counter < 1) { print ("Nice input - pity it didn't match"); } } ?> Learn about this subject
This module and example are covered on the following public courses:
* Learning to program in PHP * PHP Programming * MySQL * PHP Programming * Learning to program in PHP Also available on on site courses for larger groups Books covering this topic
Yes. We have over 700 books in our library. Books
covering PHP are listed here and when you've selected a
relevant book we'll link you on to Amazon to order.
Other Examples
This example comes from our "Using MySQL Databases in PHP Pages" training module. You'll find a description of the topic and some
other closely related examples on the "Using MySQL Databases in PHP Pages" module index page.
Full description of the source code
You can learn more about this example on the training courses listed on this page,
on which you'll be given a full set of training notes.
Many other training modules are available for download (for limited use) from our download centre under an Open Training Notes License. Other resources
• Our Solutions centre provides a number of longer technical articles.
• Our Opentalk forum archive provides a question and answer centre. • The Horse's mouth provides a daily tip or thought. • Further resources are available via the resources centre. • All of these resources can be searched through through our search engine • And there's a global index here. Web site author
Purpose of this website
This is a sample program, class demonstration or answer from a
training course. It's main purpose
is to provide an after-course service to customers who have attended our
public private or
on site courses, but the examples are made
generally available under conditions described below.
Conditions of use
Past attendees on our training courses are welcome to use individual
examples in the course of their programming, but must check
the examples they use to ensure that they are suitable for their
job. Remember that some of our examples show you how not to do
things - check in your notes. Well House Consultants take no responsibility
for the suitability of these example programs to customer's needs.
This program is copyright Well House Consultants Ltd. You are forbidden from using it for running your own training courses without our prior written permission. See our page on courseware provision for more details. Any of our images within this code may NOT be reused on a public URL without our prior permission. For Bona Fide personal use, we will often grant you permission provided that you provide a link back. Commercial use on a website will incur a license fee for each image used - details on request. |
| ||||||||||
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho PAGE: http://www.wellho.net/resources/ex.php • PAGE BUILT: Sun Oct 11 14:50:09 2020 • BUILD SYSTEM: JelliaJamb |