|
|
Re: take two - fetch items from a row. [message #181297 is a reply to message #181295] |
Fri, 03 May 2013 23:32 |
Richard Yates
Messages: 86 Registered: September 2013
Karma: 0
|
Member |
|
|
On Fri, 3 May 2013 19:02:58 -0400, richard <noreply(at)example(dot)com>
wrote:
> This code may reside on a page in a line.
> < a href="http:www.code.com/gettable.php?number=1">
>
>
> Where I show id=$number, is that the way I want to show it or is there a
> beter way?
> I want to retrieve the row corresponding to the id number given in the
> link.
>
> <?php
>
>
> $number=$_GET["number"];
> if (empty($number)) {$number=1;}
> $number=(int)$number;
>
> // connections code left out intentionally //
>
>
> $result = mysql_query("SELECT id,email FROM people WHERE id = $number");
> if (!$result) {
> echo 'Could not run query: ' . mysql_error();
> exit;
> }
> $row = mysql_fetch_row($result);
>
> echo $row[0]; // 42
> echo $row[1]; // the email value
> ?>
Your code does work. There are details about it that could be improved
and others made suggestions about in response to your first post. I
notice that in this post your id field in the database is assumed to
be a number where the last time it seemed to be a string. Do yuou know
which it is?
Have you learned about validating and sanitizing user input yet?
|
|
|
|
Re: take two - fetch items from a row. [message #181299 is a reply to message #181296] |
Sat, 04 May 2013 00:59 |
Denis McMahon
Messages: 634 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Fri, 03 May 2013 19:13:18 -0400, richard wrote:
> On Fri, 3 May 2013 19:02:58 -0400, richard wrote:
>
>> This code may reside on a page in a line.
>> < a href="http:www.code.com/gettable.php?number=1">
> My idea worked just fine.
>
> http://www.mroldies.net/six0.php
It didn't:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
result resource in /home/richbull/public_html/mroldies.net/showtable.php
on line 94
I see that in 15 years you haven't learned a damn thing.
--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
|
|
|
Re: take two - fetch items from a row. [message #181300 is a reply to message #181298] |
Sat, 04 May 2013 02:20 |
Richard Yates
Messages: 86 Registered: September 2013
Karma: 0
|
Member |
|
|
On Fri, 3 May 2013 19:54:33 -0400, richard <noreply(at)example(dot)com>
wrote:
> On Fri, 03 May 2013 16:32:59 -0700, Richard Yates wrote:
>
>> On Fri, 3 May 2013 19:02:58 -0400, richard <noreply(at)example(dot)com>
>> wrote:
>>
>>> This code may reside on a page in a line.
>>> < a href="http:www.code.com/gettable.php?number=1">
>>>
>>>
>>> Where I show id=$number, is that the way I want to show it or is there a
>>> beter way?
>>> I want to retrieve the row corresponding to the id number given in the
>>> link.
>>>
>>> <?php
>>>
>>>
>>> $number=$_GET["number"];
>>> if (empty($number)) {$number=1;}
>>> $number=(int)$number;
>>>
>>> // connections code left out intentionally //
>>>
>>>
>>> $result = mysql_query("SELECT id,email FROM people WHERE id = $number");
>>> if (!$result) {
>>> echo 'Could not run query: ' . mysql_error();
>>> exit;
>>> }
>>> $row = mysql_fetch_row($result);
>>>
>>> echo $row[0]; // 42
>>> echo $row[1]; // the email value
>>> ?>
>>
>> Your code does work. There are details about it that could be improved
>> and others made suggestions about in response to your first post. I
>> notice that in this post your id field in the database is assumed to
>> be a number where the last time it seemed to be a string. Do yuou know
>> which it is?
>>
>> Have you learned about validating and sanitizing user input yet?
>
> I am assuming that "id" is an integer since that is how it is in the
> database field.
> the int() function changes the string to an integer so that's no big deal.
>
> As with anything you do, you refine your output as time marches on.
> After all, we all know YOU were born an expert in the field right?
No, i am a (possibly advanced) beginner and I am not sure what your
attitude is about. I've tried out your code and answered your
questions (twice). The (basic) beginner level of your code and
questions implied that a gentle question about input validation was
reasonable. Apparently not.
|
|
|
Re: take two - fetch items from a row. [message #181301 is a reply to message #181300] |
Sat, 04 May 2013 03:37 |
Beauregard T. Shagnas
Messages: 154 Registered: September 2010
Karma: 0
|
Senior Member |
|
|
Richard Yates wrote:
> richard the sto0pid wrote:
>> After all, we all know YOU were born an expert in the field right?
>
> No, i am a (possibly advanced) beginner and I am not sure what your
> attitude is about. I've tried out your code and answered your questions
> (twice). The (basic) beginner level of your code and questions implied
> that a gentle question about input validation was reasonable. Apparently
> not.
This must be your first encounter with RtS - richard the sto0pid. As you
can see from Denis's reply, he knows RtS.
RtS is an idiot.
--
-bts
-This space for rent, but the price is high
|
|
|
Re: take two - fetch items from a row. [message #181306 is a reply to message #181295] |
Sat, 04 May 2013 11:00 |
SwissCheese
Messages: 17 Registered: December 2012
Karma: 0
|
Junior Member |
|
|
On 05/03/2013 07:02 PM, richard wrote:
> This code may reside on a page in a line.
> < a href="http:www.code.com/gettable.php?number=1">
>
>
> Where I show id=$number, is that the way I want to show it or is there a
> beter way?
> I want to retrieve the row corresponding to the id number given in the
> link.
>
> <?php
>
>
> $number=$_GET["number"];
> if (empty($number)) {$number=1;}
> $number=(int)$number;
>
> // connections code left out intentionally //
>
>
> $result = mysql_query("SELECT id,email FROM people WHERE id = $number");
> if (!$result) {
> echo 'Could not run query: ' . mysql_error();
> exit;
> }
> $row = mysql_fetch_row($result);
>
> echo $row[0]; // 42
> echo $row[1]; // the email value
> ?>
>
<?php
$number = isset($_GET["number"]) ? $_GET["number"] : 0;
$number = (is_numeric($number) && ctype_digit($number)) ? $number : 0;
if ($number == 0) {
/* bad input - do something here
since 1 is more than likely a valid record you may not want to give
out that data based on bad input.
*/
exit;
}
// ... connection code ...
$result = mysql_query("SELECT id.email FROM people WHERE id = $number");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
?>
There are many different ways to go about sanitising your input, some
of which you can download.
....and here's a good source (found on bobby-tables.com):
http://download.oracle.com/oll/tutorials/SQLInjection/index.htm
--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
|
|
|