The KGB Oracle
Serving the online gaming community since 1997
Visit www.the-kgb.com
For additional information

Join KGB DISCORD: http://discord.gg/KGB
 
KGB Information
Untitled 1

Visit KGB HQ
www.the-kgb.com

Who's Online Now
0 members (), 5 guests, and 5 robots.
Key: Admin, Global Mod, Mod
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Today's Birthdays
There are no members with birthdays on this day.
Newest Members
Luckystrikes, Shingen, BillNyeCommieSpy, Lamp, AllenGlines
1,477 Registered Users
Forum Statistics
Forums53
Topics13,096
Posts116,363
Members1,477
Most Online276
Aug 3rd, 2023
Top Likes Received (30 Days)
None yet
Top Posters(30 Days)
Exey 1
Sini 1
Popular Topics(Views)
2,177,487 Trump card
1,366,374 Picture Thread
495,143 Romney
Previous Thread
Next Thread
Print Thread
Rate Thread
Page 2 of 4 1 2 3 4
Joined: Oct 2006
Posts: 1,720
Band 7
**
Offline
Band 7
**
Joined: Oct 2006
Posts: 1,720
Post yur queries Ith.


Former KGB Member
Joined: Nov 2005
Posts: 1,876
Likes: 10
KGB Supreme Court Justice
KGB Supreme Knight
****
Offline
KGB Supreme Court Justice
KGB Supreme Knight
****
Joined: Nov 2005
Posts: 1,876
Likes: 10
Ok. So first thing, in PHP : use PDO. Nothing less.
Something like that :
Code:
<?php
// Change these vars with your server infos
$DB_HOST = 'yourDbHost';
$DB_NAME = 'yourDatabaseName';
$DB_USER = 'user';
$DB_PASS = 'pass';

try{
  // Instanciate a PDO object
  $db = new PDO('mysql:dbname='.$DB_NAME.';host='.$DB_HOST);
  // Get a PDO statement
  $stmt = $db->prepare('your SQL query here');
  // Fetch all results, may be bad if there's a shitload of data
  $data = $stmt->fetchAll();
}
catch(PDOException $e){
  echo 'PDO error';
  die();
}
catch(Exception $e){
  echo 'ouch';
  die(); // That's bad, I know
}
// You should write a proper exception handler which will log all the errors into a file
// We start outputting html here, you better put the html part in a different file which you'll include
?>
<table>
<?php foreach($data AS $tuple){ ?>
  <tr>
    <td><?=$tuple['column1']?></td>
    <!-- Add more column if needed -->
  </tr>
<?php }?>
<table>


Last edited by Arkh; 06/25/09 11:00 AM.

[Linked Image from w3.the-kgb.com][Linked Image from w3.the-kgb.com]
Joined: Sep 2008
Posts: 102
Ithkrul Offline OP
KGB Champion
*****
OP Offline
KGB Champion
*****
Joined: Sep 2008
Posts: 102
As Im just starting this...what is a PDO.

The only query Im concerned with right now is
SELECT * FROM registree
Thats what is required, will add more queries as time permits. Most likely will just make another query on the primary keys.
Code:
<table>
<?php foreach($data AS $tuple){ ?>
  <tr>
    <td><?=$tuple['column1']?></td>
    <!-- Add more column if needed -->
  </tr>
<?php }?>
<table>


This is HTML output part and the creation of the tabular data on a new webpage correct?

Last edited by Ithkrul; 06/25/09 12:16 PM.
Joined: Nov 2005
Posts: 1,876
Likes: 10
KGB Supreme Court Justice
KGB Supreme Knight
****
Offline
KGB Supreme Court Justice
KGB Supreme Knight
****
Joined: Nov 2005
Posts: 1,876
Likes: 10
PDO is a method to connect to databases with php. A good method, not like what you'll find in stupid tutorials.

So, you just copy-pasta your query where there's a "your query here" and the part you quoted is what will be output.
Depending on the number of fields you have in your table, just add more columns.
If you have fields like ID, name, desc you do that :
Code:
<table>
<?php foreach($data AS $tuple){ ?>
  <tr>
    <td><?=$tuple['ID']?></td>
    <td><?=$tuple['name']?></td>
    <td><?=$tuple['desc']?></td>
  </tr>
<?php }?>
<table>


[Linked Image from w3.the-kgb.com][Linked Image from w3.the-kgb.com]
Joined: Sep 2008
Posts: 102
Ithkrul Offline OP
KGB Champion
*****
OP Offline
KGB Champion
*****
Joined: Sep 2008
Posts: 102
Code:
<?php
mysql_connect("localhost", "database", "password") or die(mysql_error());
echo "Connected to MySQL<br />";
mysql_select_db("database") or die(mysql_error());
echo "Connected to Database<br />";


$result = mysql_query("SELECT * FROM registree") or die(mysql_error());  
$row = mysql_fetch_array( $result );

// Print out the contents of the entry 
echo "<table border='1'>";
echo "	<tr> 
	<th>Name</th> 
	<th>Address1</th> 
	<th>Address2</th> 
	<th>Email</th> 
	<th>Phone</th>
	<th>SpecAsc</th>
	<th>unccID</th>
	<th>Volunteer</th>
	<th>Session</th>
	</tr>";

while($row = mysql_fetch_array( $result )) 
{
echo " <tr><td> ";
	echo $row['name'];
echo " </td><td> ";
	echo $row['address1'];
echo " </td><td> ";
	echo $row['address2'];
echo " </td><td> ";
	echo $row['email'];
echo " </td><td> ";
	echo $row['phoneNo'];
echo " </td><td> ";
	echo $row['specAsc'];
echo " </td><td> ";
	echo $row['unccId'];
echo " </td><td> ";
	echo $row['volunteer'];
echo " </td><td> ";
	echo $row['session'];
echo " </td><tr> ";
}
echo "</table>";


?>


Well I just ended up using this and it seems to work fine. Ill look at PDO instancing at a later date. Ill go back and "variableize" it later. Ive been spending too much time on this as it is and my partner is clueless. So a two person job is now a me job.

And as annoying and outdated as Tutorials are. I have basically done this whole project from like 10 different tutorials. Since my professor is borderline terribad and the text is just front to back creating ER diagrams and Schemas.

So my next question would be, how could I look up the data by searching one particular field and still have it list all the data associated with it? Like have a search box for name, and pull up all the data with people that have that name

Last edited by Ithkrul; 06/25/09 01:54 PM.
Joined: Nov 2005
Posts: 586
KGB (F3) Vice-Chancellor
Crowfall Faction
*****
Offline
KGB (F3) Vice-Chancellor
Crowfall Faction
*****
Joined: Nov 2005
Posts: 586
Just change you query by adding a where clause. Been a while since I did PHP .. but something like:


select * from registree where name = $_POST['NameOfYourTextbox'];

'NameOfYourTextbox' would be whatever you named the <input> html tag on your form.

A better practice would be to assign the posted value from the textbox to a local variable first, as such:

$myval = $_POST['NameOfYourTextbox'];
SELECT * FROM registree where name = $myval;


Other than grabbing the posted vaiable & adding it to a where clause, you should be able to use the rest of the code you posted to display the new filtered result set.


[Linked Image from w3.the-kgb.com][Linked Image from w3.the-kgb.com][Linked Image from w3.the-kgb.com]
Joined: Sep 2008
Posts: 102
Ithkrul Offline OP
KGB Champion
*****
OP Offline
KGB Champion
*****
Joined: Sep 2008
Posts: 102
is it possible to add multiple options for doing searches.

Such as
Code:
$myval1 = $_POST['fname'];
$myval2 = $_POST['lname'];
$myval3 = $_POST['phoneNo'];
$myval4 = $_POST['email'];

SELECT * 
FROM registree
WHERE fname=$myval1 or lname=$myval2 or phoneNo=$myval3 or       email=$myval4;


where im posting the variables from a form, like a search box? like if i want to search all people with the first name ithkrul
or want to search all people with the last name katir. My concern is, can I use 'or' like this? and what are the annomalies possibly faced when searching like this?

or should i only concern myself with doing searches via primary key.

Also new question concerning secure logins.

ok so i have a log in via php, but if i just copy and paste the to the url it takes me to what should be password only? basically

http://ccis004.uncc.edu/~chaconia/admin.php

and

http://ccis004.uncc.edu/~chaconia/admin.php?password-blahblah&username=blahblah

take me to the same "admin" page regardless


Last edited by Ithkrul; 06/25/09 05:17 PM.
Joined: Nov 2005
Posts: 586
KGB (F3) Vice-Chancellor
Crowfall Faction
*****
Offline
KGB (F3) Vice-Chancellor
Crowfall Faction
*****
Joined: Nov 2005
Posts: 586
You sure can do that ... you just just have to figure out your logical AND|OR's ... primary keys are typically hidden from the end user, you use these for performing updates or in JOINs from parent to child tables.

For the login ... you have to check for the password post form variable if it is not there ... meaning someone went directly to the process page ... you should redirect to an error page, or back to the login page & present the user with some message.

Use an if statement around your processing logic for the password lookup.


[Linked Image from w3.the-kgb.com][Linked Image from w3.the-kgb.com][Linked Image from w3.the-kgb.com]
Joined: Nov 2005
Posts: 1,876
Likes: 10
KGB Supreme Court Justice
KGB Supreme Knight
****
Offline
KGB Supreme Court Justice
KGB Supreme Knight
****
Joined: Nov 2005
Posts: 1,876
Likes: 10
Everytime you use mysql_* php function or use raw form input data, baby raptor Jesus kills a puppy.


[Linked Image from w3.the-kgb.com][Linked Image from w3.the-kgb.com]
Joined: Apr 2009
Posts: 68
KGB Champion
*****
Offline
KGB Champion
*****
Joined: Apr 2009
Posts: 68
obviously for this type of assignment he is not wanting to safeguard against sql injection...

Generally for the search queuries..you can use something like this (I'm not a php guy..so no guarantees on syntax)

$myval1 = $_POST['fname'];
$myval2 = $_POST['lname'];
$myval3 = $_POST['phoneNo'];
$myval4 = $_POST['email'];

$myWhereMaker = " where 1=1 ";
if ($myval1 != "")
$myWhereMaker = $myWhereMaker + " and fname like %"+$myval1+"%";
if ($myval2 != "")
$myWhereMaker = $myWhereMaker + " and lname like %"+$myval2+"%";
if ($myval3 != "")
$myWhereMaker = $myWhereMaker + " and phoneno like %"+$myval3+"%";
if ($myval4 != "")
$myWhereMaker = $myWhereMaker + " and email like %"+$myval4+"%";

$result = mysql_query("SELECT * FROM registree" + $myWhereMaker


Generally you don't pass user/pass in a querystring either ...instead use a submit form..the request should be the same regardless..and like he says..if you dont have a value when you check the request..then redirect the page back to the login..or error

Page 2 of 4 1 2 3 4

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.5