Shinyshell Community Forums > Coding > I have a MySQL Query |
||||||
Sign Up | Member List | New Posts | Help |
[1]
July 24 02009, 18:36 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
lol I couldn't resist...
Anyway. Editing a user bio. <form action="?id=usercp" method="post"> $bio = htmlspecialchars($_POST['bio']); If I write "Hey I'm Peter" on the form, it comes up with a MySQL error thanks to the apostrophe. I want users to be able to use apostrophes... how can I fix it? ;-; |
July 24 02009, 19:45 GMT | ||||
Pikachu Kelp is good! Location: California Post count: 50 |
Use addslashes().
<?php I would use update rather than insert. ______________________________ Linux | Chrome | Python | Chuck |
July 25 02009, 16:05 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
When I'm retrieving the data, can I remove the slashes?
|
July 25 02009, 20:17 GMT | ||||
Pikachu Kelp is good! Location: California Post count: 50 |
There's no need to remove the slashes. For example:
<?php This would echo "I'm Peter". Adding slashes just allows you to input apostrophes into the database, so that you won't get an error. ______________________________ Linux | Chrome | Python | Chuck |
July 26 02009, 02:23 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
OH, I see now. I should have known that... anyway. Won't mysql_real_escape_string do the same?
|
July 26 02009, 02:56 GMT | ||||
Pikachu Kelp is good! Location: California Post count: 50 |
mysql_real_escape_string makes sure that someone doesn't try to drop your tables. I'm not too sure if it adds slashes, since I haven't used it in awhile.
______________________________ Linux | Chrome | Python | Chuck |
July 26 02009, 04:16 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
Apparently it does, because it let me add the data without a MySQL error. :D
Will this work for a user registration script? function register() I think it should add all the data. I haven't put in the script to check whether or not the user exists or the email exists. I'm also unsure about the CURDATE() thing. EDIT: I took out the CURDATE() thing for now... I'll figure that out later. Here's the modified code. //Add the user into the users MySQL table |
July 26 02009, 16:52 GMT | ||||
Pikachu Kelp is good! Location: California Post count: 50 |
See, the problem with this is that you're using an if-else. What if both the username and email are taken? The if-else statement will only be able to echo the first one. This is solved with by making them separate if statements:
<?php Now, if both the username and email are taken, both statements will be echoed. ______________________________ Linux | Chrome | Python | Chuck |
July 27 02009, 21:47 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
Ok, I hadn't considered that. xD But it's fixed now. I've added a lot of other conditions, too. The basic system works... now I just have to add everything else. @_@ Coding is enjoyable.
"Thanks, Pikachu," said Ash. How would I echo only a certain amount of information from a MySQL table? Three rows, for example. |
July 28 02009, 00:11 GMT | ||||
Pikachu Kelp is good! Location: California Post count: 50 |
Using LIMIT:
<?php That should echo the first three rows. I haven't tested it out, but if it doesn't work, try: <?php And you're welcome, I'm always here to help. ______________________________ Linux | Chrome | Python | Chuck |
August 07 02009, 18:11 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
//Insert an update <?php Apparently since UPDATE is a MySQL command you can't name a column that. xD |
September 25 02009, 23:16 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
More problems :D
This is back to my other site, which is in PHP. Sorry about the double post :/ <?php It just modifies a post. But when I try to update, it just inserts 0 into the database. |
September 26 02009, 00:42 GMT | ||||
Faltzer Member Location: Glendale, New York Post count: 38 |
Why are you not treating $pid as an integer and type-casting it, and why are you quoting it in your MySQL query?
Why are you using a hidden field for something that should be in GET? ______________________________ FHQ |
September 26 02009, 01:20 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
The first part of the if statement is for after the submission of the form. This is part of my Admin CP. The original URL is something like this: http://site.com/cms/index.php?id=edit&pid=13 . It obviously shows up the the form what the MySQL table says. The second URL looks like this: http://site.com/cms/index.php?id=edit .
Are you saying that I should treat the query with $pid like this: $query = "SELECT * FROM posts WHERE id=".$pid; ? I don't think I understand lol |
September 26 02009, 01:36 GMT | ||||
Faltzer Member Location: Glendale, New York Post count: 38 |
I don't know why you'd concatenate if you're already using interpolation. Just remove the single-quotes. And you shouldn't be using hidden form fields for that. All nitpicks aside, you're not being specific enough. Provide more information; i.e. your schema for said table.
______________________________ FHQ |
September 26 02009, 02:01 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
id (primary key), 11 character integer, auto-incremental
title, 50 character varchar user, 50 character varchar date, date post, 500 character varchar I tried it with and without concatenating. And the field post can be up to 500 characters, while the max for a GET variable is 100. |
September 26 02009, 02:23 GMT | ||||
Faltzer Member Location: Glendale, New York Post count: 38 |
Unless you want your posts to only be 500 characters, I suggest you make it a TEXT field instead of a VARCHAR. Either way, I modified the script, and it seems to work on my end. I've added logic, also eliminated a possible SQL injection. I coded it in accordance to your style; although coding islands are messy any. Try it out:
<?php http://faltzershq.com/form.php?id=edit&pid=1 http://faltzershq.com/form.php?id=edit&pid=2 ______________________________ FHQ |
September 26 02009, 12:29 GMT | ||||
Peter* A Pythonic One Location: US Post count: 99 |
Thank you. ^-^ I found the problem with my original code. Rather than saying "title='$title', post='$post'," I said, "title='$title' and post='$post'."
|
[1]
Forum Information |
||||||||||
|