Writing PHP to place a snippet of code into MySql

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
utahfriend
Forum Commoner
Posts: 34
Joined: Thu Nov 10, 2005 12:25 pm
Location: Bountiful, Utah

Writing PHP to place a snippet of code into MySql

Post by utahfriend »

Hello,

I am tring to create a page that allows me to dynamically build new web pages. To do that, I have to dynamically put a line of code into Mysql.

This is the line I want to be put in the database:

<?php $_SESSION[id]=$user_id; $pagename='$newpage'; ?>

where $user_id and $newpage variables has previously been defined and their value must be put in hard code (i.e. if $user_id is 13 and $newpage is 'index" the line in the database would look like:

<?php $_SESSION[id]=13; $pagename='index'; ?>

However, when I try to run the following code, I get all kinds of errors, such as:

"You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'index';' WHERE `template_name` = 'temp'' at line 1"

Here is the code I have written, any ideas would be appreciated on how to fix it:

Code: Select all

<?PHP
include "g/global/database.php";
$user_id=13;
$newpage='index';

$temp_text="<?php $_SESSION[id]=$user_id; $pagename='$newpage';?>";


$queryString = "UPDATE template_wim SET template_header = '$temp_text' WHERE `template_name` = 'temp'";
mysql_query($queryString) or die(mysql_error());
    	

?>
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

mysql_escape_string()

You're putting unescaped quotes into a mysql query ;)
utahfriend
Forum Commoner
Posts: 34
Joined: Thu Nov 10, 2005 12:25 pm
Location: Bountiful, Utah

Post by utahfriend »

That helped. However, I had to remove the "?>" at the end of the line to make it work and then it drops "$_SESSION[id]" So I end up with:

<?php =13; =\'index\';

I also get an error still when it tries to put the string in the database:

"You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'index';' WHERE `template_name` = 'temp'' at line 1"

The new PHP I wrote is:

Code: Select all

<?PHP
include "g/global/database.php";
$user_id=13;
$newpage='index';

$temp_text="<?php $_SESSION[id]=$user_id; $pagename='$newpage';";

$escaped_text = mysql_escape_string($temp_text);
printf("Escaped string: %s\n", $escaped_text);

$queryString = "UPDATE template_wim SET template_header = '$temp_text' WHERE `template_name` = 'temp'";
mysql_query($queryString) or die(mysql_error());
    	

?>
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »


$queryString = "UPDATE template_wim SET template_header = '$temp_text' WHERE `template_name` = 'temp'";
So don't send the unescaped text to the db send $escaped_text.
utahfriend
Forum Commoner
Posts: 34
Joined: Thu Nov 10, 2005 12:25 pm
Location: Bountiful, Utah

Post by utahfriend »

Thank you. that lets it put it in the database.

Now, how do I get "$_SESSION[id]" and "?>" put back in the line?
User avatar
a94060
Forum Regular
Posts: 543
Joined: Fri Feb 10, 2006 4:53 pm

Post by a94060 »

after u do the mysql escape string put into db,how do u un escape when you retrieve them?
sheila
Forum Commoner
Posts: 98
Joined: Mon Sep 05, 2005 9:52 pm
Location: Texas

Post by sheila »

Now, how do I get "$_SESSION[id]" and "?>" put back in the line?

Code: Select all

$temp_text='<?php $_SESSION[id]=' . $user_id. '; $pagename=\'' . $newpage . "'?>;";
$escaped_text = mysql_escape_string($temp_text);
[/quote]
utahfriend
Forum Commoner
Posts: 34
Joined: Thu Nov 10, 2005 12:25 pm
Location: Bountiful, Utah

Post by utahfriend »

Thank you! Problem Solved!!!!!
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

fyi, single quotes take text as is.. double quotes will parse the variables.

In your case, the session variable was parsing as empty, so no string was entered into the query
utahfriend
Forum Commoner
Posts: 34
Joined: Thu Nov 10, 2005 12:25 pm
Location: Bountiful, Utah

Post by utahfriend »

That is very good to know, thanks!
Post Reply