Page 1 of 1

Need Professional Help with AJAX, PHP and MYSQL

Posted: Fri Mar 24, 2006 7:37 pm
by Kofikoduah
i'm currently trying to get php to create a table based on data it recieves from a database. I'm using the AJAX concept to minimise overall http requests sent. below is a snapshot of my php code (unfinished, but working). please note, the place i want the dynamic table is where i have <image><?=$myrow['photo']?></image>. can someone please help with a dynamic table. would the code go into the xml file or in to the php code? help please...

Code: Select all

<?php
header("Content-type: text/xml");
echo("<?xml version='1.0' ?>\n");

function estimate($string)
{
	$stringLength = strlen($string);
	$subtract = floor($stringLength*.20);
	$newString = substr($string,0,$stringLength-$subtract);
	return trim($newString);
}

// Sanitizes user inputs
// Usage: $cleanArray = sanitize($taintedArray);
function sanitize($arr)
{
    foreach ($arr as $key => $value) 
	{
		$arr[$key] = trim(preg_replace("/[^0-9a-zA-Z@. _?\n,:\/'-]/", "", $arr[$key]));
		$arr[$key] = str_replace("'","''",$arr[$key]); # For SQL inserts
	}
	return ($arr);
}

// Remove apostraphe from strings
function stripApost($data)
{
	return preg_replace (
       array (
			   "/'/"		// remove single apostraphe
       ),
       array (
               ''      // ... nothing			   
       ),
       $data);
}

// Sanitize tainted data
$_GET = sanitize($_GET);


// Use first 80% of user variables to guess possible matches
$firstname = isset($_GET['fName']) ? estimate($_GET['fName']) : "";
$lastname = isset($_GET['lName']) ? estimate($_GET['lName']) : "";
$street = isset($_GET['street']) ? estimate($_GET['street']) : "";
$area = isset($_GET['area']) ? estimate($_GET['area']) : "";
$postcode = isset($_GET['postcode']) ? estimate($_GET['postcode']) : "";
$tel = isset($_GET['tel']) ? estimate($_GET['tel']) : "";
$email = isset($_GET['email']) ? estimate($_GET['email']) : "";

$db = mysql_connect("localhost","root","") or die("unable to perform action"); 
mysql_select_db("project",$db) or die("unable to perform action"); 


$sql = "
		SELECT b.photo, b.advert_ID FROM property a INNER JOIN property_advert b ON a.property_ID = b.property_ID
		";
$sql3 = "SELECT photo FROM property_advert WHERE property_ID = 2";

if ($lastname) $sql .=	"AND lName LIKE '$lastname%' ";
if ($street) $sql .=	"AND street LIKE '$street%' ";
if ($area) $sql .=	"AND city LIKE '$area%' ";
if ($postcode) $sql .=	"AND postcode LIKE '$postcode%' ";
if ($tel) $sql .=	"AND private_tel LIKE '$tel%' ";
if ($email) $sql .=	"AND email LIKE '$email%' ";

$result = mysql_query($sql);
$result2 = mysql_query($sql3);

	
$photo=mysql_result($result2,"photo");



?>
<owners>
<?
if ($myrow = mysql_fetch_array($result)) {   
  do { 
?>
<entry id='<?=$myrow['advert_ID']?>001'>
<title><?=$myrow['advert_ID']?></title>
<image><?=$myrow['photo']?></image>
</entry>

<?
  }while ($myrow = mysql_fetch_array($result)); 
}else{
?>
<entry id='001'>

</entry>
<?
}
?>
</owners>