Need help with a query.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Nicole
Forum Newbie
Posts: 22
Joined: Thu Oct 26, 2006 7:47 am

Need help with a query.

Post by Nicole »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hello, I know how to select an actual category or field in the database in a table and to pull its row. I just don't know how to access a field based on the name it is.

In the below code of how far I am with this, the urlname is a web site name that will be entered through a form. The name of the table is getdata. In the database will be a web site name such as php builder or whatever. Then in the php builder field I will have data inserted into the php builder row. So-

Code: Select all

<? 
$conn = mysql_connect('mysql1', 'testthis', 'password'); 
$db = mysql_select_db("testthis"); 
$url = mysql_real_escape_string($_POST['urlname']); 
$query = "SELECT $url from getdata Limit 1"; 
$result = mysql_query($query) or die(mysql_error());
I can piece the rest together from here. 
?>
I don't know how to say "select the particular field in the table that matches the web name that is inserted into the form." The query doesn't seem to take the variabe $url as is. Thank you very much.
Or

$query = "SELECT ???? from getdata where ???? = '" . $url . "';";


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Last edited by Nicole on Sat Dec 30, 2006 4:29 pm, edited 2 times in total.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

SELECT field1,fieldB,fieldXYZ FROM tablename WHERE someField='stringValue'
richmix
Forum Commoner
Posts: 31
Joined: Fri Dec 22, 2006 5:21 am

Re: Need help with a query.

Post by richmix »

Nicole wrote:Hello, I know how to select an actual category or field in the database in a table and to pull its row. I just don't know how to access a field based on the name it is.

In the below code of how far I am with this, the urlname is a web site name that will be entered through a form. The name of the table is getdata. In the database will be a web site name such as php builder or whatever. Then in the php builder field I will have data inserted into the php builder row. So-

<?
$conn = mysql_connect('mysql1', 'testthis', 'password');
$db = mysql_select_db("testthis");
$url = mysql_real_escape_string($_POST['urlname']);
$query = "SELECT $url from getdata Limit 1";
$result = mysql_query($query) or die(mysql_error());
I can piece the rest together from here.
?>

I don't know how to say "select the particular field in the table that matches the web name that is inserted into the form." The query doesn't seem to take the variabe $url as is. Thank you very much.
Or

$query = "SELECT ???? from getdata where ???? = '" . $url . "';";
In PHP, you don't need to do anything special to variables when using double quotes. $string = "My father\'s name is $name."; will work just as fine as $string = "My father\'s name is " . $name;

You seem to have single quotes around the . $url . , though, like this: ' . $url . ' The PHP doesn't parse the variable that way; the query is actually being sent as "SELECT ??? FROM getdata WHERE ??? = . $url . ;". THAT IS EXACTLY WHAT IS BEING SENT TO THE MYSQL DB. Try this instead:

$query = "SELECT ??? FROM getdata WHERE ??? = \'$url\'";
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Code: Select all

$query = "SELECT $url from getdata Limit 1";
$result = mysql_query($query) or die(mysql_error());
Seems to me that should be doing what you would like to achieve. Put backticks round $url though (`$url`).

Security: Be advised $_POST['urlname'] can be spoofed to contain any value. If you are not prepared to have every field in your table exposed validate that $_POST['urlname'] contains nothing undesirable.
arukomp
Forum Contributor
Posts: 113
Joined: Sun Sep 24, 2006 4:22 am

Post by arukomp »

put "WHERE 1" in your sql query, i think it's required.

It should look like this:

Code: Select all

$query = "SELECT $url from getdata WHERE 1 Limit 1";
$result = mysql_query($query) or die(mysql_error());
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

"WHERE 1" performs nothing extra, but does require the database to parse a tad bit more.
Post Reply