Page 1 of 1

Need help with a query.

Posted: Sat Dec 30, 2006 3:06 pm
by Nicole
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hello, I know how to select an actual category or field in the database in a table and to pull its row. I just don't know how to access a field based on the name it is.

In the below code of how far I am with this, the urlname is a web site name that will be entered through a form. The name of the table is getdata. In the database will be a web site name such as php builder or whatever. Then in the php builder field I will have data inserted into the php builder row. So-

Code: Select all

<? 
$conn = mysql_connect('mysql1', 'testthis', 'password'); 
$db = mysql_select_db("testthis"); 
$url = mysql_real_escape_string($_POST['urlname']); 
$query = "SELECT $url from getdata Limit 1"; 
$result = mysql_query($query) or die(mysql_error());
I can piece the rest together from here. 
?>
I don't know how to say "select the particular field in the table that matches the web name that is inserted into the form." The query doesn't seem to take the variabe $url as is. Thank you very much.
Or

$query = "SELECT ???? from getdata where ???? = '" . $url . "';";


feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Sat Dec 30, 2006 3:10 pm
by volka
SELECT field1,fieldB,fieldXYZ FROM tablename WHERE someField='stringValue'

Re: Need help with a query.

Posted: Sat Dec 30, 2006 9:16 pm
by richmix
Nicole wrote:Hello, I know how to select an actual category or field in the database in a table and to pull its row. I just don't know how to access a field based on the name it is.

In the below code of how far I am with this, the urlname is a web site name that will be entered through a form. The name of the table is getdata. In the database will be a web site name such as php builder or whatever. Then in the php builder field I will have data inserted into the php builder row. So-

<?
$conn = mysql_connect('mysql1', 'testthis', 'password');
$db = mysql_select_db("testthis");
$url = mysql_real_escape_string($_POST['urlname']);
$query = "SELECT $url from getdata Limit 1";
$result = mysql_query($query) or die(mysql_error());
I can piece the rest together from here.
?>

I don't know how to say "select the particular field in the table that matches the web name that is inserted into the form." The query doesn't seem to take the variabe $url as is. Thank you very much.
Or

$query = "SELECT ???? from getdata where ???? = '" . $url . "';";
In PHP, you don't need to do anything special to variables when using double quotes. $string = "My father\'s name is $name."; will work just as fine as $string = "My father\'s name is " . $name;

You seem to have single quotes around the . $url . , though, like this: ' . $url . ' The PHP doesn't parse the variable that way; the query is actually being sent as "SELECT ??? FROM getdata WHERE ??? = . $url . ;". THAT IS EXACTLY WHAT IS BEING SENT TO THE MYSQL DB. Try this instead:

$query = "SELECT ??? FROM getdata WHERE ??? = \'$url\'";

Posted: Sun Dec 31, 2006 11:53 am
by Ollie Saunders

Code: Select all

$query = "SELECT $url from getdata Limit 1";
$result = mysql_query($query) or die(mysql_error());
Seems to me that should be doing what you would like to achieve. Put backticks round $url though (`$url`).

Security: Be advised $_POST['urlname'] can be spoofed to contain any value. If you are not prepared to have every field in your table exposed validate that $_POST['urlname'] contains nothing undesirable.

Posted: Sun Dec 31, 2006 12:21 pm
by arukomp
put "WHERE 1" in your sql query, i think it's required.

It should look like this:

Code: Select all

$query = "SELECT $url from getdata WHERE 1 Limit 1";
$result = mysql_query($query) or die(mysql_error());

Posted: Sun Dec 31, 2006 5:00 pm
by feyd
"WHERE 1" performs nothing extra, but does require the database to parse a tad bit more.