Page 1 of 1

coding and dbase

Posted: Wed Aug 27, 2003 11:55 am
by Hajduk
Ok, I have two questions. First, how can I improve this coding below:

Code: Select all

<? include "header.php" ?> 
<? 
$hostname = "www.www.com";         // Usually localhost. 
$username = "fluffy";     // If you have no username, leave this space empty. 
$password = "fluffy";         // The same applies here. 
$usertable = "Prezime";         // This is the table you made. 
$dbName = "ifluffy";         // This is the main database you connect to. 

MYSQL_CONNECT($hostname, $username, $password) OR DIE("Unable to connect to database"); 
@mysql_select_db( "$dbName") or die( "Unable to select database"); 
?> 
<? 
//error message (not found message) 
$XX = "No Record Found"; 

$query = mysql_query("SELECT * FROM $usertable WHERE surname LIKE '%$search%' LIMIT 0, 1 ") or die (mysql_errno() . ' ' . mysql_error()); 
while ($row = mysql_fetch_array($query)) 
&#123; 
echo('<b>Surname:</b> ' . $row&#1111;"surname"] . '<br>'); 
echo('<b>Place:</b> ' . $row&#1111;"place"] . '<br>'); 
echo('<b>Region:</b> ' . $row&#1111;"region_country"] . '<br>'); 
echo('<b>Family Saint:</b> ' . $row&#1111;"family_saint "] . '<br>'); 
echo('<b>Information:</b> ' . $row&#1111;"information"] . '<br>'); 
echo('<br>'); 

&#125; 

//below this is the function for no record!! 
if (!mysql_num_rows($query)) 
&#123; 
print ("$XX"); 
&#125; 
//end 
?> 
<? include "footer.php" ?>
As you can see I have a table with in which this form is searching. Now I wish to add pictures to this database to be displayed in the search results. How can I do this?

All help is welcome,

SPanx in advance!

Posted: Wed Aug 27, 2003 12:01 pm
by JAM
You could add a field (varchar perhaps) where you store links to images in the form: "images/1.gif", "images/2.gif" as example, for each of the users. When retrieving the data, you get the above info, and you can printout an img src-tag.

Personally, I dont like storing images as binary in the database as I'm not yet over-convinced that it's any good (exceptions in some areas).

If you want your users to store their own images, you use a similar way, but store the users images in one folder, the image-name in the database, adding some checks if the image being uploaded is not allready available.

Hope it gave you some more ideas.

Posted: Wed Aug 27, 2003 12:06 pm
by Hajduk
Yes, I already saw some galleries that use this storing way but I am afraid my dbase will go nuts since I had this before.

I think the solution you mentioned at first I what I need to do. BTW, is there something about the code that needs to be altered since it was written for PHP 3?

Posted: Wed Aug 27, 2003 12:15 pm
by JAM
Well, except from that you dont need to declare $XX ("No Record Found" can be put into the no-rows-returned area directly), you should read up on 'Passing Variables'.
Take a peek at the last link in my signatur...

Also, using the %$search% without making the $search safe is bad.
http://se.php.net/manual/en/function.ht ... lchars.php
http://se.php.net/manual/en/function.htmlentities.php
http://se.php.net/manual/en/function.addslashes.php
...and many many more functions might interest you also. If a user is malicious, he/she would probably be able to find a way to insert some 'bad code' instead of a search-term in the form, thus making your script run it when it intends to do the search...

Good luck. =)

Posted: Wed Aug 27, 2003 12:41 pm
by Hajduk
Thnx, me love you long time ;-)

and this

Posted: Wed Aug 27, 2003 1:21 pm
by Hajduk
How does this look like?

Code: Select all

<?php 

   function db_error($type) &#123; 
      echo "<b>database $type failed:</b><br><br>error number: " . mysql_errno() . "<br>" . mysql_error(); 
   &#125; 

   include 'header.php'; 

   $hostname = 'www.www.com';      // Usually localhost. 
   $username = 'fluffy';         // If you have no username, leave this space empty. 
   $password = 'fluffy';         // The same applies here. 
   $usertable = 'Prezime';         // This is the table you made. 
   $dbName = 'ifluffy';         // This is the main database you connect to. 

   mysql_connect($hostname, $username, $password) or die (db_error('connection')); 
   mysql_select_db( "$dbName") or die (db_error('selection')); 

   $query = mysql_query("SELECT * FROM $usertable WHERE surname LIKE '%$search%' LIMIT 0, 1 ") or die (db_error('query')); 
    
   if (!mysql_num_rows($query)) &#123; 
      echo 'No Record Found'; 
   &#125; else &#123; 
      while ($row = mysql_fetch_array($query)) 
      &#123; 
         echo('<b>Surname:</b> ' . $row&#1111;"surname"] . '<br>'); 
         echo('<b>Place:</b> ' . $row&#1111;"place"] . '<br>'); 
         echo('<b>Region:</b> ' . $row&#1111;"region_country"] . '<br>'); 
         echo('<b>Family Saint:</b> ' . $row&#1111;"family_saint "] . '<br>'); 
         echo('<b>Information:</b> ' . $row&#1111;"information"] . '<br>'); 
         echo('<br>'); 
      &#125; 
   &#125; 

   include 'footer.php'; 
?>

Posted: Wed Aug 27, 2003 1:58 pm
by JAM
The if-then-else 'No Record Found' is allright. Still, the more vital part you should look into is viewtopic.php?t=511.
To continue, you are using $search, as it is sendt from the user directly into the database (presuming). That might be a problem, so take a look at the links I posted earlier.

Posted: Thu Aug 28, 2003 6:19 am
by Hajduk
Ok I am working on that. Just a quick other question. Any links on where I can learn how to put the output in a nice table with colour :-)

Thnx!
http://www.serbia-today.com
http://www.rodoslovlje.com

Posted: Thu Aug 28, 2003 8:58 am
by JAM
Search for html tutorials on the net. Then you could combine that with CSS (also found on the net) or just add it into the php-script.

Google