Am trying to have a code that executes any Select and Insert query to any table and echoes the results.Am new to programming so plz excuse my dumb errors
Please test and complete this code for me.
Thanks
If you plan to use user created SQL statements you're going to have to check them to make sure that they haven't entered a query that could damage your database (ie. delete a record, drop a database, empty a table etc.).
That aside, assuming that $HTTP_POST_VARS['en'] (you can use $_POST['en'] if you're using PHP 4.1 or above BTW) is a SELECT statement (you will have to test to see what type of statement is sent each time) you can do:
$startquery = $_POST['querydata'];
$db = $dbname;
$link = mysql_connect($servername, $dbusername, $dbpassword) or die("Connection error!");
mysql_select_db($db) or die("Database error!");
$query = $startquery;
$result = mysql_query($query) or die("There was an error in your SQL syntax");
echo "<b>The following data was modified throughout your database:</b><p>";
echo $startquery;
Hope it helps you!
Regards
Joe God is good. I am better
Last edited by Joe on Tue Mar 30, 2004 12:12 pm, edited 1 time in total.
Thanks but the Insert Query isn't working at all.I get the following error if i put an insert query:
insert into account (id, name, username, email) values (id, "nm", "user1", "ea1@ilma.com");
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource
I think the problem lies with the single or double quote in the query.
the character \ is inserted before each single or double quote
How to correct that?
Corrected the / with stripslashes function.
Insert is working but shows an error as no result is returned..not a problem though
Thanks for all your help
The problem lies with the fact that an INSERT query does not return any rows. You need to first determine what type of query is being run before you decide what code you're going to run.