php code for executing any select and insert query

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
gizmoh
Forum Newbie
Posts: 5
Joined: Tue Mar 30, 2004 11:54 am

php code for executing any select and insert query

Post by gizmoh »

Am trying to have a code that executes any Select and Insert query to any table and echoes the results.Am new to programming so plz excuse my dumb errors
Please test and complete this code for me. :(
Thanks

Code: Select all

require("../../../forum/admin/config.php"); //connection settings
$db = $dbname;  $link = mysql_connect( $servername, $dbusername, $dbpassword );
		if ( ! $link )			die( "no" );		mysql_select_db( $db, $link )				
										or die ( "no" );


$query =$HTTP_POST_VARS['en'];
mysql_query( $query, $link );
$result = @mysql_query($query);			
while($query_data= mysql_fetch_array($result) )
{

    echo$ = $query_data[0]; //plz anyone complete that part so that any data is outputted

}
User avatar
delorian
Forum Contributor
Posts: 223
Joined: Sun May 04, 2003 5:20 pm
Location: Olsztyn, Poland

Re: php code for executing any select and insert query

Post by delorian »

Code: Select all

// ...
$query = $HTTP_POST_VARS['en'];
mysql_query( $query, $link );
$result = @mysql_query($query);			
while($query_data= mysql_fetch_row($result) )
{
    foreach($query_data as $value) echo $value."<br />";
}

It should do the trick :P
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

If you plan to use user created SQL statements you're going to have to check them to make sure that they haven't entered a query that could damage your database (ie. delete a record, drop a database, empty a table etc.).

That aside, assuming that $HTTP_POST_VARS['en'] (you can use $_POST['en'] if you're using PHP 4.1 or above BTW) is a SELECT statement (you will have to test to see what type of statement is sent each time) you can do:

Code: Select all

while ($query_data = mysql_fetch_assoc($result)) {
    foreach ($query_data as $field_name => $field_data) {
        echo '<p><b>Field Name: </b>'.$field_name.'<br />';
        echo '<b>Field Data: </b>'.$field_data.'</p>';
    }
}
You do need to think a lot about the implications of this system though.

Mac
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

If your only wishing to do queries on your database from a form then try this. Its just something i quickly coded but it should do:

require("../../../forum/admin/config.php"); //connection settings

$startquery = $_POST['querydata'];
$db = $dbname;
$link = mysql_connect($servername, $dbusername, $dbpassword) or die("Connection error!");
mysql_select_db($db) or die("Database error!");
$query = $startquery;
$result = mysql_query($query) or die("There was an error in your SQL syntax");

echo "<b>The following data was modified throughout your database:</b><p>";
echo $startquery;


Hope it helps you!


Regards


Joe God is good. I am better
Last edited by Joe on Tue Mar 30, 2004 12:12 pm, edited 1 time in total.
gizmoh
Forum Newbie
Posts: 5
Joined: Tue Mar 30, 2004 11:54 am

Post by gizmoh »

Thanks but the Insert Query isn't working at all.I get the following error if i put an insert query:
insert into account (id, name, username, email) values (id, "nm", "user1", "ea1@ilma.com");

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource
User avatar
Joe
Forum Regular
Posts: 939
Joined: Sun Feb 29, 2004 1:26 pm
Location: UK - Glasgow

Post by Joe »

Try mysql_fetch_assoc() instead of mysql_fetch_row(). Just as twigletmac suggested.

Regards

Joe God is good. I am better
gizmoh
Forum Newbie
Posts: 5
Joined: Tue Mar 30, 2004 11:54 am

Post by gizmoh »

same error:Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource

Code: Select all

require("../../../forum/admin/config.php");
$db = $dbname;  $link = mysql_connect( $servername, $dbusername, $dbpassword );
		if ( ! $link )			die( "no" );		mysql_select_db( $db, $link )				
										or die ( "no" );

if ($HTTP_POST_VARS['encvs']='q') {
echo "in it";
$query = $HTTP_POST_VARS['en']; 
mysql_query( $query, $link ); 
$result = @mysql_query($query);          
while($query_data= mysql_fetch_assoc($result) ) 
{ 
    foreach($query_data as $value) echo $value."<br />"; 
} 
}
gizmoh
Forum Newbie
Posts: 5
Joined: Tue Mar 30, 2004 11:54 am

Post by gizmoh »

I think the problem lies with the single or double quote in the query.
the character \ is inserted before each single or double quote
How to correct that?
gizmoh
Forum Newbie
Posts: 5
Joined: Tue Mar 30, 2004 11:54 am

Post by gizmoh »

Corrected the / with stripslashes function.
Insert is working but shows an error as no result is returned..not a problem though
Thanks for all your help
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

The problem lies with the fact that an INSERT query does not return any rows. You need to first determine what type of query is being run before you decide what code you're going to run.

Mac
Post Reply