Page 1 of 1

php code for executing any select and insert query

Posted: Tue Mar 30, 2004 11:54 am
by gizmoh
Am trying to have a code that executes any Select and Insert query to any table and echoes the results.Am new to programming so plz excuse my dumb errors
Please test and complete this code for me. :(
Thanks

Code: Select all

require("../../../forum/admin/config.php"); //connection settings
$db = $dbname;  $link = mysql_connect( $servername, $dbusername, $dbpassword );
		if ( ! $link )			die( "no" );		mysql_select_db( $db, $link )				
										or die ( "no" );


$query =$HTTP_POST_VARS['en'];
mysql_query( $query, $link );
$result = @mysql_query($query);			
while($query_data= mysql_fetch_array($result) )
{

    echo$ = $query_data[0]; //plz anyone complete that part so that any data is outputted

}

Re: php code for executing any select and insert query

Posted: Tue Mar 30, 2004 11:59 am
by delorian

Code: Select all

// ...
$query = $HTTP_POST_VARS['en'];
mysql_query( $query, $link );
$result = @mysql_query($query);			
while($query_data= mysql_fetch_row($result) )
{
    foreach($query_data as $value) echo $value."<br />";
}

It should do the trick :P

Posted: Tue Mar 30, 2004 12:04 pm
by twigletmac
If you plan to use user created SQL statements you're going to have to check them to make sure that they haven't entered a query that could damage your database (ie. delete a record, drop a database, empty a table etc.).

That aside, assuming that $HTTP_POST_VARS['en'] (you can use $_POST['en'] if you're using PHP 4.1 or above BTW) is a SELECT statement (you will have to test to see what type of statement is sent each time) you can do:

Code: Select all

while ($query_data = mysql_fetch_assoc($result)) {
    foreach ($query_data as $field_name => $field_data) {
        echo '<p><b>Field Name: </b>'.$field_name.'<br />';
        echo '<b>Field Data: </b>'.$field_data.'</p>';
    }
}
You do need to think a lot about the implications of this system though.

Mac

Posted: Tue Mar 30, 2004 12:11 pm
by Joe
If your only wishing to do queries on your database from a form then try this. Its just something i quickly coded but it should do:

require("../../../forum/admin/config.php"); //connection settings

$startquery = $_POST['querydata'];
$db = $dbname;
$link = mysql_connect($servername, $dbusername, $dbpassword) or die("Connection error!");
mysql_select_db($db) or die("Database error!");
$query = $startquery;
$result = mysql_query($query) or die("There was an error in your SQL syntax");

echo "<b>The following data was modified throughout your database:</b><p>";
echo $startquery;


Hope it helps you!


Regards


Joe God is good. I am better

Posted: Tue Mar 30, 2004 12:11 pm
by gizmoh
Thanks but the Insert Query isn't working at all.I get the following error if i put an insert query:
insert into account (id, name, username, email) values (id, "nm", "user1", "ea1@ilma.com");

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource

Posted: Tue Mar 30, 2004 12:15 pm
by Joe
Try mysql_fetch_assoc() instead of mysql_fetch_row(). Just as twigletmac suggested.

Regards

Joe God is good. I am better

Posted: Tue Mar 30, 2004 12:23 pm
by gizmoh
same error:Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource

Code: Select all

require("../../../forum/admin/config.php");
$db = $dbname;  $link = mysql_connect( $servername, $dbusername, $dbpassword );
		if ( ! $link )			die( "no" );		mysql_select_db( $db, $link )				
										or die ( "no" );

if ($HTTP_POST_VARS['encvs']='q') {
echo "in it";
$query = $HTTP_POST_VARS['en']; 
mysql_query( $query, $link ); 
$result = @mysql_query($query);          
while($query_data= mysql_fetch_assoc($result) ) 
{ 
    foreach($query_data as $value) echo $value."<br />"; 
} 
}

Posted: Tue Mar 30, 2004 12:44 pm
by gizmoh
I think the problem lies with the single or double quote in the query.
the character \ is inserted before each single or double quote
How to correct that?

Posted: Tue Mar 30, 2004 1:33 pm
by gizmoh
Corrected the / with stripslashes function.
Insert is working but shows an error as no result is returned..not a problem though
Thanks for all your help

Posted: Tue Mar 30, 2004 2:38 pm
by twigletmac
The problem lies with the fact that an INSERT query does not return any rows. You need to first determine what type of query is being run before you decide what code you're going to run.

Mac