minat0

Okay I should clarify that this is an internal website used for various members of the team to query the database - YES I know its prone to SQL injection but that's the whole point of creating this website. The people using this webpage know the tables and its just an easier way of connecting to the DB along with a better UI. The purpose is to query the database and output the results into an email and send them. Does this make sense?

Hi there, I want to pass a input variable from login_success.php which will be sent to sqlprocess.php as the variable 'SQLinput'; sqlprocess.php $link = mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $query = $_REQUEST['SQLinput']; //You don't need a ; like you do in SQL $result = mysql_query($query); $numfields = mysql_num_fields($result); login_sucess.php <form action="" method="post" <label> <span>SQL Input :</span> <input type ="text" id="message" name="SQLinput" placeholder="Input SQL"></textarea> </label> <label> <span>SQL Output :</span> <output id="text" id="SQLoutput" ></input> <script type="text/javascript" charset="utf-8"> // handles the click event for link 1, sends the query function getOutput() { getRequest( 'sqlprocess.php', // URL for the PHP file drawOutput, // handle successful request drawError // handle error ); return false; } // handles drawing an error message function drawError () { var container = document.getElementById('output'); container.innerHTML = 'Bummer: there was an error!'; } // handles the response, adds the html function drawOutput(responseText) { var container = document.getElementById('output'); container.innerHTML = responseText; } // helper function for cross-browser request object function getRequest(url, success, error) { var req = false; try{ // most browsers req = new XMLHttpRequest(); } catch (e){ // IE try{ req = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { // try an older version try{ req = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e){ return false; } } } if (!req) return false; if (typeof success != 'function') success = function () {}; if (typeof error!= 'function') error = function () {}; req.onreadystatechange = function(){ if(req .readyState == 4){ return req.status === 200 ? success(req.responseText) : error(req.status) ; } } req.open("GET", url, true); req.send(null); return req; } </script> <a href="#" onclick="return getOutput();"><button type="submit" id="search_btn" value="Submit">Submit</button> </a> <div id="output">waiting for action</div> Prior to the JS code - I was able to peform this action - however the JS code enables me to post the query onto the same page. I would like essentially like to query the database through an input box and output the same result on the same page. Thanks!

Hi there, This may not be the correct space to post this - but I'm very new to all this. I've created a page that will run a php script to output a query. I would then like to send that same query via email - however from a design perspective I don't think the correct process is to click 'submit' to view the query and then 'submit' to send the result via email? Can you please advise on some design solutions regarding this issue? Thanks!