[SOLVED] Create XML file from current row

[cortez]

Hello all

New to the forum and new to php and mysql together but here goes.

I'm building a searchable database that displays an image that is a link and text.

It displays all the results fine. I'd like to have the link load a new php script that outputs the path to the current image with an xml so that I can call it into a flash image zoom.

<?PHP

$link = mysql_connect ('localhost', 'UserName', 'Password')  ;
mysql_select_db("db_name");

$query = 'select * from links where id= ***this is where I need a variable or some way to keep track of my id number****';
$results = mysql_query($query);

echo  "<?xml version=\"1.0\"?>\n";
echo "<links>";

while ($line = mysql_fetch_assoc($results)) {
echo "<item>" . $line["image"] . "</item>";
}

echo "</links>";

mysql_close($link);

?>

 

If anyone understands what I'm after and can help with an explanation or link to a tutorial It'd be greatly appreciated.

Thanks.

[haku]

Give us an example of what you want the final XML to look like.

[cortez]

Thanks for getting back so quick.

All I really want from this is for the xml to be behind the scene and store the path to my current image.

So the code would be something like.

<?xml version="1.0"?>
<links><item>Photos/Feather-Dancers.jpg</item></links>

I did see some different threads mentioning something about passing the variable directly through the url link.

For example http://www.website.com/filename.php?row=1

and then called by row_id = $_GET['row_id']

Any direction at this point would be greatly appreciated.

Thanks

[haku]

You've already done what you are talking about!

 

Use:

 

$id = $_GET['id'];

 

just like you said. Although you should check to make sure that ID is numeric before doing your search on the database, for security measures.

 

But that will give you a row from the database, and the code you put in your first post will give you the XML that you showed in your second post.

 

So I gotta admit, I'm not really sure what you are looking for.

[cortez]

Thanks again for the guidance.

Like i mentioned I'm pretty new to mysql and php working together.

I normally just work with flash, css,  html with a bit of xml and javascript so throwing in another couple languages can be somewhat trying. Although I'm excited by what I'm learning it can do!

Although you should check to make sure that ID is numeric before doing your search on the database, for security measures

Can you explain a little how I make sure of this? Is it just with the row id? It's set to auto-increment at the moment.

 

I obviously need to do more research as I believe the url variable will suffice to call my variable into flash without the need of the xml.

 

 

 

[haku]

It's always good (and even necessary) to validate that the type of data coming in from a $_GET or $_POST variable is the type of data you are expecting. People can put in malicious data, which you then use in your SQL queries, which can do lots of bad stuff - delete your database, dump all the info in the database, or give access to your database.

 

In this case, $_GET['id'] is expected to be a number, and nothing else (since you are using an auto-increment in your database). So you want to ensure that the data that is coming through the URL is numeric, and not something else.

 

You can do this with ctype_digit().

 

So you can go like this:

 

$id = (ctype_digit($_GET['id'])) ? $_GET['id'] : 1;

 

What this does is create a variable called $id. To decide what the value of $id should be, it looks at ctype_digit($_GET['id']). This function will return true if every character in it is numeric, or false if there are any non-numeric characters. If it returns TRUE (everything is numeric), then the value between the ? and the : is assigned to $id. So in the above example, if it's true, then $id is equal to whatever is in $_GET['id']. But if there are non-numeric characters in $_GET['id'], then ctype_data($_GET['id']) will return FALSE. When it's FALSE, everything between the : and the ; will be assigned to $id. So in this case, $id will be equal to 1. I chose 1 as a default. You can use anything here. But since you will probably want to put something in the the XML which will then be passed to the Flash, I chose 1. If you don't set a default, then there will be errors in your XML, which may throw your flash into some kind of error state.

 

I would actually suggest creating an image that says 'error', putting that into the database, and then using the ID from that as your default.

 

After all this, you can use this for your SQL:

 

$query = 'SELECT image FROM links WHERE id='" . $id . "' LIMIT 1';

 

You don't need to select *, because you aren't looking for all the data, just the image. Using * is overkill, and quite inefficient.

 

Then you run your query and output your XML just the way you said.

[cortez]

Thanks for your help on this. I've been moving around city to city and finished off another flash site so I haven't had a chance to try this yet. Although I've a better understanding how useful the url variable is!

[cortez]

Hello Me Again.

So I'm back to this again.

I've figured out how to bypass creating an xml and can just pull the variable into my flash movie.

I'm still having problems with

<?php $id = (ctype_digit($_GET['id'])) ? $_GET['id'] : 1;query = 'SELECT image FROM links WHERE id='" . $id . "' LIMIT 1'; ?>

Keeps returning a syntax error it doesn't like the " before $id. So if I'm forgetting about the xml printout is this the only php I need on this page to retrieve my info?

I can directly type the path to my Photo in my url link and it loads up perfectly using

<?php echo $id = $_GET['id']; ?>

but you say this is a security risk.

[cortez]

So I've managed to get rid of the errors.

I'm still having problems parsing the data though.

here is my code

<?php
# set appropriate content type - to tell the browser we're returning Javascript
header( 'Content-Type: text/javascript' );

# include all additional files
include_once 'inc.conf.php';

# retrieve Category ID from URL
$id = (ctype_digit($_GET['id'])) ? $_GET['id'] : 1;
$query = 'SELECT image FROM links WHERE id='" . $id . "' LIMIT 1';
$r_html				= NULL; ?>

         



<body>



r_html = <div id="zoom"></div>

<script type="text/javascript">
        // <![CDATA[
            var so = new SWFObject('zoom.swf', 'zoom', '600px', '600px', '8', '#CCCCCC');
            so.useExpressInstall('swfobject/expressinstall.swf');
	    so.addParam("wmode","transparent");
		so.addVariable("image", "<?php echo $query = ['$id']; ?>"); 
	    so.write("zoom");
        
	// ]]>
</script>

</body>

on my link I have

http://mywebsite/Fullscreen.php?id=4

My activity page shows that it's searching for the number 4 and not the info in row 4.

Is there a parsing step I'm missing?

[cortez]

Sorry disregard the last thread. Still rittled with errors and nothing working forgot to change the link! back to the drawing board.

[redarrow]

Don't see no problems in your code at all.

 

try this please.

<?php

$link = mysql_connect("localhost", "UserName", "Password")  ;
$res=mysql_select_db("db_name",$link);

if(is_numeric($_GET['id'])){
$id=mysql_real_escape_string($_GET['id']);
}else{
$id="The current id is not a number!";
}

if($id){

$query = "select * from links where id='$id'";

$results = mysql_query($query)or die("Query error\n".mysql_error());

echo  "<?xml version=\"1.0\"?>\n";

echo "<links>";

while ($line = mysql_fetch_assoc($results)) {

echo "<item>" . $line['image'] . "</item>";
}

echo "</links>";

mysql_close($link);

}else{

echo $id;
}
?>

[cortez]

That Works great thanks Red Arrow.

I'm trying to adapt this without the xml at all though, guess I should start a new thread.

I'd like to feed the path name to the image to a variable for swfobject.

It would be great to get the description from this row as well to print out in a text table.

I was able to make your code print out the xml no problem but I can't seem to alter it to just retrieve the path name and description.

Should I start a new thread?

 

[cortez]

Okay slowly getting it. I'm able to print out any detail from the selected row. Great!!! Big step for me. Still having problems passing this newly acquired info to my flash though. But that is probably another forum completely. Thanks for the help on my newbie problems!