eRott Posted September 2, 2006 Share Posted September 2, 2006 Ok, for this code which you guys were helping me with, It searches and lists everything in the database. However, I am curious, how do I make it display ONLY the stuff with a specif id? For example, if I were to create a field in the table called 'video_type' and there were a bunch of different videos with different types such as 'funny', or 'violent', how would I get it to display ONLY the videos with the type of 'funny' ?[code] // for each row fetched from the results... while ($list = mysql_fetch_array($result)) { //make the custom linkie echo "<a href= '/videos/videos.php?id={$list['video_id']}'>{$list['video_name']}</a><br>"; } // end while[/code]If you need to see that thread where 'Crayon Violent' was helping me, it's [url=http://www.phpfreaks.com/forums/index.php/topic,106521.0.html]here[/url]Thanks. Quote Link to comment Share on other sites More sharing options...
AndyB Posted September 2, 2006 Share Posted September 2, 2006 The sensible way would be to modify the query and leave the code you posted alone.[code]$query = "SELECT * from ..... WHERE video_type='$type_chosen'";[/code]And pass the variable type_chosen via link ... more or less. Quote Link to comment Share on other sites More sharing options...
eRott Posted September 2, 2006 Author Share Posted September 2, 2006 Excellent. Thank you. Quote Link to comment Share on other sites More sharing options...
corbin Posted September 2, 2006 Share Posted September 2, 2006 Watch out for sql injection... Might want to make it $type_chosen = addslashes($type_chosen);Or someone could change the sql query... Quote Link to comment Share on other sites More sharing options...
eRott Posted September 3, 2006 Author Share Posted September 3, 2006 I am not too sure how I would go about using that code you provided. Could you explain a bit more please. I am not familiar with MySQL. Thank you.This is the code:[code]$sql = "SELECT * from ..... WHERE video_type='funny'";[/code]So should I change it to?:[code]$type_chosen = addslashes('funny');$sql = "SELECT * from ..... WHERE video_type='$type_chosen'";[/code] Quote Link to comment Share on other sites More sharing options...
AndyB Posted September 3, 2006 Share Posted September 3, 2006 I arbitrarily assumed that you would want code that could find funny or any other category without writing a separate script for every category. Thus, the script needs to have a variable to use for the type it needs to search for, rather than be hard-coded.Let's assume that on one page you have a form, method=post and it has a dropdown select box name=type with all of your types as options ... when the form submit is clicked, the script that processes the data received from the form would get the video type you wanted by:[code]$type_chosen = $_POST['type']; // get the selected video type for the query[/code] Quote Link to comment Share on other sites More sharing options...
eRott Posted September 3, 2006 Author Share Posted September 3, 2006 Ok, this is what I have. I have three pages:http://erott.retect.com/videos/funny.phphttp://erott.retect.com/videos/violent.phphttp://erott.retect.com/videos/other.phpTake funny.php for example. All this is, is a simple page which displays a list of funny videos. A user then clicks the video and they are taken to it and it plays. You can see for yourself what i mean, just go to one of those pages.Now, the code for funny.php (which is the same for the other pages as well, except the type is different, is:[code]<? include("../header.php");?><?php //connect to and select db include 'lib/config.php'; include 'lib/opendb.php'; //get a list of the info from the table to make the links $sql = "SELECT * from ..... WHERE video_type='funny'"; $result = mysql_query($sql, $conn) or die(mysql_error()); // for each row fetched from the results... while ($list = mysql_fetch_array($result)) { //make the custom link echo "<a href= '/videos/videos.php?id={$list['video_id']}'>{$list['video_name']}</a><br>"; } // end while include 'lib/closedb.php';?><? include("../footer.php");?>[/code]So, as you can see, i was not intending on having a user select the type. They just go to that page, and it will list all of the videos of that type for that page. (e.g. go to the 'funny' page and it will list all of the 'funny' videos.) So with that, how would I go about using this [b]$type_chosen = addslashes($type_chosen);[/b] to protect against sql injections as corbin had stated? Quote Link to comment Share on other sites More sharing options...
AndyB Posted September 3, 2006 Share Posted September 3, 2006 [code]So with that, how would I go about using this $type_chosen = addslashes($type_chosen); to protect against sql injections as corbin had stated?[/code]You don't need to worry about it all because you're not passing any variables (so no one can inject anything) and you have a 'hard-coded' query on each page. Quote Link to comment Share on other sites More sharing options...
eRott Posted September 4, 2006 Author Share Posted September 4, 2006 Excellent. Thank you. :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.