Jump to content

Archived

This topic is now archived and is closed to further replies.

eRott

MySQL Query Help

Recommended Posts

Ok, for this code which you guys were helping me with, It searches and lists everything in the database. However, I am curious, how do I make it display ONLY the stuff with a specif id? For example, if I were to create a field in the table called 'video_type' and there were a bunch of different videos with different types such as 'funny', or 'violent', how would I get it to display ONLY the videos with the type of 'funny' ?

[code]
  // for each row fetched from the results... 
  while ($list = mysql_fetch_array($result)) {
      //make the custom linkie
      echo "<a href= '/videos/videos.php?id={$list['video_id']}'>{$list['video_name']}</a><br>";
  } // end while
[/code]

If you need to see that thread where 'Crayon Violent' was helping me, it's [url=http://www.phpfreaks.com/forums/index.php/topic,106521.0.html]here[/url]

Thanks.

Share this post


Link to post
Share on other sites
The sensible way would be to modify the query and leave the code you posted alone.

[code]$query = "SELECT * from ..... WHERE video_type='$type_chosen'";[/code]

And pass the variable type_chosen via link ... more or less.

Share this post


Link to post
Share on other sites
Watch out for sql injection... Might want to make it
$type_chosen = addslashes($type_chosen);

Or someone could change the sql query...

Share this post


Link to post
Share on other sites
I am not too sure how I would go about using that code you provided. Could you explain a bit more please. I am not familiar with MySQL. Thank you.

This is the code:

[code]
$sql = "SELECT * from ..... WHERE video_type='funny'";
[/code]

So should I change it to?:

[code]
$type_chosen = addslashes('funny');

$sql = "SELECT * from ..... WHERE video_type='$type_chosen'";
[/code]

Share this post


Link to post
Share on other sites
I arbitrarily assumed that you would want code that could find funny or any other category without writing a separate script for every category. Thus, the script needs to have a variable to use for the type it needs to search for, rather than be hard-coded.

Let's assume that on one page you have a form, method=post and it has a dropdown select box name=type with all of your types as options ... when the form submit is clicked, the script that processes the data received from the form would get the video type you wanted by:

[code]$type_chosen = $_POST['type']; // get the selected video type for the query[/code]

Share this post


Link to post
Share on other sites
Ok, this is what I have. I have three pages:
http://erott.retect.com/videos/funny.php
http://erott.retect.com/videos/violent.php
http://erott.retect.com/videos/other.php

Take funny.php for example. All this is, is a simple page which displays a list of funny videos. A user then clicks the video and they are taken to it and it plays. You can see for yourself what i mean, just go to one of those pages.

Now, the code for funny.php (which is the same for the other pages as well, except the type is different, is:
[code]
<? include("../header.php");?>

<?php
  //connect to and select db
  include 'lib/config.php';
  include 'lib/opendb.php';
 
  //get a list of the info from the table to make the links
  $sql = "SELECT * from ..... WHERE video_type='funny'";
  $result = mysql_query($sql, $conn) or die(mysql_error());

  // for each row fetched from the results... 
  while ($list = mysql_fetch_array($result)) {
      //make the custom link
      echo "<a href= '/videos/videos.php?id={$list['video_id']}'>{$list['video_name']}</a><br>";
  } // end while

  include 'lib/closedb.php';

?>

<? include("../footer.php");?>
[/code]

So, as you can see, i was not intending on having a user select the type. They just go to that page, and it will list all of the videos of that type for that page. (e.g. go to the 'funny' page and it will list all of the 'funny' videos.) So with that, how would I go about using this [b]$type_chosen = addslashes($type_chosen);[/b] to protect against sql injections as corbin had stated?

Share this post


Link to post
Share on other sites
[code]So with that, how would I go about using this $type_chosen = addslashes($type_chosen); to protect against sql injections as corbin had stated?[/code]

You don't need to worry about it all because you're not passing any variables (so no one can inject anything) and you have a 'hard-coded' query on each page.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.