Jump to content

MySQL Query Help


eRott

Recommended Posts

Ok, for this code which you guys were helping me with, It searches and lists everything in the database. However, I am curious, how do I make it display ONLY the stuff with a specif id? For example, if I were to create a field in the table called 'video_type' and there were a bunch of different videos with different types such as 'funny', or 'violent', how would I get it to display ONLY the videos with the type of 'funny' ?

[code]
  // for each row fetched from the results... 
  while ($list = mysql_fetch_array($result)) {
      //make the custom linkie
      echo "<a href= '/videos/videos.php?id={$list['video_id']}'>{$list['video_name']}</a><br>";
  } // end while
[/code]

If you need to see that thread where 'Crayon Violent' was helping me, it's [url=http://www.phpfreaks.com/forums/index.php/topic,106521.0.html]here[/url]

Thanks.
Link to comment
Share on other sites

I am not too sure how I would go about using that code you provided. Could you explain a bit more please. I am not familiar with MySQL. Thank you.

This is the code:

[code]
$sql = "SELECT * from ..... WHERE video_type='funny'";
[/code]

So should I change it to?:

[code]
$type_chosen = addslashes('funny');

$sql = "SELECT * from ..... WHERE video_type='$type_chosen'";
[/code]
Link to comment
Share on other sites

I arbitrarily assumed that you would want code that could find funny or any other category without writing a separate script for every category. Thus, the script needs to have a variable to use for the type it needs to search for, rather than be hard-coded.

Let's assume that on one page you have a form, method=post and it has a dropdown select box name=type with all of your types as options ... when the form submit is clicked, the script that processes the data received from the form would get the video type you wanted by:

[code]$type_chosen = $_POST['type']; // get the selected video type for the query[/code]
Link to comment
Share on other sites

Ok, this is what I have. I have three pages:
http://erott.retect.com/videos/funny.php
http://erott.retect.com/videos/violent.php
http://erott.retect.com/videos/other.php

Take funny.php for example. All this is, is a simple page which displays a list of funny videos. A user then clicks the video and they are taken to it and it plays. You can see for yourself what i mean, just go to one of those pages.

Now, the code for funny.php (which is the same for the other pages as well, except the type is different, is:
[code]
<? include("../header.php");?>

<?php
  //connect to and select db
  include 'lib/config.php';
  include 'lib/opendb.php';
 
  //get a list of the info from the table to make the links
  $sql = "SELECT * from ..... WHERE video_type='funny'";
  $result = mysql_query($sql, $conn) or die(mysql_error());

  // for each row fetched from the results... 
  while ($list = mysql_fetch_array($result)) {
      //make the custom link
      echo "<a href= '/videos/videos.php?id={$list['video_id']}'>{$list['video_name']}</a><br>";
  } // end while

  include 'lib/closedb.php';

?>

<? include("../footer.php");?>
[/code]

So, as you can see, i was not intending on having a user select the type. They just go to that page, and it will list all of the videos of that type for that page. (e.g. go to the 'funny' page and it will list all of the 'funny' videos.) So with that, how would I go about using this [b]$type_chosen = addslashes($type_chosen);[/b] to protect against sql injections as corbin had stated?
Link to comment
Share on other sites

[code]So with that, how would I go about using this $type_chosen = addslashes($type_chosen); to protect against sql injections as corbin had stated?[/code]

You don't need to worry about it all because you're not passing any variables (so no one can inject anything) and you have a 'hard-coded' query on each page.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.