Jump to content

Need to change working MySQL queries and functions to sqlsrv on php file

wmeredith

By wmeredith
in Microsoft SQL - MSSQL

 Share

Recommended Posts

wmeredith Newbie

wmeredith

Posted
Posted

I tried this:

 

 

<?php session_start();?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
        <title>Session Notes Entry Form</title>
        <meta name="description" content="">
        <link rel="stylesheet" href="css/normalize.css">
        <link rel="stylesheet" href="css/main.css">
        <link rel="icon" type="image/ico" href="favicon.ico">
    </head>
<?php include('C:\inetpub\wwwroot\connect.php'); ?>
<?php
if(isset($_POST['login'])){
$provider_id = mysql_real_escape_string($_POST['provider_id']);
$password = mysql_real_escape_string($_POST['password']);
 
$sql = "
SELECT
COUNT(*) as count
FROM providers
WHERE provider_id = '$provider_id'
AND password = '$password'
";
 
$res = mysql_fetch_assoc(mysql_query($sql));
 
if($res['count'] == 1){
$logged_in = true;
$_SESSION['provider_id'] = $provider_id;
$_SESSION['password'] = $password;
} else {
$logged_in = false;
}
} elseif(isset($_SESSION['provider_id'])) {
$provider_id = $_SESSION['provider_id'];
$password = $_SESSION['password'];
 
$sql = "
SELECT
COUNT(*) as count
FROM providers
WHERE provider_id = '$provider_id'
AND password = '$password'
";
 
$res = mysql_fetch_assoc(mysql_query($sql));
 
if($res['count'] == 1){
$logged_in = true;
} else {
$_SESSION = array();
session_destroy();
$logged_in = false;
}
} else {
$logged_in = false;
}
 
if(!$logged_in){
$tpl_vars = array();
$tpl_vars['{{title}}'] = "Session Entry | Login";
 
$provider_id = isset($_POST['provider_id']) ? $_POST['provider_id'] : '';
$tpl_vars['{{content}}'] = str_replace('{{provider_id}}',$provider_id,file_get_contents('tpl/login_form.html'));
 
} else {
$session_provider_id = $_SESSION['provider_id'];
$sql = "SELECT *,DATE_FORMAT(appointment,'%b %d %Y %h:%i %p') as appt FROM session_notes WHERE provider_id = '$session_provider_id'";
$res = mysql_query($sql);
 
//Table Headers 
$table = "<table><tr><th>Appointment ID</th><th>Patient ID</th><th>Appointment</th><th>Method(s) Provided</th><th>Response/Goals</th><th>Plan/Comments</th></tr>";
 
while($row = mysql_fetch_assoc($res)){
$table .= "<tr>";
$table .= "<td>$row[appointment_id]</td>";
$table .= "<td>$row[patient_id]</td>";
$table .= "<td>$row[appt]</td>";
$table .= "<td>".nl2br($row['notes'])."</td>";
$table .= "<td>".nl2br($row['notes2'])."</td>";
$table .= "<td>".nl2br($row['notes3'])."</td>";
 
$table .= "<td>";
$table .= "<form action='update.php' method='post'>";
$table .= "<input type='submit' value='edit' name='edit'>";
$table .= "<input type='hidden' name='appointment_id' value='$row[appointment_id]'>";
$table .= "</form>";
$table .= "</td>";
 
$table .= "</tr>";
}
 
$table .= "</table>";
 
$tpl_vars['{{title}}'] = "Session Notes Entry";
$tpl_vars['{{content}}'] = str_replace('{{table}}',$table,file_get_contents('tpl/notes_form.html'));
}
 
//get template & load data
$tpl = file_get_contents('tpl/template.html');
echo str_replace(array_keys($tpl_vars),array_values($tpl_vars),$tpl);
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
to this:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
<?php session_start();?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
        <title>Session Notes Entry Form</title>
        <meta name="description" content="">
        <link rel="stylesheet" href="css/normalize.css">
        <link rel="stylesheet" href="css/main.css">
        <link rel="icon" type="image/ico" href="favicon.ico">
    </head>
<?php include('C:\inetpub\wwwroot\connect.php'); ?>
<?php
if(isset($_POST['login'])){
$provider_id = sqlsrv_escape($_POST['provider_id']);  ???
$password = sqlsrv_escape($_POST['password']);      ???
 
$sql = "
SELECT
COUNT(*) as count
FROM [session_entry].[dbo].[providers]
WHERE provider_id = '$provider_id'
AND password = '$password'
";
 
$results = sqlsrv_fetch_array(sqlsrv_query($sql));
 
if($res['count'] == 1){
$logged_in = true;
$_SESSION['provider_id'] = $provider_id;
$_SESSION['password'] = $password;
} else {
$logged_in = false;
}
} elseif(isset($_SESSION['provider_id'])) {
$provider_id = $_SESSION['provider_id'];
$password = $_SESSION['password'];
 
$sql = "
SELECT
COUNT(*) as count
FROM providers
WHERE provider_id = '$provider_id'
AND password = '$password'
";
 
$results = sqlsrv_fetch_array(sqlsrv_query($sql));
 
if($res['count'] == 1){
$logged_in = true;
} else {
$_SESSION = array();
session_destroy();
$logged_in = false;
}
} else {
$logged_in = false;
}
 
if(!$logged_in){
$tpl_vars = array();
$tpl_vars['{{title}}'] = "Session Entry | Login";
 
$provider_id = isset($_POST['provider_id']) ? $_POST['provider_id'] : '';
$tpl_vars['{{content}}'] = str_replace('{{provider_id}}',$provider_id,file_get_contents('tpl/login_form.html'));
 
} else {
$session_provider_id = $_SESSION['provider_id'];
$sql = "SELECT *,DATE_FORMAT(appointment,'%b %d %Y %h:%i %p') as appt FROM session_notes WHERE provider_id = '$session_provider_id'";
$results = sqlsrv_query($sql);
 
//Table Headers 
$table = "<table><tr><th>Appointment ID</th><th>Patient ID</th><th>Appointment</th><th>Method(s) Provided</th><th>Response/Goals</th><th>Plan/Comments</th></tr>";
 
while($row = sqlsrv_fetch_array($results)){
$table .= "<tr>";
$table .= "<td>$row[appointment_id]</td>";
$table .= "<td>$row[patient_id]</td>";
$table .= "<td>$row[appt]</td>";
$table .= "<td>".nl2br($row['notes'])."</td>";
$table .= "<td>".nl2br($row['notes2'])."</td>";
$table .= "<td>".nl2br($row['notes3'])."</td>";
 
$table .= "<td>";
$table .= "<form action='update.php' method='post'>";
$table .= "<input type='submit' value='edit' name='edit'>";
$table .= "<input type='hidden' name='appointment_id' value='$row[appointment_id]'>";
$table .= "</form>";
$table .= "</td>";
 
$table .= "</tr>";
}
 
$table .= "</table>";
 
$tpl_vars['{{title}}'] = "Session Notes Entry";
$tpl_vars['{{content}}'] = str_replace('{{table}}',$table,file_get_contents('tpl/notes_form.html'));
}
 
//get template & load data
$tpl = file_get_contents('tpl/template.html');
echo str_replace(array_keys($tpl_vars),array_values($tpl_vars),$tpl);
 
doesn't work

 

kicken Prolific Member

kicken

Posted
Posted

SQL Server does not have a DATE_FORMAT function. The closest equivalent is using CONVERT with certain format codes. The format you are trying to get is not available with the default format codes however. In this case you'll need to query the date unformatted, and then format it using PHP's date function (or DateTime class).

 

Other than that, your queries should move fine between each server without issue.

wmeredith Newbie

wmeredith

Posted
  • Author
Posted

I managed to figure out the Date formatting. I do need help with the equivalent of :

 

 

 
mysql_escape for sqlsrv
 
if(isset($_POST['login'])){
$provider_id = mysql_escape($_POST['provider_id']);
$password = mysql_escape($_POST['password']);
 
Thanks!
kicken Prolific Member

kicken

Posted
Posted

There is no direct equivalent to mysql's escape functions. It is preferred you use prepared statements and bound parameters whenever you have user input that needs to be inserted into a query.

 

sqlsrv_prepare

sqlsrv_execute

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.