WampServer
Apache, PHP, MySQL
on Windows
user input in HTML to retrieve database
Posted by:
Jan
(199.243.180.---)
Date: June 16, 2006 06:15PM
query = "SELECT id, fname,lname FROM database";
the above statement retrieves everything from the database.
I tried the below statement to retrieve only the person I wish by using WHERE and it works okay :
$query = "SELECT id, fname,lname FROM database where id=0001";
Now, how do I make the "WHERE ID" accepts user input (or variable) instead of typing in manually the ID#
----------------------------- HTML code -------------------------
<head>
<title>HTML form</title>
</head>
<body>
<form action="test1.php" method="post">
<input type="text" name="id">
<br>
<input type="submit" value="hit it!">
</form>
</body>
</html>
----------------------------- PHP code -----------------------------
$query = "SELECT id, fname,lname FROM database where id = user input ";
---------------------------------------------------------------------------
is the above statement okay? would it accept the user input?
Please help.
the above statement retrieves everything from the database.
I tried the below statement to retrieve only the person I wish by using WHERE and it works okay :
$query = "SELECT id, fname,lname FROM database where id=0001";
Now, how do I make the "WHERE ID" accepts user input (or variable) instead of typing in manually the ID#
----------------------------- HTML code -------------------------
<head>
<title>HTML form</title>
</head>
<body>
<form action="test1.php" method="post">
<input type="text" name="id">
<br>
<input type="submit" value="hit it!">
</form>
</body>
</html>
----------------------------- PHP code -----------------------------
$query = "SELECT id, fname,lname FROM database where id = user input ";
---------------------------------------------------------------------------
is the above statement okay? would it accept the user input?
Please help.
Re: user input in HTML to retrieve database
Posted by:
CyberSpatium
(67.170.181.---)
Date: June 16, 2006 06:36PM
----------------------------- PHP code -----------------------------
$query = "SELECT id, fname,lname FROM database WHERE id = $_POST['id']";
---------------------------------------------------------------------------
$query = "SELECT id, fname,lname FROM database WHERE id = $_POST['id']";
---------------------------------------------------------------------------
Re: user input in HTML to retrieve database
Posted by:
Jan
(---.sympatico.ca)
Date: June 17, 2006 08:02AM
Thank you very much for your time to give me a good solution. However I was getting an error message :
T_ENCAPSED_AND_WHITESPACE.....
but when I did the following:
$query = "SELECT id, fname,lname FROM database WHERE id = $_POST[id]";
it worked okay. I just removed the single quotations in the bracket.
Thank you for your help. I really appreciated it.
Have a good day
T_ENCAPSED_AND_WHITESPACE.....
but when I did the following:
$query = "SELECT id, fname,lname FROM database WHERE id = $_POST[id]";
it worked okay. I just removed the single quotations in the bracket.
Thank you for your help. I really appreciated it.
Have a good day
Re: user input in HTML to retrieve database
Posted by:
k776
(---.bliink.ihug.co.nz)
Date: June 20, 2006 06:28AM
I hope you read this! Big problems. If I did
[www.url.com]'
then it would break it and allow a hacker to get in. I'm suprised CyberSpatium would released unprotected code
Please use this:
$query = "SELECT id, fname, lname FROM database WHERE id='".intval($_POST['id'])."'";
That will convert 1 into 1, 134 into 134, and imtryingtohackyou into 0. Its sfaer that way.
[www.url.com]'
then it would break it and allow a hacker to get in. I'm suprised CyberSpatium would released unprotected code
Please use this:
$query = "SELECT id, fname, lname FROM database WHERE id='".intval($_POST['id'])."'";
That will convert 1 into 1, 134 into 134, and imtryingtohackyou into 0. Its sfaer that way.
Re: user input in HTML to retrieve database
Posted by:
Jan
(199.243.180.---)
Date: June 21, 2006 07:08PM
thank you for another good advice. Now I found an answer and they worked okay. Can you help me or show me on how to input/insert data into the table using the same scenario as mentioned above for retrieving. Thank you.
Sorry, only registered users may post in this forum.
