On Fri, Jan 2, 2009 at 12:40 PM, Marc Fromm <Marc.Fromm@xxxxxxx> wrote:
> This is my code:
> <?php
> $dbconn = pg_connect("host=localhost port=5432 user=postgres dbname=studentalerts");
>
> if(isset($_GET["value"])){
> $w_number=$_GET["value"];
> }
You need to scrub user input. use pg_escape_string($_GET['value'])
> //echo $w_number;
>
> $query = "select first_name, last_name, alert from alert_list where w_number='$w_number'";
> $result = pg_query($dbconn,$query);
> if (!$result) {
> echo "Problem with query " . $query . "<br/>";
> echo pg_last_error();
> exit();
> }
>
> $rows = pg_fetch_assoc($result);
Change this to
$rows = pg_num_rows($result);
> if ($rows==0){
> echo "There are no alerts for $w_number!\n\n";
> }else{
> $result = pg_query($dbconn,$query);
> $count=1;
> while ($row = pg_fetch_array($result)){
> echo "Alert $count: ";
> echo htmlspecialchars($row['first_name']) . " ";
> echo htmlspecialchars($row['last_name']);
> echo "\n";
> echo htmlspecialchars($row['alert']);
> echo "\n\n";
> $count++;
> }
> }
> if ($w_number==""){echo "Enter a W number!\n\n";}
> echo "End of line";
>
> pg_free_result($result);
> pg_close($dbconn);
> ?>
>
> -----Original Message-----
> From: Scott Marlowe [mailto:scott.marlowe@xxxxxxxxx]
> Sent: Friday, January 02, 2009 10:28 AM
> To: ioguix@xxxxxxx
> Cc: Marc Fromm; pgsql-admin@xxxxxxxxxxxxxx
> Subject: Re: access data in php
>
> On Fri, Jan 2, 2009 at 11:09 AM, <ioguix@xxxxxxx> wrote:
>> pg_fetch_assoc behave like pg_fetch_array: it increments the internal
>> pointer to the current result.
>> So if you call it once, then pg_fetch_array will return the 2nd result
>> in the result set.
>
> Wow, I'm so used to seeing
>
> $rows = pg_num_rows() that that's what I saw up there.
>
--
When fascism comes to America, it will be draped in a flag and
carrying a cross - Sinclair Lewis
--
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
