Re: PHP & MySQL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 10, 2007 3:42 pm, Jason Pruim wrote:
> I know this isn't strictly a PHP question, and I apologize in advance
> for that. I'm trying to setup a website for some of my customers that
> would allow them to update a database on their schedule, making it
> easier for us to have the most up to date info, and taking some of
> the work off of us.
>
> Right now, the question I have is, how would I be able to select
> certain records to be deleted (Or moved to another table called
> "deleted")? Is it as simple as looping through the database, having
> them check a checkbox, and then hit a "remove" button?

Yes, it is that easy, if you want to make it that easy.

> As I go, I will be adding a login screen to it, and hopefully
> protecting against SQL injection attacks... But right now, I'm still
> just learning and trying.

Do the SQL injection defense FIRST.

Do the login screen SECOND.

Then write the delete code.

Writing it backwards from that is just too risky.

Unless your dev boxes are all behind a firewall and inaccessible to
the public in the first place...

> The SQL syntax is easy enough for me to figure out, but the php is
> throwing me off right now...

Read any PHP/MySQL tutorial or textbook you like.

99% of what you need is handed to you on a platter in those.

> Currently here is the code I'm working with on the page to display it:
>
> $link = mysql_connect($server, $username, $password)
>      or die('Could not connect: ' . mysql_error());
> echo 'Connected successfully <BR>';
> mysql_select_db('legion') or die('Could not select database' .
> mysql_error());
> echo 'DB selected <BR>';
>
>
>
> $result = mysql_query("SELECT * FROM current") or die(mysql_error());
> while($row = mysql_fetch_array($result)) {
> $FName = $row["FName"];
> $LName = $row["LName"];
> $Add1 = $row["Add1"];
> $Add2 = $row["Add2"];
> $City = $row["City"];
> $State = $row["State"];
> $Zip = $row["Zip"];
> $Date = $row["Date"];
>
>
> echo "$FName, $LName,  $Add1, $Add2, $City, $State, $Zip, $Date<BR>";
> };
>
> I'm sure there is an easier way to do that as well... But this way
> worked :)

It's fine so far, as a start.

You can quibble over using different ways to get all those variables,
but you haven't messed up yet.

Except for not calling http://php.net/htmlentities on all the data you
send to the browser, in case, say, $Add1 contains "Main & State".

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux