What you could do is separate the sql string into parts, the initial call
select * from table where 1=1
the where clause(s)
and job_type = 1 or job_type = 2
and then save the where clause tied in some way to the individuals record. Then a cron job can go thru the recordset from this table and execute each sql where clause seaprately for each person...
No need to pass the where clause or other db info thru the URL or forms, other than the initial form
bastien
From: Stuart Felenstein <stuart4m@xxxxxxxxx>
To: Joseph Crawford <codebowl@xxxxxxxxx>, "\[PHP-DB\] Mailing List" <php-db@xxxxxxxxxxxxx>
Subject: Re: Capturing a sql query
Date: Wed, 29 Sep 2004 10:53:55 -0700 (PDT)
Let me explain what I'm trying to emulate. If you have seen any of the major job boards, they allow you to save "search agents". Those agents at least on Monster, Dice, HotJobs I think , spare you the hassle of going to the search page and reentering the criteria. The agents can act in various ways: 1-If you are on the site , you can execute from there. 2-You can also have it emailed and that comes in two flavors. a- the query is run for you and the results are sent in an email b-an email goes out with a link to a page, you hit "view" (on Monster) and your agent returns results.
My only guess is that the query is what's being grabbed and saved. You raise a good point about security , but users don't actually get to see the query. All they are getting is the results , from the one they decided to save.
Stuart --- Joseph Crawford <codebowl@xxxxxxxxx> wrote:
> i am sorry but i would never post a querystring > along with a form i > mean doing that and processing it will open your > site to > vulnerabilities. > > yes you could do it as a post variable and a hidden > field but that > doesnt stop people from saving the html document to > thier computer > altering the query and then submitting the form, i > guess you could add > a check to make sure that the refering page is > yourdomain.com but if i > am correct this could open up a world of trouble. > > If however i am wrong someone please respond and > correct me :) > > > -- > Joseph Crawford Jr. > Codebowl Solutions > codebowl@xxxxxxxxx > 802-558-5247 > > For a GMail account > contact me OFF-LIST > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
_________________________________________________________________
MSN® Calendar keeps you organized and takes the effort out of scheduling get-togethers. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
