The below script works fairly well to insert different rss feeds into a mysql dbase, echoeing out a few items on a website. But when I try to order and limit in 'mysql_query' things stop to work. I suspect ORDER BY and LIMIT have been placed into the wrong position, but the only possibility I see is to place them into mysql_query. Anybody who knows?
$feeds = array('https://www.ictu.nl/rss.xml', 'http://www.vng.nl/smartsite.dws?id=97817');
foreach( $feeds as $feed ) {
$xml = simplexml_load_file($feed);
foreach($xml->channel->item as $item)
{
$date_format = "j-n-Y"; // 7-7-2008
echo date($date_format,strtotime($item->pubDate));
echo ' ';
echo ' ';
echo ''.$item->title.'';
echo '<div>' . $item->description . '<br><br></div>';
mysql_query("INSERT INTO rss_feeds (id, title, description, link, pubdate)
VALUES (
'',
'".mysql_real_escape_string($item->title)."',
'".mysql_real_escape_string($item->description=htmlspecialchars(trim($item->description)))."',
'".mysql_real_escape_string($item->link)."',
'".mysql_real_escape_string($item->pubdate)."')")ORDER BY 'title' LIMIT 0,10;
}
}
ORDER BY and LIMIT are not used with INSERT statements, they need to be used with SELECT statements.
I am not sure about the mysql_query and the notation. Still something wrong.
$selSQL = SELECT * FROM rss-feeds ORDER BY 'title';
$insSQL = "INSERT INTO 'rss_feeds' (id, title, description, link, pubdate)
VALUES (
'',
'".mysql_real_escape_string($item->title)."',
'".mysql_real_escape_string($item->description=htmlspecialchars(trim($item->description)))."',
'".mysql_real_escape_string($item->link)."',
'".mysql_real_escape_string($item->pubdate)."');
$selres = mysql_query($selsql);
$insRes = mysql_query($insSQL);
Don't use single quote around column names, if anything use ` to wrap column names. You also didn't have quotes around your $selSQL, see below and try it:
$selSQL = "SELECT * FROM `rss-feeds` ORDER BY `title`";
$insSQL = "INSERT INTO `rss_feeds` (`id`, `title`, `description`, `link`, `pubdate`)
VALUES (
'',
'".mysql_real_escape_string($item->title)."',
'".mysql_real_escape_string($item->description=htmlspecialchars(trim($item->description)))."',
'".mysql_real_escape_string($item->link)."',
'".mysql_real_escape_string($item->pubdate)."')";
$selres = mysql_query($selsql);
$insRes = mysql_query($insSQL);
Related
I want to insert the data I have in my grid in table 'quote' in my database, when I put this code in the trigger on ProcessMaker.
when I tried with a normal form it worked but if the grid it works I think it's a problem of syntax or foreach gridsizerows n is not, can someone please help me:
here is the code
$i=0 foreach ($i < $gridsizerows) {
$i = i +1;
$id = #mygrid [$i]['id'];
$quantity = #mygrid[$i]['quantity'];
$pu = #mygrid[$i]['possible'];
$pt = #mygrid[$i]['pt'];
$to = #mygrid [$i]['designation'];
$sql = "INSERT INTO quotes (id, designation, quantity, pu, pt) VALUES ($id, $from, $pu, $pt, $amount)";
$tmp_db = executeQuery($sql, '90911865253a802b030e577077431812');
}
Your code looks good, 2 possible changes you might want to do are as given below..
Instead of this:
$sql = "INSERT INTO quotes (id, designation, quantity, pu, pt) VALUES ($id, $from, $pu, $pt, $amount)";
Use this:
$sql = "INSERT INTO quotes (id, designation, quantity, pu, pt) VALUES ('$id', '$from', '$pu', '$pt', '$amount')";
and Instead of this:
$tmp_db = executeQuery($sql, '90911865253a802b030e577077431812');
Use this:
$dbConn = '90911865253a802b030e577077431812';
$tmp_db = executeQuery($sql, $dbConn);
I have a PHP file which is taking in seven variables like so:
$name=$_REQUEST['membername'];
$email=$_REQUEST['email'];
$dob=$_REQUEST['dob'];
$gender=$_REQUEST['gender'];
$phone=$_REQUEST['phone'];
$county=$_REQUEST['county'];
$IP=$_REQUEST['IP'];
Some of these will not be set. What I want to do is construct a query which will search the members table such that if only $email and $dob are set it will only search by $email and $dob, ignoring the others. Or if only $phone, $name, and $gender are set, it will search those three columns only.
Is there an easier method than constructing a big block of if isset functions covering all possible permutations?
If you don't want to search on a field, pass NULL for the parameter and structure your WHERE clause something like...
WHERE
( (#parameter1 IS NULL) OR (column1 = #parameter1) )
AND
( (#parameter2 IS NULL) OR (column2 = #parameter2) )
I don't spend much time in MYSQL so the syntax is probably a bit off but you get the idea.
Presuming that you use parameters to push values into the query...
SELECT *
FROM MyTable
WHERE name = COALESCE(#p1, name)
OR email = COALESCE(#p2, email)
OR dob = COALESCE(#p3, dob)
...
...
If you construct a query string in PHP you can, instead, take another tack:
function AddWhere(&$where, $dbFieldName, $fieldValue)
{
if ($fieldValue <> "")
{
if (strlen($fieldName) > 0)
$fieldName .= " AND ";
$fieldname .= '(' + $dbFieldName + ' = \'' + $fieldValue + '\')'
}
}
Then, when you're retrived the variables, build a SQL statement thusly
$whereClause = ''
AddWhere($whereClause, 'name', $name)
AddWhere($whereClause, 'email', $email)
AddWhere($whereClause, 'dob', $dob)
...
IF (strlen($whereClause) > 0)
{
$sql = 'SELECT * FROM MyTable WHERE ' + $whereClause
... etc
}
(I'm not great at PHP, so the syntax may be somewhat screwed up).
I have function in CodeIgniter to retrieve latest posts from 2 tables:
public function get_latest_comments($amount)
{
$query = $this->db->query('
SELECT *, FROM_UNIXTIME(date) AS timestamp
FROM comments
ORDER BY timestamp DESC
LIMIT 5
');
if ($query->num_rows() > 0) {
$result = $query->result_array();
for ($i = 0; $i < sizeof( $result ); $i++) {
$result[$i]['author_info'] = $this->comments_model->get_comment_author( $result[$i]['id'] );
$result[$i]['date'] = mdate( "%M %m, %Y", $result[$i]['date'] );
if ($result[$i]['section'] === 'blog') $loc = 'blog_posts';
if ($result[$i]['section'] === 'core') $loc = 'public_posts';
$this->db->select( 'title, slug' );
$query = $this->db->get_where( $loc, array('id' => $result[$i]['location']) );
$result[$i]['post_title'] = $query->row( 'title' );
$result[$i]['url'] = base_url() . $result[$i]['section'] . '/view/' . $query->row( 'slug' ) . '/';
}
return $result;
}
return false;
}
The problem is that it runs too slow. My page sometimes loads 7-8 seconds. I suspect this query running 2 times + similar query gathering latest comments slows down my page.
I have a bad feeling about queries inside the loop. How can I avoid that?
The structure of my table is:
users (id, username, mail ...
user_info ( user_id, name, surname
public_posts ( id, slug, text, author(user id) ...
blog_posts ( id, slug, text ...
comments ( id, text, author, location(post_id_, section(post_table) ...
Check by expalining your Query , Go to the mysql command line and type
EXPLAIN SELECT *, FROM_UNIXTIME(date) AS timestamp FROM comments ORDER BY timestamp DESC LIMIT 5
Explain will tell you everything about the query, On its bases you can decide for the indexing also.
Make a practice to expalin every select query before using it in the code.
Plus you can also do profiling when ever you think your code is taking time. In codeigniter Profiler class is available, please go through the below link.
https://www.codeigniter.com/userguide3/general/profiling.html
This is what I'm doing now, how to do this without resorting to a subquery and without the php. I can just run it inside phpmyadmin directly:
<?php
$query = mysql_query(" SELECT node_id FROM embeds ");
while($row = mysql_fetch_assoc($query)) {
$node_id = $row['node_id'];
mysql_query(" INSERT INTO node_teaser(node_id, content) VALUES('$node_id', 'This is the teaser!') ");
}
?>
INSERT INTO node_teaser(node_id, content)
SELECT node_id, 'This is the teaser!' FROM embeds;
I need to make a search engine where a user can search by name,course,member,year(text field) from the table fsb_profile fields are profile_name,profile_course,profile_member,profile_year
search will be with any one field
or
search will be with all the field
or
search will be with more than one field
-How it is possible by using only one query??
i am making the code like:-
$query="select * from fsb_profile
where profile_name = '".$_REQUEST['name']."'
and profile_member= '".$_REQUEST['type']."'
and profile_year= '".$_REQUEST['year']."'
and profile_course='".$_REQUEST['course']."'
or profile_name = '".$_REQUEST['name']."'
or profile_member= '".$_REQUEST['type']."'
or profile_year= '".$_REQUEST['year']."'
or profile_course='".$_REQUEST['course']."'";
-but it is not working?
try this query. using this query you can extract details using the combination of search factors
$query="select * from fsb_profile
where profile_name = '".$_REQUEST['name']."'
or profile_member= '".$_REQUEST['type']."'
or profile_year= '".$_REQUEST['year']."'
or profile_course='".$_REQUEST['course']."'";
If I understand you correctly, you want to search so that either all the fields match or that at least two fields match?
In that case I'd try the following:
$query="select * from fsb_profile
where
(
profile_name = '".$_REQUEST['name']."'
and profile_member= '".$_REQUEST['type']."'
and profile_year= '".$_REQUEST['year']."'
and profile_course='".$_REQUEST['course']."'
)
OR
(
(
profile_name = '".$_REQUEST['name']."'
AND
(
profile_member= '".$_REQUEST['type']."' OR
profile_year= '".$_REQUEST['year']."' OR
profile_course='".$_REQUEST['course']."'"
)
)
OR
(
profile_member= '".$_REQUEST['type']."'
AND
(
profile_year= '".$_REQUEST['year']."' OR
profile_course='".$_REQUEST['course']."'"
)
)
OR
(
profile_year= '".$_REQUEST['year']."' AND
profile_course='".$_REQUEST['course']."'"
)
)
This returns all sets where either all criteria match or a combination of at least two other criteria matches. I didn't try this really, but that's what I'd start off with.
First off, I would advise you to sanitize your input data. You should NEVER put user-entered data into an SQL query without checking it; that's just asking for trouble.
As for your question, it seems like you're having some trouble with the logic (ANDs and ORs) in your statement. With the statement you are using, you will get all records that match all four fields entered in the search engine, as well as all records that match ANY of the four fields entered. It might be best for you to just construct the query string on the fly, something like:
$arr = sanitize_data($_REQUEST);
$query = "select * from fsb_profile ";
$count = 0;
if ( isset($arr['name']) ) {
$query .= (($count > 0)?"and":"where")." profile_name = '".$arr['name']."' ";
count++;
}
if ( isset($arr['type']) ) {
$query .= (($count > 0)?"and":"where")." profile_member = '".$arr['type']."' ";
count++;
}
if ( isset($arr['year']) ) {
$query .= (($count > 0)?"and":"where")." profile_year = '".$arr['year']."' ";
count++;
}
if ( isset($arr['course']) ) {
$query .= (($count > 0)?"and":"where")." profile_course = '".$arr['course']."' ";
count++;
}
You need to add some If statements to only include search criteria if the information is filled in.
$query = "select * from fsb_profile"<br />
$subquery = ""<br />
If($_REQUEST['name') != "") {<br />
if($subquery == "") $subquery = "where "<br />
else $subquery .= "and "<br />
<br />
$subquery .= "profile_name = '" . $_REQUEST['name']<br/>
}
$query .= $subquery
You could continue to do that for all the items. Note that you can use a for statement and I would HIGHLY recommend parameterizing the search string to prevent SQL injection attacks. I have only include some of the code here for brevity.
This will search on ALL the criteria that is specified to find a result.