i am writing a html form, that simply passes data to a php one, and then to an sql database.
my question is, should view be stored in php or sql (and call them from php)?
i could do that. the problem is that in my views i have variables. i.e each time i call them i have different parameters in them.
so my php code looks like this:
$this->query = "SELECT student.gender FROM student WHERE email ='$this->email'";
if i put the above view in mysql, i can't use a variable like "email" right?
so where are view better to be stored?
same goes for procedures ?
$this->query = sprintf("SELECT student.gender FROM student WHERE email ='%s'", $this->email);
Related
i'm using node.js to build a web. I connect to my database (Mysql) and
get the data then return to the client side.
I know that i can use the literal template to write my sql expression like below
promise(`SELECT table.name FROM table WHERE name = ?`,[parameter])
and i'm would like to know can i write my sql expression like this?
promise(`SELECT table.? FROM table`,[parameter])
I know the result is different, i just want to know it is right or not.
thank you and have a nice day.
No, but you could use string interpolation like:
promise(`SELECT table.name FROM table WHERE name = ${parameter}`)
I need help with Get Statements and Running on a site on PHP
I have this a my PHP code
This is how I save it but it only saves username ...
http://example.com/NC0.php?U=namehere
I have tried this below but it doesn't work
http://example.com/NC0.php?U=namehere?P=passhere
How can I make it like........ NC0.php?U=namehere?P=passhere
or something similar thanks!!!
You are using the ? multiple times. It is meant to start the query! To have multiple parameters in the URL you use the & symbol to differentiate the parameters.
For example,
http://example.com/NC0.php?U=namehere&P=passhere
I have an HTML form that I'm using to submit some SQL data. I'd like to pass the MYSQL function LAST_INSERT_ID() as a value but when I do this there are single tick marks that get added the the function upon insert and it fails, like this 'LAST_INSERT_ID()'.
I want to be able to use this function so I can call what that ID was.
Is it possible to pass this function successfully?
No, you can't pass SQL code instead of values and have it automatically executed on the server.
(Can you imagine how that could have been used by someone with not so good intentions...?)
You could send a special "magic" value, that the code on the server would recognise, and change the query to use last_insert_id() for the value. (You could use the function name as magic value, but you should probably use something less obvious.)
To insert code in a query like that, you need to create the SQL query dynamically. When you create queries dynamically, make sure to escape values properly so that the code isn't open to SQL injection attacks.
The following codeigniter query everytime is empty. $metas->result() is not fetching datas. If I var_dump the raw query and running in console everything is okay.
$metas=$this->db->query("SELECT id,meta_description, meta_title, meta_keywords, template, google_tracking, user_option
FROM domains
WHERE NAME ='$this->domain_name'");
return $metas->result();
Not only put in lowercase because of the naming conventions but also use binding to prevent sql injection:
$sql = "SELECT id,meta_description, meta_title, meta_keywords, template, google_tracking, user_option FROM domains WHERE name= ?";
$this->db->query($sql, array($this->domain_name));
CodeIgniter only excapes variables when you pass the variables as binds
try this
WHERE name ='$this->domain_name'");
Capitals it dfies the whole sql
I'm currently in hour two of this issue, I can't explain it so I will simply show what is going on. I don't know if this matters at all, but I am using the linkedIN API to retrieve a user's linkedIn unique ID.
In English, what I'm doing:
User Signs in with LinkedIn
I read-in user's LinkedIn ID (returned from the API)
If ID exists in database, say "hello", if not, show them a form to register
The issue I am having:
The following line works and properly returns the 1 user I have in the database with a linkedIn ID of OtOgMaJ2NM
$company_data = "SELECT * FROM s_user WHERE `LI_id` = 'OtOgMaJ2NM'";
The following query returns no results - using the same database with the same record in the table s_user:
$linkedIn_id = "<?js= id ?>";
echo $linkedIn_id;
The following code outputs OtOgMaJ2NM with no trailing spaces.
So far so good ... expcept when I run the query this time using the variable, no records are returned!
$company_data = "SELECT * FROM s_user WHERE `LI_id` = '$linkedIn_id'";
Further notes:
When I echo $company_data the same query is displayed when I use the variable as did when I used the plain text version of the query.
Anyone have ANY ideas?
Thanks,
Evan
I can only assume that when echoing variables it strips the tags, so when you're using it with the query you're actually saying:
$company_data = "SELECT * FROM s_user WHERE `LI_id` = '<?js= OtOgMaJ2NM ?>'";
I could be wrong, but have you tried stripping the tags from the variable?
If you send the variable between the "", the MySQL engine will search for $linkedIn_id literally and not for its content.
Seems you are using php, but I'm not sure about the right syntax. Take a look in the docs.