Jump to content


  • Posts

  • Joined

  • Last visited

toxicityj's Achievements


Newbie (1/7)



  1. Update- Nevermind! Figured out the issue that I needed to put $year_select in quotes because the column name was 1950-1955 and it was treating that as a math problem instead of as a column name. Fixed that and it resulted in just outputting '1950'.I've got a database full of lovely numbers in a column that I'm trying to add up. I'm still new to PHP/SQL so I spend half the day googling for that solution. Well for some reason it just keeps outputting -5 and the sum no matter what the numbers are that it's given.I'm pretty sure my code is correct, because I got it to add up a separate column properly. SELECT SUM($year_select) AS Totals FROM agglomeration_growth_rate WHERE Country = $region_select Any ideas?
  2. That could work really well actually. With the added bonus that the data they sent me lists all the country codes, so unless those repeat I can use them as the IDs.
  3. Long story short I've got a client that wants a database consisting of the following:100 years of population data for ~200 different countries and regions. The population data is broken into 5 year increments, so I'd have population data for 90, 95, 00, 05, etc.What would be the best way to organize my database? I was thinking different tables for each of the years, but then I realized maybe a different table for each country consisting of all the data related to it would be better.I'm still very new to working with databases as the only experience I have is setting up databases for CMS's, small projects, etc. and a college-level course on using Microsoft Access. Both of which haven't been very useful in figuring out a good format for my database.Any help is appreciated, thanks!
  4. Okay I'm trying to figure out how to add security to what I've been working on. Technically the only two people that have access to anything that writes to a database is me and a friend I trust, but I may as well learn to do this from the get-go, regardless of need.My big question now is that instead of assigning all of my $_GET and $_POST 's variables, I've just been calling them in the mysql like so- mysql_query("DELETE FROM roster WHERE id='$_GET[id]'"); Is it a bad idea to just use $_GET in the middle of my mysql without assigning it a variable?How would I protect that from an injection? Like this? $_GET[id] = mysql_real_escape_string($_GET[id]) ?
  5. I'm curious-- why does an insecure version of that even exist?!also what does mysql_real_escape_string() actually do?
  6. I'm not too focused on security at the moment. I'm very new to this stuff and more worried about making stuff work. What I'm working on right now is just a simple roster and content management system for my World of Wacraft guild website so security isn't a huge issue. I do, however, have all of the stuff that deals with writing to the database in a password protected directory just in case. I do plan to eventually learn how to make things more secure though.
  7. Nevermind I'm an idiot. I was using $_POST when I should've been using $_GET. Always something simple!
  8. How do you use a variable in a mysql query? here's what I got //connection crap here$del = $_POST[delete];mysql_query("DELETE FROM roster WHERE id='?????????'"); What would i put in place of my question marks to have it delete entries with the dynamically listed ID, which is acquired via $_POST ?Hope I make sense!Thanks.edit- I've tried just dumping the following in there and none of them worked-$_POST[delete]$del
  • Create New...