Jump to content

Ajax using PHP Script


Guest vfalkar
 Share

Recommended Posts

Guest vfalkar

Hi all.I went trrough the Ajax database example given in:http://www.w3schools.com/ajax/ajax_database.aspThe code is given in asp.i want to write the same code in PHP csript i mean the last part.Now i am taking a sample database for doing the same.But on selecting the user name the details are not displayed. Neither any error is being displayed.What might be the possible error?Can anyone give me the exact code for doing so?

Link to comment
Share on other sites

  • 2 weeks later...

vf,It should be something like this:$cid = $_GET['cid'];$sqlconnect=<your sql connect string>;sql="SELECT * FROM CUSTOMERS WHERE CUSTOMERID=$cid";proc=($sqlconnect, $sql);echo "<table>";while(odbc_fetch_row($proc)){ echo "<tr><td><b>".odbc_result($proc,"name")."</b></td>"; echo "<td>".odbc_result($proc,"value")."</td></tr>";}echo "</table>";obviously it will be a little different depending on what you're pulling from the database. as usual, read the php tutorial for specifics on how to pull data from a database.~ MiJa

Link to comment
Share on other sites

PHP handles database connections totally different than ASP does. But this depends on which database you are using. If you are using MySQL:

<?php$cid = $_GET['cid'];mysql_connect($database_server, $database_user, $database_password);mysql_select_db($database_name);$sql="SELECT * FROM CUSTOMERS WHERE CUSTOMERID='" . mysql_escape_string($cid) . "'";$result = mysql_query($sql);echo "<table>";while($row = mysql_fetch_assoc($result)){  echo "<tr><td><b>".$row['name']."</b></td>";  echo "<td>".$row['value']."</td></tr>";}echo "</table>";?>

You also need to protect against SQL injection, it is a terrible idea to take things directly from GET or POST and use them in database queries (that's the point of the mysql_escape_string function above). That's a great way to allow someone to delete your entire database.

Link to comment
Share on other sites

PHP handles database connections totally different than ASP does.  But this depends on which database you are using.  If you are using MySQL:
<?php$cid = $_GET['cid'];mysql_connect($database_server, $database_user, $database_password);mysql_select_db($database_name);$sql="SELECT * FROM CUSTOMERS WHERE CUSTOMERID='" . mysql_escape_string($cid) . "'";$result = mysql_query($sql);echo "<table>";while($row = mysql_fetch_assoc($result)){  echo "<tr><td><b>".$row['name']."</b></td>";  echo "<td>".$row['value']."</td></tr>";}echo "</table>";?>

You also need to protect against SQL injection, it is a terrible idea to take things directly from GET or POST and use them in database queries (that's the point of the mysql_escape_string function above).  That's a great way to allow someone to delete your entire database.

Good point about sql injection but is it really possible to delete something with a SELECT statement? :)Please only comment about my statement here http://w3schools.invisionzone.com/index.php?showtopic=4186so we don't hijack this post.
Link to comment
Share on other sites

Of course it's possible, you can run anything you want. If this is the code:$id = $_GET['id'];$sql = "SELECT * FROM table WHERE id=$id";Consider this:page.php?id=0%3BDELETE%20FROM%20table%20WHERE%201the query becomes:$sql = "SELECT * FROM table WHERE id=0;DELETE FROM table WHERE 1"

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...