Guest vfalkar Posted April 10, 2006 Share Posted April 10, 2006 Hi all.I went trrough the Ajax database example given in:http://www.w3schools.com/ajax/ajax_database.aspThe code is given in asp.i want to write the same code in PHP csript i mean the last part.Now i am taking a sample database for doing the same.But on selecting the user name the details are not displayed. Neither any error is being displayed.What might be the possible error?Can anyone give me the exact code for doing so? Link to comment Share on other sites More sharing options...
MiJaMu Posted April 24, 2006 Share Posted April 24, 2006 vf,It should be something like this:$cid = $_GET['cid'];$sqlconnect=<your sql connect string>;sql="SELECT * FROM CUSTOMERS WHERE CUSTOMERID=$cid";proc=($sqlconnect, $sql);echo "<table>";while(odbc_fetch_row($proc)){ echo "<tr><td><b>".odbc_result($proc,"name")."</b></td>"; echo "<td>".odbc_result($proc,"value")."</td></tr>";}echo "</table>";obviously it will be a little different depending on what you're pulling from the database. as usual, read the php tutorial for specifics on how to pull data from a database.~ MiJa Link to comment Share on other sites More sharing options...
justsomeguy Posted April 24, 2006 Share Posted April 24, 2006 PHP handles database connections totally different than ASP does. But this depends on which database you are using. If you are using MySQL: <?php$cid = $_GET['cid'];mysql_connect($database_server, $database_user, $database_password);mysql_select_db($database_name);$sql="SELECT * FROM CUSTOMERS WHERE CUSTOMERID='" . mysql_escape_string($cid) . "'";$result = mysql_query($sql);echo "<table>";while($row = mysql_fetch_assoc($result)){ echo "<tr><td><b>".$row['name']."</b></td>"; echo "<td>".$row['value']."</td></tr>";}echo "</table>";?> You also need to protect against SQL injection, it is a terrible idea to take things directly from GET or POST and use them in database queries (that's the point of the mysql_escape_string function above). That's a great way to allow someone to delete your entire database. Link to comment Share on other sites More sharing options...
aspnetguy Posted April 24, 2006 Share Posted April 24, 2006 PHP handles database connections totally different than ASP does. But this depends on which database you are using. If you are using MySQL:<?php$cid = $_GET['cid'];mysql_connect($database_server, $database_user, $database_password);mysql_select_db($database_name);$sql="SELECT * FROM CUSTOMERS WHERE CUSTOMERID='" . mysql_escape_string($cid) . "'";$result = mysql_query($sql);echo "<table>";while($row = mysql_fetch_assoc($result)){ echo "<tr><td><b>".$row['name']."</b></td>"; echo "<td>".$row['value']."</td></tr>";}echo "</table>";?> You also need to protect against SQL injection, it is a terrible idea to take things directly from GET or POST and use them in database queries (that's the point of the mysql_escape_string function above). That's a great way to allow someone to delete your entire database. <{POST_SNAPBACK}> Good point about sql injection but is it really possible to delete something with a SELECT statement? :)Please only comment about my statement here http://w3schools.invisionzone.com/index.php?showtopic=4186so we don't hijack this post. Link to comment Share on other sites More sharing options...
justsomeguy Posted April 24, 2006 Share Posted April 24, 2006 Of course it's possible, you can run anything you want. If this is the code:$id = $_GET['id'];$sql = "SELECT * FROM table WHERE id=$id";Consider this:page.php?id=0%3BDELETE%20FROM%20table%20WHERE%201the query becomes:$sql = "SELECT * FROM table WHERE id=0;DELETE FROM table WHERE 1" Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now