Php Questions

twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
in Off-Topic
<div class="IPBDescription">I'll be updating this regularly</div> Number ONE:

Can I not use superglobals in mySQL queries?

I tried this:

<!--c1--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->$query = "INSERT INTO tfposts (post_topic, post_author, post_body) VALUES ('" , $_POST['topic'] , "', '" , $_POST['author'] , "', '" , $_POST['postbody'], "')";<!--c2--></td></tr></table><div class='postcolor'><!--ec2-->

But it didn't work. Do I have to define all of the form entries I take as separate variables?
Off Topic Disagree Agree Awesome

Comments

  • TequilaTequila Join Date: 2003-08-13 Member: 19660Members
    I don't know, but I'm bumping because I'm kind and want your technical knowledge to flourish.
    Off Topic Disagree Agree Awesome
  • DOOManiacDOOManiac Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
    edited February 2005
    First off, use the . (period) operator to concat the strings, like this:

    <!--c1--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->$query = "INSERT INTO tfposts (post_topic, post_author, post_body) VALUES ('".$_POST['topic']."', '".$_POST['author']."', '".$_POST['postbody']."')";<!--c2--></td></tr></table><div class='postcolor'><!--ec2-->

    Second off, make sure you do addslashes() to each of those variables in case your users decide to post a topic containing ' or " or \ :P


    And you are doing mysql_query($query) right? heh.
    Off Topic Disagree Agree Awesome
  • twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
    edited February 2005
    Hooray!

    I thought you always used commas when you jump out of inverted quotes? What's with the periods?

    Edit - oh, is it because they're variables and not strings?

    And for a reason I don't understand, I'm able to get away without using a function to addslashes and it still works (even when I use entries with backslashes and suchlike).
    Off Topic Disagree Agree Awesome
  • DOOManiacDOOManiac Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
    You must have magicquotes turned on or somesuch.

    but anyway, I've never seen the comma used as a concat operator before. That's just wierd. You wanna use period.
    Off Topic Disagree Agree Awesome
  • twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
    OK.

    Question TWO:

    Formatting a date made with NOW(). Do I have to use PHP (exploding the string into variables that I can shuffle around) or is there a way to do it with the SQL query, or in the mySQL table itself?
    Off Topic Disagree Agree Awesome
  • DOOManiacDOOManiac Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
    You can do it either with the query itself or w/ PHP after you fetch it.

    To do it w/ PHP, check out <a href='http://us4.php.net/manual/en/function.strtotime.php' target='_blank'>strtotime</a> and read the user comments. There's another function you need there too, I think the unix timestamp conversion, but not sure. Its 3:20am.

    To do it w/ MySQL, check out the <a href='http://dev.mysql.com/doc/mysql/en/date-and-time-functions.html' target='_blank'>DATE_FORMAT</a> function (about 1/5 down the page)

    As far as which is better, well it depends on the situation. I use both about equally.
    Off Topic Disagree Agree Awesome
  • twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
    edited February 2005
    So, if my date's stored in table field 'post_time', how would I call it with DATE_FORMAT if I'm wanting to SELECT *?
    Off Topic Disagree Agree Awesome
  • eedioteediot Join Date: 2003-02-24 Member: 13903Members
    Don't trust DOOM he doesn't even know how to code in php he's lying out of his ****
    Off Topic Disagree Agree Awesome
  • twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
    He's done very well so far.
    Off Topic Disagree Agree Awesome
  • DOOManiacDOOManiac Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
    <!--QuoteBegin-emperor awesome+Feb 3 2005, 03:47 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (emperor awesome @ Feb 3 2005, 03:47 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Don't trust DOOM he doesn't even know how to code in php he's lying out of his **** <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd-->
    Mwahahaha.

    Anyways, if you scroll down on the MySQL manual page I linked past the table, it gives you several examples:

    <!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->mysql> SELECT DATE_FORMAT('1997-10-04 22:23:00', '%W %M %Y');
            -> 'Saturday October 1997'
    mysql> SELECT DATE_FORMAT('1997-10-04 22:23:00', '%H:%i:%s');
            -> '22:23:00'
    mysql> SELECT DATE_FORMAT('1997-10-04 22:23:00',
                              '%D %y %a %d %m %b %j');
            -> '4th 97 Sat 04 10 Oct 277'
    mysql> SELECT DATE_FORMAT('1997-10-04 22:23:00',
                              '%H %k %I %r %T %S %w');
            -> '22 22 10 10:23:00 PM 22:23:00 00 6'
    mysql> SELECT DATE_FORMAT('1999-01-01', '%X %V');
            -> '1998 52'<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
    Off Topic Disagree Agree Awesome
  • twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
    But say I want to select everything from a table AND apply that rule. Would it look something like this:

    SELECT *, DATE_FORMAT('time_post', '<format>') FROM tfposts ETC ETC?
    Off Topic Disagree Agree Awesome
  • DOOManiacDOOManiac Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
    Yeah you could do that, although its a little wasteful. :P
    Off Topic Disagree Agree Awesome
  • twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
    Well, how would you do it?
    Off Topic Disagree Agree Awesome
  • DOOManiacDOOManiac Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
    Instead of querying for *, its better to just pick out the individual fields you're using.

    For example, if you do SELECT * on a table w/ 50 different fields, and you only need 2, and you're pulling back 6000 records, that is a ton of waste.

    However if you did SELECT name, id or whatever with just the 2 you need, then you save a lot of overhead.
    Off Topic Disagree Agree Awesome
  • twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
    Oh, well yeah, I know that. My table's just four fields long and I need them all. <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink-fix.gif' border='0' style='vertical-align:middle' alt='wink-fix.gif' /><!--endemo-->

    So my code's as efficient as possible if I want to extract everything from the table?
    Off Topic Disagree Agree Awesome
  • DOOManiacDOOManiac Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
    Technically speaking no, because you're only using 3 fields as is. The date field you're formatting w/ date_format and thus you're getting it twice if you do *. But if you're not getting a ton of rows at once its no big deal. I was just trying to encourage good habits. :P
    Off Topic Disagree Agree Awesome
  • twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
    Oh, right. Cheers!
    Off Topic Disagree Agree Awesome
  • twoflowtwoflow Singing Drunk Join Date: 2002-11-01 Member: 1950Members, Constellation
    Right, what am I doing wrong?

    <!--c1--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->require('mysql_connect.php') or die ("<p>A server error has occurred.  Please try again later.  We're sorry for the inconvenience.</p><p>Error description: " . mysql_error() . "</p>");<!--c2--></td></tr></table><div class='postcolor'><!--ec2-->
    Isn't 'or die' a global PHP thing? Why can't I apply it here? (the script runs fine until I try to access the database (and mysql_connect.php), where I get:

    <!--c1--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->Warning: main(1): failed to open stream: No such file or directory in (address) on line 23

    Fatal error: main(): Failed opening required '1' (include_path='(address)') in (address) on line 23<!--c2--></td></tr></table><div class='postcolor'><!--ec2-->

    The script works fine if I comment out the die section.

    Also, should I use require('./mysql_connect.php') or ('mysql_connect.php') or is there no difference?
    Off Topic Disagree Agree Awesome
  • DOOManiacDOOManiac Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
    edited February 2005
    I think the message that <span style='font-family:Courier'>require</span> spits out overrides any 'or die' you may have, as it immediately bombs out when the required file isn't found, and thus it wouldn't be used here anyway.

    This is of course just my guessing though, I don't know for sure.

    It wouldn't make sense to have that error message anyway, because its not like the file is going to up and disappear cause your mysql server went down...
    Off Topic Disagree Agree Awesome
  • antifreezeantifreeze The guy with the goods&#33; Join Date: 2003-05-12 Member: 16232Members, Constellation
    Ok i have a question...

    Why when i do this:
    <!--c1--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>CODE</b> </td></tr><tr><td id='CODE'><!--ec1-->mkdir(const_doc_root."tutorials/$newTutID/", 0777);

    if ($_FILES['xml']['name'] != "") {
    copy ($_FILES['xml']['tmp_name'],
    const_doc_root."tutorials/$newTutID/tutorial.xml");
    }

    if ($_FILES['thumb']['name'] != "") {
    copy ($_FILES['thumb']['tmp_name'],
    const_doc_root."tutorials/$newTutID/thumb.jpg");
    }
    <!--c2--></td></tr></table><div class='postcolor'><!--ec2-->

    Do i get this:
    <!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Warning: mkdir(/export2/webroot/users/d4025579/hawxby/tutorials/10/):
    Permission denied in
    /export2/webroot/users/d4025579/hawxby/admin/tutorials/new/index.php on
    line 27

    Warning:
    copy(/export2/webroot/users/d4025579/hawxby/tutorials/10/tutorial.xml):
    failed to open stream: No such file or directory in
    /export2/webroot/users/d4025579/hawxby/admin/tutorials/new/index.php on
    line 30

    Warning:
    copy(/export2/webroot/users/d4025579/hawxby/tutorials/10/thumb.jpg):
    failed to open stream: No such file or directory in
    /export2/webroot/users/d4025579/hawxby/admin/tutorials/new/index.php on
    line 34<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->

    My uni server admins claim they don't know why, damn them all to hell.
    Off Topic Disagree Agree Awesome
  • DOOManiacDOOManiac Worst. Critic. Ever. Join Date: 2002-04-17 Member: 462Members, NS1 Playtester
    The user running the script (apache if its a webserver, or your username if its command line) doesn't have chmod rights to mkdir() in whatever directory you're trying to make.
    Off Topic Disagree Agree Awesome
Sign In or Register to comment.