IPT home IPT A Virtual Approach by Peter Whitehouse
Quick Links:
 
 
PHP home
Information and Intelligent Systems Social and Ethical Implications Human Computer Interaction Software and Systems Engineering eXercise Files Course Outline and Assessment A-Z of Geeky Acronyms Terrace Work Program 2004 Sillybus FAQ = Frequently Asked Questions Help
 
 

PHP Query Engine

based on Music Database

Run the Script live...

The difficulty with any PHP immediate-mode project (ie. type a question, get an answer, now) is getting the query to the MySQL server. This is made more complex by an HTML form's inability to accurately encode symbols entered through a form element (text boxes, areas etc). Escape characters, like the double quote (") have a reserved meaning and are encoded out of a form as \". Note the leading slosh (\) put in by the form.. This then mangles the query and the SQL engine winges.

PHP kindly provides a function called stripslashes() which removes errant escape character junk allowing the query to be sent as typed. stripslashes has been used in the following script.

The script is a fairly functional query interface - standard MySQL can be entered into the text area and the answer table is returned with numbered lines. For explanation of actual codey bits - look lower in this page.

<?php
$link = mysql_connect("localhost", "username", "password") or die("Unable to connect");
mysql_select_db("dbname") or die("Unable to select database"); ?>
<form action="musicquery.php" method="post"> <p>Type your query here:<br> <textarea name="querytext" rows="10" cols="50" wrap></textarea> <br> <input type="submit" name="submitquery" value="SUBMIT"> </p> </form> <?php if ($query = stripslashes($_POST["querytext"])) { if ($result = mysql_query($query)) { echo "<p>Your Query has been processed.</p>"; echo "<p>Your Query was:<br><pre>".stripslashes($query)."</pre></p>"; $numrows = mysql_num_rows($result); $columns = mysql_num_fields($result); echo "<p> Here is your result table: </p>";
          echo "<p>The answer table has ".$numrows." rows, each having ".$columns." fields";
echo "<br> (collating may take some time - please be patient)</p>"; if ($numrows > 0) { print "<p> <table border=1 cellpadding=1 cellspacing=0><tr>"; for ($x = 0; $x < $columns; $x++) { print "<th>"; $name = mysql_field_name($result,$x); print "$name"; print "</th>"; } print "</tr>";
             while ($row = mysql_fetch_row($result)) {
                   print "<tr>";
                   for ($y =0; $y < $columns; $y++) {
                        print "<td>$row[$y]</td> ";
                   }
                   print "</tr>";
             } //end while
          print "</table>";
      } //end if result
      } else { echo "<p>Error Processing Query: " .mysql_error() . "</p>"; }
   }
?>

Notice:

  • I use a dirty trick of asking if there IS a query submitted, otherwise post an error first submit
  • if there was something in the query test box, I attempt to process it regardless of whether it is correct sql or not - this is not dangerous as the user permissions will let the user of this database SELECT only, so no nefarious commands can be injected
  • I print out the query, the number of rows and fields per row(if it is an error free query and it executed correctly) then the answer table
  • I use a "for each row, for each field" nested loop routine to visit each field row by row and output the answer table amongst table markup schrapnel

Run the Script live...

 

wonko@wonko.info
©Copyright t 1992..2018+. Edition 26.150117
wonkosite
Creative Commons License
This work is licensed under a
Creative Commons Attribution-NonCommercial-ShareAlike 2.1 Australia License
.