|
|
Posted by Brian on 05/25/05 02:43
Thanks for the reply, the problem is the example I gave is one of the
eager queries, the reason I want to send it via a link it because trying
to work out the queries in the makezip.php is going to be REALLY hard
as the combination is so big
Brian
"J.O. Aho" <user@example.net> wrote in message
news:3fhbofF7tvh8U1@individual.net...
> Brian wrote:
>> Hi
>>
>> I might be trying to do something that can't be done
>>
>> I have a PHP script that creates a zipped CSV file on the fly.
>> I am trying to send it the MySQL query via a link but I get errors as if
>> it
>> has not received the query
>>
>> the link is
>>
>> <a href="makezip.php?q=SELECT * FROM js WHERE lcase(dnote) =
>> lcase('T1107837')" target="exportWindow">EXPORT<a>
>>
>> the error is supplied argument is not a valid MySQL result
>>
>> the code on the makezip.php is
>>
>> $result = mysql_query($q,$db);
>> if ($myrow = mysql_fetch_array($result)) {..........
>>
>> is there any reason why I can't send my query to it and get it to run?
>
>
> You should avoid to send whitespaces in a HTML-request.
>
> Sending a whole sql-query, even if it wouldn't had included any
> whitespaces, better you set up a list of sql-queries that you would
> usually allow to be exported as a zipped file and see what arguments you
> would be able to adjust.
>
> eg:
> <a href="makezip.php?q=1&dnote=T1107837" target="exportWindow">EXPORT<a>
>
> where in your php script:
>
> switch($q) {
> case 1:
> $query="SELECT * FROM js WHERE lcase(dnote) = lcase('$dnote')";
> break;
> case 2:
> $query="SELECT * FROM js WHERE lcase(name) = lcase('$name')";
> break;
> case 3:
> ...
> }
>
> $result = mysql_query($q,$db);
> if ($myrow = mysql_fetch_array($result)) {
> ...
>
>
> This way your script would be a lot more secure too, than letting anyine
> to do what they want, even able to delete data.
>
>
>
> //Aho
Navigation:
[Reply to this message]
|