|
Posted by Jack Jackson on 06/02/05 23:13
Thanks for the reply, Greg,
I see how that is useful. I am confused as to how I would implement it
here. Please bear with me as I am a newbie and am now perhaps more
confused than ever!:
I'm trying to use the number given in the $_GET URL to build one piece
of the sql:
If there is anything set in the $_GET field other than ?c=[valid int] or
?p=[valid int] or ?s=[valid int] then I want to bounce to a plain index.
If it's a valid int (a positive int which corresponds to a valid row)
then I want to set its value to the appropriate variable: either $c, $p
or $s, and thus set the values of $fields, $from and $where.
<?php //IF there is a valid query by cartoon, use $c to build the SQL
$fields = 'SELECT art.*,publisher.*,subject.*';
$from = 'FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id';
$sort = "ORDER BY art.art_pub_date";
$where = "WHERE art.art_id = '$c' AND
subject.subject_id=art.subject_id";
?>
If that were instead a $p then I would do:
<?php //IF there is a valid query by publisher, use $p to build the SQL
$fields = "SELECT art.*,publisher.*,subject.*";
$from = "FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id";
$where = "WHERE publisher.publisher_id=art.publisher_id AND
art.publisher_id = '$p' AND
subject.subject_id=art.subject_id";
?>
If that were instead an $s then I would do:
<?php //IF there is a valid query by subject, use $s to build the SQL
$fields = "SELECT art.*,publisher.*,subject.*";
$from = "FROM art,subject
LEFT JOIN publisher
ON publisher.publisher_id=art.publisher_id";
$where = "WHERE publisher.publisher_id=art.publisher_id AND
art.subject_id = '1' AND
art.subject_id=subject.subject_id";
?>
I'm sure your method works ( ;) ). If I understand it, as my friend
Darrell said about your suggestion:
'...We iterate through the array seeing if there's a submitted HTML form
field name that matches the current database column name. If so, we add
the column name and the value submitted in the form to a string that is
being built into a database query.'
I'm trying to see how this code lets me do that. I know it's right in
front of my face but I cannot see how to adapt it to the task. .
Thanks in advance!!
Greg Donald wrote:
> On 6/2/05, Jack Jackson <jackson.linux@gmail.com> wrote:
>
>> I'd love some help with http://hashphp.org/pastebin?pid=3443 if anyone
>>can...
>>
>>Basically I want to make it so that, if the get in the url specifies no
>>query or a query to a nonexistent row, send to vanilla index. If url
>>specifies c= then set $c=c and use the number to build the mysql query;
>>same for p= and s= - if they're valid build the query, if not kick em out.
>>
>>Can anyone offer any help?
>
>
> I'd iterate over the $_GET array to build the query elements. Then
> implode those elements.
>
> $array = array();
>
> while( list( $k, $v ) = each( $_GET ) )
> {
> if( $k == 'somekeynotindb' )
> {
> continue;
> }
>
> $array[] = $k . "='" . $v . "'";
> }
>
> if( $array )
> {
> $and = implode( ', ', $array );
> }
>
> $sql = "
> SELECT *
> FROM table
> WHERE 1
> $and
> ";
>
> $query = mysql_query( $sql );
>
>
[Back to original message]
|