PHPBuilder - So you want to use a database in your site? Page 3



RSS Twitter
Articles Databases

So you want to use a database in your site? - Page 3

by: Jess Castagnetto
|
July 30, 2000

Example 1: a simple SQL query interface

The first thing we will do is to create a simple form, and a script to handle SELECT statements and show the results in tabular form. We will also save the query string for debugging purposes.
sql_form.html

<html>
<title> SQL form</title> 
<body bgcolor="white">
Enter you SELECT query statement below:
<form action="do_sql.php3" method="POST">
<b>SELECT</b>  
<input type="text" name="sqlstring" size="60"> 
<input type="submit" name="submit" VALUE="Submit query">
</form>
</body>
</html>
do_sql.php3

<html>  
<head>  
    <title>Results from query</title>  
</head>  
<body bgcolor="white">  
<h1 align="center">Query Results</h1>  
<?  
    
/* This script will just receive an SQL string 
     * and do a "SELECT" query. No syntaxis validation is 
     * made. Also, only SELECTs are supported to avoid someone 
     * compromising the integrity of the database contents. 
     * --- Jesus M. Castagnetto 
     */ 

    
$qstring stripslashes ($sqlstring ) ;  
     echo  ( 
"Saving your query for debugging purposes<BR>\n" ) ;  
     echo  ( 
"Your query was: <B>\"select $qstring\"</B><BR>\n" ) ;  

    
$link msql_pconnect ( ) ;  
    
$res msql "documents",  "select ".$qstring$link ) ;   
     if  (
$res )  {  
    
$nrows msql_num_rows ($res ) ;  
    
$nfields msql_num_fields ($res ) ;  
    
printf "and it found: <B>%d rows</B>\n",$nrows ) ;  
     }  else  { 
     echo  ( 
"<BR>Your query did not find any matches. Try again<BR>\n" ) ;  
     } 
     
     
/* save info into a file */   
    
$datestamp date "Y-m-d H:i:s",time ( ) ) ;  
    
$fp fopen "sql_form.log",  "a+" ) ;  
    
fwrite ($fp,  "DATE: $datestamp\n" ) ;  
    
fwrite ($fp,  "QUERY: select $qstring\n" ) ;  
    
fwrite ($fpsprintf "RESULT: %d rows\n\n",$nrows ) ) ;  
    
fclose ($fp ) ;  
     
?>  
<table>  
<?  
     
if  ($res )  {  
     echo ( 
"\n<tr bgcolor=\"#E0FFFF\">" ) ;  
     for  (
$i=0$i $nfields$i++)  {  
        
$fname msql_fieldname ($res,$i ) ;  
         echo  ( 
"<th>$fname</th>" ) ;  
     }  
     echo ( 
"</tr>" ) ;  
    
$color =   "#D3D3D3" ;  
     for  (
$i=;$i<$nrows ;$i++ )  {  
         if  ( (
$i ) == )  {  
         echo  ( 
"\n<tr>" ) ;  
         }  else  {  
         echo  ( 
"\n<tr bgcolor=$color>" ) ;  
         }  
        
$rowarr msql_fetch_row ($res ) ;  
         for  (
$j=;$j<$nfields ;$j++ )  {  
        
$val $rowarr[$j] ;  
         if  (
$val ==   ""  )  {  
            
$val stripslashes "&nbsp\;" ) ;  
         }  
         echo  ( 
"<td>".chop ($val ). "</td>" ) ;  
         }  
         echo  ( 
"</tr>" ) ;  
     }  
     }  
?>  
</table>  
</body>  
</html>
That's it! Now if we do a search like:
(mockup form, does nothing)
SELECT
We will get the following output:

Query Results
Saving your query for debugging purposes
Your query was: "select title,published from article where author like '%perdue%'"
and it found: 3 rows
titlepublished
Building Dynamic Pages With Search Engines in Mind19990117
Logging With PHP19990130
Sending Mail With PHP319990221
This simple interface can be quite powerful, depending on how you set your SQL queries. For example, if you decide to obtain the body of the articles written by Rasmus Lerdorf, then you would use the following query:

SELECT article.title,article.author,body.contents from article,body
where article.author clike '%rasmus%' and article.id=body.id order by
body.line_num
Or we can be even fancier and select only the lines of the article from a particular author containing one or more keywords of interest:

SELECT article.title,article.author,body.line_num,body.contents 
from article,body
where aticle.author='Mark Musone' and article.contents clike '%pop%' and
article.id=body.id order by body.line_num
Other queries can be also done, but this should suffice to whet your appetite.
In the next part of this article we will tackle the parsing of variables, and construction of an SQL query from them.

« Previous Page
1
|
2
|
3
|
4
|
5
|
6
|
7
Next Page »

Comment and Contribute

Your comment has been submitted and is pending approval.

Author:
Jess Castagnetto

Comment:



Comment:

(Maximum characters: 1200). You have characters left.