FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


MySQL help





Flakky
Okay here is the deal.
I got this information but my script only knows the post_ID.
Is it possible that my script can figure out the forum_id and thread_id?
If so how can I do this?

Picture is what phpMyAdmin reports about this.
rickylau
Perform below MySQL query, after that you can fetch each record as an array using PHP functions such as mysql_fetch_array (in numeric form or field name as key)
Code:
SELECT `forum_id`, `thread_id` FROM `unk_posts` WHERE `post_id`=[POST_ID];
Flakky
rickylau wrote:
Perform below MySQL query, after that you can fetch each record as an array using PHP functions such as mysql_fetch_array (in numeric form or field name as key)
Code:
SELECT `forum_id`, `thread_id` FROM `unk_posts` WHERE `post_id`=[POST_ID];

Thanks but it is not exactly clear on how to retrieve thread_id and forum_id.

Let's say I want to make the variable $threadid = the thread_id in the database and the $forumid = the forum_id in the database, how can I do this?

Sorry I never used MySQL before.
Nemesis234
$result = mysql_fetch_array(mysql_query("select * from unk_posts where post_id='POST ID HERE'"));

$result[TABLE HEAD] = CELL DATA
$result[forum_id] = forum id
$result[thread_id] = thread id

etc....
Flakky
Thank you very much I have now completed my feature on my forum.
This explains a lot to me how MySQL works as well so thanks Smile
Aredon
don't forget to use mysql_real_escape_string() for any string variables you might put into your query.
"SELECT * FROM `database` WHERE `whatever` = '.mysql_real_escape_string($string_variable).'" A failure to follow this very important habit will cause your scripts to be open to mysql injection attacks. (i.e. I could slip a delete query inside of your select query if you didn't escape it.) What I'm saying is, get into the habit now. Smile

This is only for strings though, for integers you should be safe doing (int)$id or int_val($id) within your query.
Flakky
Aredon wrote:
don't forget to use mysql_real_escape_string() for any string variables you might put into your query.
"SELECT * FROM `database` WHERE `whatever` = '.mysql_real_escape_string($string_variable).'" A failure to follow this very important habit will cause your scripts to be open to mysql injection attacks. (i.e. I could slip a delete query inside of your select query if you didn't escape it.) What I'm saying is, get into the habit now. Smile

This is only for strings though, for integers you should be safe doing (int)$id or int_val($id) within your query.

Oh, so for reals I have to do this:
Code:
$result = mysql_fetch_array(mysql_query("select * from unk_posts where post_id=int_val($Post_ID)"));

Am I right?
Aredon
generally here's what I have for a query like that:

Code:

$sql = "SELECT * FROM `unk_posts` WHERE `post_id`=".(int)$Post_ID;
$result = mysql_query($sql);
$array = mysql_fetch_array($result);


I'm not sure if it's actually necessary, but in my mind it sits as a good habit. (int) set the variable type to integer, so no string injection can be done. Also remember that in php you shouldn't call a variable inside a string, and you can't call a function inside a string. You should break the string and "add" (.) it.

in other words (using your example):
Wrong: $result = mysql_fetch_array(mysql_query("select * from unk_posts where post_id=intval($Post_ID)"));
Right: $result = mysql_fetch_array(mysql_query("select * from unk_posts where post_id=".intval($Post_ID)));

Also to be noted: I was incorrect it's intval() not int_val()
Fire Boar
The mysql_ functions are actually outdated. You should almost always use PDO instead, because it abstracts the actual database used making your code portable, and properly escapes input data.

Example:

Code:
// Configuration lines - the only part that is database-specific. Should probably be built from a config file in the real world.
$dsn  = 'mysql:dbname=mydatabasename;host=localhost';
$user = 'myusername';
$pass = 'mypassword';

// Connect to the database, or throw an error on failure.
try {
    $db = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

// Prepare a statement.
$stmt = $db->prepare('SELECT forum_id, thread_id FROM unk_posts WHERE post_id = ?');

// And execute it. You can use the same statement more than once. Here just for example purposes I'm running the query four times, each with a different post_id.
$post_ids = array(2, 6, 7, 9);
$result = array();
foreach ($post_ids as $post_id)
{
  $stmt->execute(array($post_id));
  $result = $stmt->fetchAll();
}

// Alternatively, you could do it like this:
$stmt->bindParam(1, $_GET['post_id'], PDO::PARAM_INT);
$stmt->execute();
$stmt->fetchAll();
Flakky
@Fire Boar:
I appreciate the advice though I stick with this as I finally know how it works

@Aredon:
Thanks, I have applied all you said. It works flawless and is probably safe.
I am using these features more often now to create a lot more functions. All based around the things I learned in this thread Wink
Related topics
MYSQL HELP!!!!!
mysql/php help please
Help Installing MySQL on SuSE Linux using ssh
Online Game
PHP/Mysql - beginner!
Setup php,mysql and others...
MySQL HELP!!
php HELP!!!
PHP + MySQL Help
Crazy language/character set in MYSQL! HELP, PLEASE!!!
SQL.....Where to start?
mySQL help needed please.
mySQL help needed, any other good database thing?
Twitter like follow system with MySQL - Help
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.