NewSourceMedia Blog » mysql

Fix SQL INSERT problems with PHP addslashes function

admin — Mon, 15 Feb 2010 01:54:17 +0000

If you've created you own custom content management system using PHP, you may have noticed problems inserting data. One of the problems could be that your data may have characters that prevent it from being inserted. Some of the character that would cause this type of problem are single or double quotes, backslash, and NUL characters. You can escape these problematic characters using the PHP function addslashes(). As explained by the PHP manual: It returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte). As you can see from my example below, I first run the content through the addshashes function and than return it to the same named string "$Page_Content" before passing it to my SQL UPDATE or INSERT statement.

$Page_Content = addslashes($Page_Content);
$query = "UPDATE site_content SET Page_Title='$Page_Title', Page_Content='$Page_Content' WHERE id_f='$id_f'";
query_db($query);

How to backup MySQL Database via SSH

admin — Sat, 28 Nov 2009 02:44:53 +0000

First you log in using your terminal application by typing the flowing SSH command: ssh yourusername@hostname-or-ipaddress After that, you will be prompted to enter your password. As you enter your password, the text will be hidden. Next we should switch to the "root" user. You can do so by typing the following in your terminal window: su - root You will have to enter a password once more. Now navagate to where you would like to store your MySQL database file. For an example of changing the directory to the "public_html" direcotry, type this: cd /var/www/html_public Now you can back up your db here using the following command. This command will backup all of your databases. I also chose to compress them after the pipe "|" as a gzip file. Type the following but be sure to change the user name and password to your info: mysqldump -u yourusername -p yourpassword --all-databases | gzip >databasebackup.sql.gz You can also target single database using the following: mysqldump -u yourUserName -p yourDBName | gzip >databasebackup.sql.gz

Select UNIQUE or DISTINCT MySQL/PHP Queries

admin — Sun, 19 Apr 2009 20:09:28 +0000

How to filter / remove duplicate items in your database query result using DISTINCT Say you wanted to show a list of client names from using a portfolio projects database. The problem is you may have multiple portfolio projects for the same client. So if you ran that list, you could get something like: Nike, Nike, Audi, BMW, BMW, Kmart and Ford. Here is how to clean up all duplicate using the "DISTINCT" clause.

$query = "SELECT DISTINCT Client_Name FROM Portfolio ORDER BY Client_Name ASC";
$result = query_db($query);

while ($myrow = mysql_fetch_array($result))
{
echo $myrow[Client_Name].", ";
}

Notice how we did not add in "limit 0,1". DISTINCT does this for us. It will only return one item. You want to use it without any other columns, otherwise you are going to need a GROUP BY clause.

PHP MySQL Order by Two Columns

admin — Tue, 30 Nov 1999 06:00:00 +0000

Here's how to order your data by two or more columns using PHP and MySQL

Order by Two Columns

Here's how to order by more than one column. When ordering by more than one column, the second column is only used if the values are identical with the onces in the first column:

SELECT column_name(s)
FROM table_name
ORDER BY column_name1, column_name2

Sort the display by Ascending or Descending Order

If you use the ORDER BY keyword, the sort-order of the recordset is ascending by default (1 before 9 and "a" before "p"). Use the DESC keyword to specify a descending sort-order (9 before 1 and "p" before "a"):

SELECT column_name(s)
FROM table_name
ORDER BY column_name DESC

MySQL Table Fields Data Types

admin — Tue, 26 Dec 2006 00:22:11 +0000

Learn MySQL data types like Numeric Types, Date and Time Types and String Types for building dynamic web sites. Learn the three main basic data types used in MySQL and how to utilize them to build a more effective dynamic web site. Lots of web developers use MySQL but not all of them harness the power of these features. The three main types of data types used in MySQL are 1) Numeric (Integer/Numbers/Money) 2) String (Text) 3) Date (Dates and Time) It's very important to pick the right data to achieve speed, effective storage and data retrieval. Here is a introduction to data types:

Numeric Data Types

In addition to int (Integer data type), MySQL also has provision for floating-point and double precision numbers. Each integer type can take also be UNSIGNED and/or AUTO_INCREMENT.

TINYINT: very small numbers; suitable for ages. Actually, we should have used this data type for employee ages and number of children. Can store numbers between 0 to 255 if UNSIGNED clause is applied, else the range is between -128 to 127.
SMALLINT: Suitable for numbers between 0 to 65535 (UNSIGNED) or -32768 to 32767.
MEDIUMINT: 0 to 16777215 with UNSIGNED clause or -8388608 to 8388607.
INT: UNSIGNED integers fall between 0 to 4294967295 or -2147683648 to 2147683647.
BIGINT: Huge numbers. (-9223372036854775808 to 9223372036854775807)
FLOAT: Floating point numbers (single precision)
DOUBLE: Floating point numbers (double precision)
DECIMAL:Floating point numbers represented as strings.

Date and Time Data types

DATE: YYYY-MM-DD (Four digit year followed by two digit month and date)

TIME: hh:mm:ss (Hours:Minutes:Seconds)

DATETIME: YYYY-MM-DD hh:mm:ss (Date and time separated by a space character)

TIMESTAMP: YYYYMMDDhhmmss

YEAR: YYYY (4 digit year)

Text Data Type

Text can be fixed length (char) or variable length strings. Also, text comparisions can be case sensitive or insensitive depending on the type you choose.

CHAR(x): where x can range from 1 to 255.
VARCHAR(x): x ranges from 1 - 255
TINYTEXT: small text, case insensitive
TEXT: slightly longer text, case insensitive
MEDIUMTEXT: medium size text, case insensitive
LONGTEXT: really long text, case insensitive
TINYBLOB: Blob means a Binary Large OBject. You should use blobs for case sensitive searches.
BLOB: slightly larger blob, case sensitive.
MEDIUMBLOB: medium sized blobs, case sensitive.
LONGBLOB: really huge blobs, case sensitive.
ENUM: Enumeration data type have fixed values and the column can take only one value from the given set. The values are placed in parenthesis following ENUM declaration. An example, is the marital status column we encountered in employee_per table.
```
m_status ENUM("Y", "N")
```
Thus, m_status column will take only Y or N as values. If you specify any other value with the INSERT statement, MYSQL will not return an error, it just inserts a NULL value in the column.
SET: An extension of ENUM. Values are fixed and placed after the SET declaration; however, SET columns can take multiple values from the values provided. Consider a column with the SET data type as
```
foods SET ("Apples", "Cookies", "Pies", "Chicken")
```
You can have 0 or all the four values in the column.
```
INSERT tablename (foods) values ("Apple", "Cookies");
```

Create MySQL Database With PHP

admin — Tue, 26 Dec 2006 00:22:11 +0000

Create a dynamic web site by using MySQL Database and PHP. It is easy and I provided the code to cut and paste. Now let get started with PHP and MySQL code for building a Dynamic Web Site:

PHP & database connection code in a lib file for inclusion

1) First we make a php file called "lib.php" 2) Then we add the following php code to the lib.php file for making a connection to the database. Be sure to change the names to match your host name, user name, password and database name :

function dbconnect() { global $dbhost, $dbuser, $dbpass, $dbname; mysql_pconnect($dbhost, $dbuser, $dbpass); @mysql_select_db($dbname) or die ("Unable to select database"); }

function query_db($query) { dbconnect(); return @mysql_query($query); } ?>

Database Manager (PhpMyAdmin) to create a new table

3) Open up your database manager (PhpMyAdmin) and select your database, then click the SQL tab or icon for running a SQL query and copy and paste the following code in the text field then click the "Go" or "Submit" button to create the car_table database.

CREATE TABLE car_table (

car_make varchar(250) default NULL, car_model varchar(250) default NULL, car_year varchar(250) default NULL, id_field int(11) NOT NULL auto_increment, PRIMARY KEY (id_field) ) TYPE=MyISAM;

PHP code for managing your table fields

4) Download Code file "cars.txt" here: http://newsourcemedia.com/New Tutorials/cars.txt 5) Rename that file to "cars.php". Notice that the first line of code is there to imports your first file "lib.php". Why? Because for every php file that query's the database will need to make a database connection. So why not use one file to make that connection for all php files. 6) Uploads both the "lib.php" and the "cars.php" to your web server. Make sure both files are in side of the same directory.

Third PHP file for visitors without the edit or delete functions.

7) After adding content to your database, you may want to make a third file called "viewcars.php" for the users to view the database list of cars. Do this by duplicating the "cars.php" file. But be sure to delete all of the links labeled "delete", "edit" and "add" and remove all php blocks of code that start with "$query=INSERT INTO..., $query=UPDATE..., and $query=DELETE FROM..." to provent visitors from editing your database content.

PHP Order By Multiple Fields in MySQL

admin — Sat, 17 Jul 2004 00:22:11 +0000

Want to be able to order by two or more database fields / columns using the ASC and DESC order clause You can sort query results in ascending or descending order on one or more of the columns in the result set by using the ASC or DESC keywords with the ORDER BY clause. Ordering By Two Fields

SELECT * FROM table ORDER BY (field1 / field2) DESC

Ordering By Three Fields If both field1 and field2 match in more then one row, then use a third to order them by:

SELECT * FROM table ORDER BY (field1 / field2) DESC, field3 DESC

PHP Search using WHERE, AND, LIKE, OR Query Functions

admin — Sat, 17 Jul 2004 00:22:11 +0000

How to search multiple fields in a database Search using WHERE, AND, LIKE, OR Query Functions

Looking for an exact match in field1: SELECT * FROM table WHERE field1 = '$name'
Looking if the field1 contains the search word anywhere using LIKE and both '%%' SELECT * FROM table WHERE field1 LIKE '%$word%'
Looking if the field1 contains the value that begins with our word using LIKE and the last ' %' SELECT * FROM table WHERE field1 LIKE '$word%'
Looking if the field1 contains the value that ends with our word using LIKE and the first '% ' SELECT * FROM table WHERE field1 LIKE '%$word'
Looking if our search word appears in both fields using AND SELECT * FROM table WHERE field1 LIKE '%$word%' AND field2 LIKE '%$word%'
Looking if our search word appears in any of the two fields using OR SELECT * FROM table WHERE field1 LIKE '%$word%' OR field2 LIKE '%$word%'
Looking if our word is in field1 OR in field2 AND field3 using Parentheses SELECT * FROM table WHERE field1 LIKE '%$word%' OR (field2 LIKE '%$word%' AND field2 LIK

Polls and Comments with PHP and MySQL

admin — Sun, 11 Apr 2004 00:22:11 +0000

Create a poll voting and comments system with the help of PHP and MySQL. Explains in details the script and database design.

What do you need:

PHP - obviously you know this from the title Get it from PHP's website, available in source or binary for free.
MySQL - here we store the data. You should probably be able to use some other database also with a few modifications. Download from your nearest MySQL mirror. It is available through a GPL license in source or binary.
Apache or some other web server to test it all, and a hosting service for permanent storage. You can get Apache for free too. Source and binaries are available.

So, I don't think you have to spend any money to get these wonderful software packages, and you should be ready to go if you already have them.

What are you expected to already know:

XHTML/HTML of course, after all this is what PHP sends the browser.
CSS - basic knowledge, if you like to control the way things look.
JavaScript - for client-side validation, not needed if you want to only check on the server-side, which is a lot slower and higher network load.
PHP - this is not a PHP tutorial, just an example. At least basic knowledge is needed.
MySQL - you have to create the database and tables or let someone else do it for you.

A word about the configurations

I use a .htaccess file to setup PHP. If you have any trouble using the code try using these settings. If you get escaped quotes (like \' instead of ') you should use magic_quotes_gpc = off in php.ini or paste the following contents into a .htaccess file (or whatever it's called on your server). This should be in the directory where your code is, or in its parent directory.

php_value arg_separator.output "&"
php_value arg_separator.input "&"
php_flag register_globals off
php_flag short_open_tag off
php_flag magic_quotes_gpc off

Getting started

Globally included code

function connect_db() {
   global $link;

   $db_host = "localhost";
   $db_username = 'username';
   $db_pass = 'password';
   $db_name = 'database_name';

   $link = @mysql_connect($db_host, $db_username, $db_pass)
      or die ("Could not connect to database");
   @mysql_select_db ($db_name)
      or die ("Could not select database");
}

This is a function that connects to the database; I put this in a file that's included from every page at the site. If you think you don't understand anything you should check out the PHP manual. The @ in front of the functions is used to suppress the default error messages if you can't connect to the database.

 $result->count) ) {
      mt_srand ((double) microtime() * 1000000);
      $poll = mt_rand(1,$result->count);
   }
?>

Connect to the database if no connection is established yet, and get the total number of polls available. Check if a GET variable poll has been passed. If negative or greater than the number of polls, this is an illegal value so get a random one.


count;
   $date = $result->last;

   $res = @mysql_query("select text, vote from poll_data where id=$poll")
      or die("Query poll_data failed");
   while ($row = mysql_fetch_object ($res)) {
      $input ='';
      echo "";
   }
?>

   


   title?>
$input $row->text
Total votes: 
   Last vote: 

   
      Results

This one defines the form which is submitted to the polls handling page, in my case poll.php. Get the poll title, total vote count, and the last time someone voted. Then loop over each option and create a radio input for all of them. Finally display the total votes, last voted date, a submit input for voting and a link to the results (if somebody doesn't want to vote). We also pass the poll id to the poll handler. This can also be implemented with session variables but see first if PHP is compiled with --enable-trans-sid. If yes, then it is safe, otherwise your option is to pass the SID constant, but this is essentially the same. Now for the client-side validation function that is run onsubmit.

function validateVote(vote) {
   valid = false;

   // Opera 5.05 Linux does not support for/in on this object
   for ( var i = 0; i <  vote.length; i   ) {
      if ( vote[i].checked ) {
         valid = true;
         break;
      }
   }
   if ( ! valid ) {
      alert("You must choose one");
   }
   return valid;
}

Well, that's all for the include code (this is usually shown on every page). The only other thing you may consider is protecting the file that holds the db username and password, in case PHP isn't there to process the code with something like this in a .htaccess file:


    Order deny,allow
    Deny from all

Now to get our hands on the input handling code.

The Poll Handling Code

 $polls or $poll < 1 )
      $poll = 1;

Include a global_includes_file.php and check if a link to the database is established. Get the number of polls from the db and check if there is a GET passed variable poll. If not just display the first.

$poll_voted = (int) $HTTP_COOKIE_VARS['voted'];
$poll_bit = ( 1 << $poll );
if ( !($poll_voted & $poll_bit) ) {
	$poll_ok = true;
} else {
	$poll_ok = false;
}

$vote = (int) $HTTP_GET_VARS['vote'];
if ( $poll_ok and $vote > 0 and $vote < 6 ) { // count the vote
	$cookie_voted = $poll_voted | $poll_bit;
	setcookie('voted', $cookie_voted, time() 2592000); // one month time

	$sql = "update poll set count=count 1, last=now() where id=$poll";
	@mysql_query($sql) or die('Query p2 failed');

	$sql = "update poll_data set count=count 1 " .
		"where id=$poll and vote=$vote";
	@mysql_query($sql) or die('Query p3 failed');
}

Now we do not require visitors to register, just to vote but we neither allow them to vote again and again (except if they erase the cookies, but that's another story in which case you definitely need user registration (there are two articles on evolt: Creating a Login Script with PHP 4 and Creating a Login Script with PHP 4 - Part II on evolt). Make sure you read the articles, if this is what you need. To get by on cookies, get one called voted, if available, and check whether the user has already voted for this poll. Get the vote that is handled; here's an example of some hard-coded variables that you may wish to get rid of, if you think there may be a different number of answers to one question. Check whether he/she is allowed to vote and if the vote is ok, and set a cookie that will stay for one month to keep track that the user has voted (not that he/she cannot use another browser or just delete the cookie, but anyway). To finish the voting update the total number of votes and the current choice (increment by one). I'm not quite sure if MySQL applies locking and other stuff when you pass the queries this way, but this is definitely safer than extracting the value from the database and then explicitly setting it to a value that is incremented in PHP.

function my_esc($input) {
	return mysql_escape_string(htmlspecialchars($input) );
}

if ( $HTTP_SERVER_VARS['REQUEST_METHOD'] == 'POST' ) {
	$comment = my_esc($HTTP_POST_VARS['fComments']);
	$subject = my_esc($HTTP_POST_VARS['fSubject']);
	$name = my_esc($HTTP_POST_VARS['fName']);
	if ( $name == '' )
		$name = 'anonymous';
	$email = my_esc($HTTP_POST_VARS['fEmail']);
	$poll = (int) $HTTP_POST_VARS['poll'];

	if ( $comment != '' )
		$sql = "insert into comments " .
			"(name, subject, email, comment, date, poll)" .
			"values('$name', '$subject', '$email', " .
			"'$comment', now(), $poll)"

		@mysql_query($sql)
			or die('Query add comments failed');
}

Define a function that should escape the HTML and SQL if some smarty guy has decided to pass it to see what can happen. I'm not quite sure if this name is OK according to the PHP coding standards but anyway it's short and convenient, think up something else if you want. This is where you should change the code if you definitely want magic_quotes_gpc = on. Check if any POSTing has happened, if so escape all the variables passed, and instead of displaying nothing replace the name with "anonymous". If any comments have been POSTed we are ready to insert that in the database.

	begin_head();
?>

Think up one

That's supposed you have a function called< code>begin_head() that prints the document type declaration and stuff. Remember we used cookies, so nothing but headers should have been printed until now. The other function begins the body and prints some headers (like navbar or logo, etc.).

Poll results and comments
You are not allowed to vote again";

   $sql = "select title, count, last from poll where id=$poll";
   $res = @mysql_query($sql)
      or die("Query c2 failed");
   $result = mysql_fetch_object($res);
   echo "$result->title";
   $total = $result->count;
   $date = $result->last;

?>

Print the first level header of the page and a message that the user is not allowed to vote again, if they've tried. Query the database to get the title, total count and last vote date for the current poll. I know the query failed messages are not user friendly, unfortunately I found that out long after I started using this code.

<
;/tr>";
   } else {
      while ($row = mysql_fetch_object ($res)) {
         $share = round(100 * $row->count / $total, 2);
            echo "";
      }
   }
?>

Sorry still nothing in here
$row->text

            $share% ($row->count)

Total votes: 


Last vote:

Print a table with the poll results, if any. Otherwise a message will be shown, which is needed. Without it you will get a division by zero error when calculating the percentage share of each choice.

Other polls



Poll
     Votes
     Comments



      id" .'">' .
$row->title?>
      count?>

      comments?>

Poll	Votes	Comments
id" .'">' . $row->title?>	count?>	comments?>

Print a table with links to other polls to be viewed/voted for. Note the query where .. and id!=0. That's because I use id=0 to store the total number of polls.

Comments

Sorry still nothing in here";
   } else {
      while ($row = mysql_fetch_object ($res)) {
?>
         

            subject ?>
            by 
               name ?> on
               date)) ?> GMT
            

         

         
         comment ?>

Now for the comments: get all for the current poll from the database (or if nothing is available say so). Iterate over each comment and print its subject. On the next line print the name provided (you may consider not creating it as a mailto: link because e-mail is optional) and the date and time. I know many people don't like UTC (that's Universal Coordinated Time, also informally known as GMT), but I think this is what should be used all over the Internet. Or print the GMT offset (though this is rarely seen). Many sites would rather print their local time, but this doesn't help people in different time zones.

Say your mind

Note: All fields except the comments are optional.

This is pretty straight forward XHTML so I don't think anyone should need an explanation. The function that handles onsubmit follows.

function validateString(str) {
   if ( str.value && str.value.length > 0 ) return true
   else {
      alert("You don't think I can read your mind do you?");
      str.focus();
      return false;
   }
}

Database stuff

I apologize for the mixed case database queries; MySQL doesn't care about it so I don't feel I need to type all keywords in uppercase. You first have to create the database and then use mysql -p your_database_name < this_code.sql where this_code.sql is the filename you used to save the following SQL code.

CREATE TABLE poll (
   id int NOT NULL auto_increment,
   title varchar(100) NOT NULL default '',
   count int NOT NULL default '1',
   last date,
   PRIMARY KEY  (id)
);

CREATE TABLE poll_data (
   id int NOT NULL default '0',
   text char(50) NOT NULL default '',
   count int NOT NULL default '1',
   vote tinyint NOT NULL default '0'
);

create table comments(
   name varchar(30) not null default '',
   subject varchar(50) not null default '',
   email varchar(30) not null default '',
   comment text not null default '',
   date datetime not null default '',
   poll int not null default '0',
);

Stylesheet

You can use the following selectors in a stylesheet linked from the poll.php:

div.formwrapper
div.row
div.row label
div.row span, you can make it div.row input if you clear up the code
div.commenthead
div.subject
div .comment

To finish up

The code and a more advanced version of it is available for download.

Installing PHP MySQL Apache on windows 98 in 5 min

admin — Sat, 20 Mar 2004 00:22:11 +0000

This article on "Installing Apache-MySQL-PHP on Windows 98" in just five min is a complete step by step tutorial to install this trio package. The article contains full graphics snapshots to help the new developers to install the trio package without any This article on "Installing Apache-MySQL-PHP on Windows 98" in just five min is a complete step by step tutorial to install this trio package. The article contains full graphics snapshots to help the new developers to install the trio package without any glitch or much effort. Happy developing! http://newsourcemedia.com/blog/wp-content/uploads/2004/03/settingupphp.pdf