mysql_ping
Similar to the queryf() posted by sk89q, I've found this small function quite handy.
Just please, please, PLEASE remember to escape your strings!
<?php
function mysql_queryf($query) {
if (func_num_args()>1) {
$args=func_get_args();
$query=call_user_func_array("sprintf",$args);
}
return mysql_query($query);
}
// Allows for things like
$resultset=mysql_queryf("SELECT * FROM `table` WHERE `id`=%u LIMIT 1", $_GET["id"]);
// $_GET["id"] will be converted to an integer: 0 if it's invalid
?>
With a little modification it can handle a $connection resource too.
mysql_query
(PHP 4, PHP 5, PECL mysql:1.0)
mysql_query — Envoie une requête à un serveur MySQL
Description
resource mysql_query
( string $query
[, resource $link_identifier
] )
mysql_query() envoie une seule requête (les requêtes multiples ne sont pas supportées) à la base de données courante sur le serveur associé avec le link_identifier spécifié.
Liste de paramètres
- query
-
Une requête SQL
La chaîne de requête ne doit pas se terminer par un point-virgule.
- link_identifier
-
La connexion MySQL. S'il n'est pas spécifié, la dernière connexion ouverte avec la fonction mysql_connect() sera utilisée. Si une telle connexion n'est pas trouvée, la fonction tentera d'ouvrir une connexion, comme si la fonction mysql_connect() avait été appelée sans argument. Si aucune connexion n'est trouvée ou établie, une alerte E_WARNING est générée.
Valeurs de retour
Pour les requêtes du type SELECT, SHOW, DESCRIBE, EXPLAIN et les autres requêtes retournant un jeu de résultats, mysql_query() retournera une ressource en cas de succès, ou FALSE en cas d'erreur.
Pour les autres types de requêtes, UPDATE, DELETE, DROP, etc., mysql_query() retourne TRUE en cas de succès ou FALSE en cas d'erreur.
La ressource de résultat retournée doit être passée à la fonction mysql_fetch_array(), et les autres fonctions permettant d'explorer le résultat des tables, pour accéder aux données retournées.
Utilisez mysql_num_rows() pour trouver le nombre de lignes retournées pour une requête du type SELECT ou mysql_affected_rows() pour trouver le nombre de lignes affectées par les requêtes du type DELETE, INSERT, REPLACE, ou UPDATE.
mysql_query() échouera et retournera FALSE si l'utilisateur n'a pas les autorisations nécessaire pour accéder à la (aux) table(s) référencée(s) par la requête.
Exemples
Exemple #1 Requête invalide
La requête suivante est syntaxiquement invalide, donc mysql_query() va échouer et retourner FALSE.
<?php
$result = mysql_query('SELECT * WHERE 1=1');
if (!$result) {
die('Requête invalide : ' . mysql_error());
}
?>
Exemple #2 Requête valide
La requête suivante est valide, donc mysql_query() va retourner une ressource.
<?php
// Ceci peut être demandé par un utilisateur, par exemple :
$firstname = 'fred';
$lastname = 'fox';
// Formulation de la requête
// C'est la meilleur façon d'exécuter une requête SQL
// Pour plus d'exemples, voir mysql_real_escape_string()
$query = sprintf("SELECT firstname, lastname, address, age FROM friends WHERE firstname='%s' AND lastname='%s'",
mysql_real_escape_string($firstname),
mysql_real_escape_string($lastname));
// Exécution de la requête
$result = mysql_query($query);
// Vérification du résultat
// Ceci montre la requête envoyée à MySQL ainsi que l'erreur. Utile pour déboguer.
if (!$result) {
$message = 'Requête invalide : ' . mysql_error() . "\n";
$message .= 'Requête complète : ' . $query;
die($message);
}
// Utilisation du résultat
// Tenter d'affichager $result ne vous donnera pas d'informations contenues dans la ressource
// Une des fonctions MySQL de résultat doit être utilisée
// Voir aussi mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
while ($row = mysql_fetch_assoc($result)) {
echo $row['firstname'];
echo $row['lastname'];
echo $row['address'];
echo $row['age'];
}
// Libération des ressources associées au jeu de résultats
// Ceci est effectué automatiquement à la fin du script
mysql_free_result($result);
?>
add a note
User Contributed Notesmysql_query
uramihsayibok, gmail, com
13-Apr-2008 10:46
13-Apr-2008 10:46
rogier
10-Apr-2008 03:55
10-Apr-2008 03:55
For all you programmers out there getting the 'Command out of synch' errors when executing a stored procedure call:
There are known bugs related to this issue, and the best workaround for avoiding this error seems to be switching to mysqli.
Still, I needed mysql to also handle these calls correctly.
The error is normally related to wrong function call sequences, though the bug report at http://bugs.php.net/bug.php?id=39727 shows otherwise.
For me, after commenting out hundreds of lines and several introspection calls to parse the procedure information (using information_schema and 'SHOW' extensions), I still got the same error.
The first result is returned, because I initiated my connection using the MYSQL_MULTI_RESULTS value of 131072 (forget this and you will never get any output, but an error message stating mysql cannot return results in this context)
After testing with this code (sproc2 simply calls 'SELECT * FROM sometable'), I found the error must be in the mysql library/extension. Somehow, mysql does not handle multiple resultsets correctly, or is at least missing some functionality related to handling multiple results.
<?php
//...
$rs = mysql_query('CALL sproc2(500)');
while (($row=mysql_fetch_assoc($rs))!==false) {
print_r($row);
}
mysql_free_result($rs);
$rs = mysql_query('CALL sproc2(500)');
print mysql_error(); //the notorious 'command out of synch' message :(
while (($row=mysql_fetch_assoc($rs))!==false) {
print_r($row);
}
mysql_free_result($rs);
?>
After spending hours debugging my code (the full library is already over the MB), the only solution seemed to be to CLOSE the connection after the first call, and reopening it before the second.
So if you ever make a uniform database accessing interface and implement stored procedures/prepared statements (or classes for it), this could be a solution if you really wish to enable stored procedures.
Still, be aware that this is really a serious flaw in your design (and IMHO, the mysql extension)
Also see the documentation for mysqli on mysqli_query, which seems to be working fine.
kriskra at gmail dot com
23-Feb-2008 08:06
23-Feb-2008 08:06
Here is a small neat function to print out the mysql result as a html table:
<?php
function echo_result($result) {
?><table><tr><?
if(! $result) { ?><th>result not valid</th><? }
else {
$i = 0;
while ($i < mysql_num_fields($result)) {
$meta = mysql_fetch_field($result, $i);
?><th style="white-space:nowrap"><?=$meta->name?></th><?
$i++;
}
?></tr><?
if(mysql_num_rows($result) == 0) {
?><tr><td colspan="<?=mysql_num_fields($result)?>">
<strong><center>no result</center></strong>
</td></tr><?
} else
while($row=mysql_fetch_assoc($result)) {
?><tr style="white-space:nowrap"><?
foreach($row as $key=>$value) { ?><td><?=$value?></td><? }
?></tr><?
}
}
?></table><?
}
?>
sk89q
17-Feb-2008 10:56
17-Feb-2008 10:56
sprintf+mysql_query which auto-escapes.
Usage:
<?php
$db->queryf("SELECT `m`.`name` FROM `test`.`members` WHERE `name`=%s OR `id`=%d OR `sex` IN (%a)", "Evil 'injection'", 'NaN', array('male', 'female', 'both', 'other', "Alien quote'man"));
?>
To be put into a class, and don't forget to change the $this->query() and $this->escape() functions accordingly.
<?php
function queryf($sql)
{
$args = func_get_args();
@array_shift($args);
$this->queryf_args = $args;
$this->queryf_i = 0;
$query = preg_replace_callback("#%(.)#", array($this, 'queryf_format'), $sql);
return $this->query($query);
}
function queryf_format($m)
{
$args = $this->queryf_args;
$i = &$this->queryf_i;
switch($m[1])
{
case '%':
return "%";
case 'a':
$s = array();
$arr = $args[$i++];
foreach($arr as $x)
{
$s[] = "'".$this->escape($x)."'";
}
return implode(",", $s);;=
case 's':
return "'".$this->escape($args[$i++])."'";
case 'd':
return "".intval($args[$i++])."";
default:
trigger_error("Bad type specifier: {$m[1]}", E_USER_ERROR);
}
}
?>
dotpointer
14-Jan-2008 02:00
14-Jan-2008 02:00
I got a strange fault when dealing with multiple connections and doing a SELECT against a database that didn't have the requested tables.
- mysql_query() returned FALSE.
- mysql_error() was empty.
So, if you get this combination, check if you're talking to the right database.
gemegemes at NOSPAM dot gmail dot com
29-Nov-2007 09:15
29-Nov-2007 09:15
Hi Im L, In a big application, you can't avoid multiple mysql queries and the possible problem of this it can lead your application to misfunction. Here's a reusable code and the minimal answer to the problem.
<?php
class Select
{
// subclass query mysql using
// select
function exe($sql)
{
$exe = mysql_query($sql);
return $exe;
}
}
class Insert
{
// subclass query mysql using
// insert
function exe($sql)
{
$exe = mysql_query($sql);
return $exe;
}
}
class Update
{
// subclass query mysql using
// update
function exe($sql)
{
$exe = mysql_query($sql);
return $exe;
}
}
// You can define more subclasses here for fetch array,
// delete, Join etc..
class Controller
{
// main class which load
// the subclasses
var $control;
// load the subclass
function Controller($control)
{
eval("\$this->control = new $control;");
}
function exe($sql)
{
$this->control->exe($sql);
}
}
?>
Usage Example:
<?php
$Select=new Controller('Select');
$Select->exe(SELECT * FROM table .....);
$Insert=new Controller('Insert');
$Insert->exe(INSERT INTO table ......);
$Update=new Controller('Update');
$Update->exe(UPDATE table SET .....);
?>
masteracc0 at aol dot com
17-Nov-2007 07:00
17-Nov-2007 07:00
Keep in mind when dealing with PHP & MySQL that sending a null-terminated string to a MySQL query can be misleading if you use echo($sql) in PHP because the null terminator may not be visible.
For example (this assumes connection is already made),
$string1 = "mystring\0";
$string2 = "mystring";
$query1 = "SELECT * FROM table WHERE mystring='".$string1."'"
$query2 = "SELECT * FROM table WHERE mystring='".$string2."'"
$result1 = mysql_query($query1);
$result2 = mysql_query($query2);
//$result1 IS NOT EQUAL TO $result2 but will not provide an error
//but printing these queries to the screen will provide the same result
echo($result1);
echo($result2);
Not knowing this could lead to some mind-numbing troubleshooting when dealing with any strings with a null terminator. So now you know! :)
Geert
08-Nov-2007 04:04
08-Nov-2007 04:04
@ x_terminat_or_3 at yahoo dot fr
10-Mar-2007 12:27
"However, I read somewhere that it is good practice to add a semicolon at the end of your query, and that it increases security against SQL-injection attacks. Therefore I have issued a requirement that all my developers end queries with semicolons."
Erm... I don't believe you've understood the principle of executing one query at the same time, as the manual explains. Suffixing your query with a semicolon does not influence vulnerability to SQL-injection; as PHP would otherwise add the semicolon by itself at the end of your query.
Better instruct your developers that they use mysql_real_escape_string and surround user input in queries with single quotes (').
Duane
04-Nov-2007 01:51
04-Nov-2007 01:51
Max: since you are using MySQL 5, what about creating some views to get round your problem?
patrick at ciphertek dot com
21-Sep-2007 07:28
21-Sep-2007 07:28
If you spend a lot of time writing pages that take input from a form and insert it into a database, this function will save you time!
Please Note: You have to name your form fields the same as their corresponding table column is named in mysql for this to work.
<?php
// $table - name of the mysql table you are querying
// $exceptions - fields that will not be inserted into table
// i.e. 'submit, action, '; (note trailing comma and space!)
// $sql_type - has to be 'insert' or 'update'
// $sql_condition - have to define this if $sql_type = 'update'
// i.e. "userID = '".$_POST['userID']."'"
function formToDB($table, $exceptions = '', $sql_type = 'insert', $sql_condition = NULL) {
// define some vars
$fields = '';
$values = '';
// format input fields into sql
foreach ($_POST as $field => $value) {
if (!preg_match("/$field, /", $exceptions)) {
$value = mysql_real_escape_string($value);
if ($sql_type == 'insert') {
$fields .= "$field, ";
$values .= "'$value', ";
}
else {
$fields .= "$field = '$value', ";
}
}
}
// remove trailing ", " from $fields and $values
$fields = preg_replace('/, $/', '', $fields);
$values = preg_replace('/, $/', '', $values);
// create sql statement
if ($sql_type == 'insert') {
$sql = "INSERT INTO $table ($fields) VALUES ($values)";
}
elseif ($sql_type == 'update') {
if (!isset($sql_condition)) {
echo 'ERROR: You must enter a sql condition!';
exit;
}
$sql = "UPDATE $table SET $fields WHERE $sql_condition";
}
else {
echo 'ERROR: Invalid input for argument $sql_type: must be "insert" or "update"';
exit;
}
// execute sql
if (mysql_query($sql)) {
return true;
}
else {
//echo mysql_error();
return false;
}
} // end of function formToDB()
// Example for inserting new row
formToDB('users', 'submit, ');
// Example for updating existing row
formToDB('users', 'submit, userID, ', 'update', "userID = '".$_POST['userID']."'");
?>
Jacky
17-Sep-2007 03:18
17-Sep-2007 03:18
This is a replay to: a at a dot com 20-Jun-2007 04:59
I call it a bug that PHP can not execute multiple queries, if your code is vulnerable to your example, then your code is broken. The language has no business hiding your bad code! That would be like blaming items when something bad happens ..... never mind, this is common practice now a days....
Not supporting multiple queries in one execution is a problem when you want to run thousands/millions of queries over a slower network connection. I'm here because I need to execute ~ 6000000 MySQL queries to populate a random customer database. Running saved queries every few thousand statements would save a lot of time....
Not supporting this is like that magic_quotes problem which causes more problems then it solves, at least magic_quotes will finally be removed from PHP6.
[quote=a at a dot com]
###The reason that multiple queries are not supported is to help prevent exploits.###
For example, the user could enter something like:
"; DELETE * FROM users;
in the name field of a form, which would erase everything in the table when the query is executed.
By allowing mysql_query to support only single commands, this hole is closed.[/quote]
ollitech at gmail dot com
25-Aug-2007 07:53
25-Aug-2007 07:53
Running an invalid delete query may not return false.
Invalid because no such record exists.
Code;
[php]
// execute it
$result=mysql_query($sql_delete_byindex);
if(!$result||$result==FALSE){
echo("<h1>Error occured while removing listing #: <i>".$rec_index."</i> </H1>");
}else if($result==TRUE){
echo("<h1>Listing #: <i>".$rec_index."</i> Deleted!</H1>");
echo "<a href=\"index.php\">Go to Start Page</a>";
}
[/php]
Query;
[code]
$sql_delete_byindex = "DELETE FROM `$mysql_table` WHERE `index` = '".$rec_index."' AND `key` = '".$key."'";
[/code]
result will be TRUE
halion at gmail dot com
09-Aug-2007 11:53
09-Aug-2007 11:53
mysql_query doesnt support multiple queries, a way round this is to use innodb and transactions
this db class/function will accept an array of arrays of querys, it will auto check every line for affected rows in db, if one is 0 it will rollback and return false, else it will commit and return true, the call to the function is simple and is easy to read etc
----------
class MySQLDB
{
private $connection; // The MySQL database connection
/* Class constructor */
function MySQLDB(){
/* Make connection to database */
$this->connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME, $this->connection) or die(mysql_error());
}
/* Transactions functions */
function begin(){
$null = mysql_query("START TRANSACTION", $this->connection);
return mysql_query("BEGIN", $this->connection);
}
function commit(){
return mysql_query("COMMIT", $this->connection);
}
function rollback(){
return mysql_query("ROLLBACK", $this->connection);
}
function transaction($q_array){
$retval = 1;
$this->begin();
foreach($q_array as $qa){
$result = mysql_query($qa['query'], $this->connection);
if(mysql_affected_rows() == 0){ $retval = 0; }
}
if($retval == 0){
$this->rollback();
return false;
}else{
$this->commit();
return true;
}
}
};
/* Create database connection object */
$database = new MySQLDB;
// then from anywhere else simply put the transaction queries in an array or arrays like this:
function function(){
global $database;
$q = array (
array("query" => "UPDATE table WHERE something = 'something'"),
array("query" => "UPDATE table WHERE something_else = 'something_else'"),
array("query" => "DELETE FROM table WHERE something_else2 = 'something_else2'"),
);
$database->transaction($q);
}
jack dot whoami at gmail dot com
02-Aug-2007 03:13
02-Aug-2007 03:13
Simulating an atomic operation for application locks using mysql.
$link = mysql_connect('localhost', 'user', 'pass');
if (!$link) {
die('Not connected : ' . mysql_error());
}
// make foo the current db
$db_selected = mysql_select_db('foo', $link);
if (!$db_selected) {
die ('Can\'t use foo : ' . mysql_error());
}
$q = "update `table` set `LOCK`='F' where `ID`='1'";
$lock = mysql_affected_rows();
If we assume
NOT LOCKED = "" (empty string)
LOCKED = 'F'
then if the column LOCK had a value other than F (normally should be an empty string) the update statement sets it to F and set the affected rows to 1. Which mean than we got the lock.
If affected rows return 0 then the value of that column was already F and somebody else has the lock.
The secret lies in the following statement taken from the mysql manual:
"If you set a column to the value it currently has, MySQL notices this and does not update it."
Of course all this is possible if the all application processes agree on the locking algorithm.
a at a dot com
21-Jun-2007 01:59
21-Jun-2007 01:59
###The reason that multiple queries are not supported is to help prevent exploits.###
For example, the user could enter something like:
"; DELETE * FROM users;
in the name field of a form, which would erase everything in the table when the query is executed.
By allowing mysql_query to support only single commands, this hole is closed.
earlsinclair2001 at yahoo dot com
30-Apr-2007 10:14
30-Apr-2007 10:14
On my latest project, very often, I needed to select a unique row from the database. For example: a certain user with certain username, or a row where the ID (primary key) is X. I got tired of typing these queries over and over so I created a simple function that will do just that: select one row from the database where certain field is unique. I hope this can be helpful to somebody:
<?php
function selectonerow($fieldsarray, $table, $uniquefield, $uniquevalue)
{
//The required fields can be passed as an array with the field names or as a comma separated value string
if(is_array($fieldsarray))
{
$fields = implode(", ", $fieldsarray);
}
else
{
$fields = $fieldsarray;
}
//performs the query
$result = mysql_query("SELECT $fields FROM $table WHERE $uniquefield = '$uniquevalue'") or die("Could not perform select query - " . mysql_error());
$num_rows = mysql_num_rows($result);
//if query result is empty, returns NULL, otherwise, returns an array containing the selected fields and their values
if($num_rows == NULL)
{
return NULL;
}
else
{
$queryresult = array();
$num_fields = mysql_num_fields($result);
$i = 0;
while ($i < $num_fields)
{
$currfield = mysql_fetch_field($result, $i);
$queryresult[$currfield->name] = mysql_result($result, 0, $currfield->name);
$i++;
}
return $queryresult;
}
}
?>
This function assumes there is a MySQL connection already established and the database to be used already selected.
Here is an example of usage:
selectonerow(fields, table name, unique field name, unique field value)
Let's say I have a users table with the fields userid, username, firstname, lastname and email. userid is the primary key and username is a unique field. If you want to select the firstname, lastname and email from the table where the userid is 4:
<?php
$fields = array("firstname", "lastname", "email");
$userdata = selectonerow($fields, "users", "userid", 4);
?>
or
<?php
$userdata = selectonerow("firstname, lastname, email", "users", "userid", 4);
?>
This will return an array to $userdata with the keys being the field name and their respective value. This is how you would print out their first name, last name and email, for example:
<?php
echo $userdata['firstname'] $userdata['lastname'] $userdata['email'];
?>
x_terminat_or_3 at yahoo dot fr
10-Mar-2007 12:27
10-Mar-2007 12:27
It says in the manual:
The query string should not end with a semicolon.
However, I read somewhere that it is good practice to add a semicolon at the end of your query, and that it increases security against SQL-injection attacks. Therefore I have issued a requirement that all my developers end queries with semicolons.
So far, PHP & MySQL have happily accepted those queries, with only one exception:
If you use more then one query in the same call to mysql_query, MySQL sometimes only executes the first query and fails on the others.
JustinB at harvest dot org
09-Mar-2007 01:01
09-Mar-2007 01:01
If you're looking to create a dynamic dropdown list or pull the possible values of an ENUM field for other reasons, here's a handy function:
<?php
// Function to Return All Possible ENUM Values for a Field
function getEnumValues($table, $field) {
$enum_array = array();
$query = 'SHOW COLUMNS FROM `' . $table . '` LIKE "' . $field . '"';
$result = mysql_query($query);
$row = mysql_fetch_row($result);
preg_match_all('/\'(.*?)\'/', $row[1], $enum_array);
if(!empty($enum_array[1])) {
// Shift array keys to match original enumerated index in MySQL (allows for use of index values instead of strings)
foreach($enum_array[1] as $mkey => $mval) $enum_fields[$mkey+1] = $mval;
return $enum_fields;
}
else return array(); // Return an empty array to avoid possible errors/warnings if array is passed to foreach() without first being checked with !empty().
}
?>
This function asumes an existing MySQL connection and that desired DB is already selected.
Since this function returns an array with the original enumerated index numbers, you can use these in any later UPDATEs or INSERTS in your script instead of having to deal with the string values. Also, since these are integers, you can typecast them as such using (int) when building your queries--which is much easer for SQL injection filtering than a string value.
massiv at nerdshack dot com
19-Feb-2007 03:29
19-Feb-2007 03:29
Small change in mysql_dump function, to remove the ";" char at the end of the query.
<?
function parse_mysql_dump($url, $ignoreerrors = false) {
$file_content = file($url);
//print_r($file_content);
$query = "";
foreach($file_content as $sql_line) {
$tsl = trim($sql_line);
if (($sql_line != "") && (substr($tsl, 0, 2) != "--") && (substr($tsl, 0, 1) != "#")) {
$query .= $sql_line;
if(preg_match("/;\s*$/", $sql_line)) {
$query = str_replace(";", "", "$query");
$result = mysql_query($query);
if (!$result && !$ignoreerrors) die(mysql_error());
$query = "";
}
}
}
}
?>
... Massimo
noah at missionecommerce dot com
16-Dec-2006 03:26
16-Dec-2006 03:26
I got so tired of having to type out all the 11 letters in "mysql_query()" and even more tired of having to iterate through the result set....
So I created the perfect little all purpose wrapper function, called "q()";
<?
function q($query,$assoc=1) {
$r = @mysql_query($query);
if( mysql_errno() ) {
$error = 'MYSQL ERROR #'.mysql_errno().' : <small>' . mysql_error(). '</small><br><VAR>$query</VAR>';
echo($error); return FALSE;
}
if( strtolower(substr($query,0,6)) != 'select' ) return array(mysql_affected_rows(),mysql_insert_id());
$count = @mysql_num_rows($r);
if( !$count ) return 0;
if( $count == 1 ) {
if( $assoc ) $f = mysql_fetch_assoc($r);
else $f = mysql_fetch_row($r);
mysql_free_result($r);
if( count($f) == 1 ) {
list($key) = array_keys($f);
return $f[$key];
} else {
$all = array();
$all[] = $f;
return $all;
}
} else {
$all = array();
for( $i = 0; $i < $count; $i++ ) {
if( $assoc ) $f = mysql_fetch_assoc($r);
else $f = mysql_fetch_row($r);
$all[] = $f;
}
mysql_free_result($r);
return $all;
}
}
?>
Example:
<?
$r = q('Select id,foo FROM blah');
echo $r[0]['id']; // first row, field 'id'
// for single field single row selects
// only the value is returned
$count = q('SELECT count(*) from blah');
// $count is the number
?>
Returns affected_rows and/or insert_id for anything other than select's. If you dont want field name keys then pass 0 for second parameter.
babba at nurfuerspam dot de
26-Nov-2006 12:42
26-Nov-2006 12:42
Following function creates a minimal update query by comparing two arrays with old and new values (phpmyadmin-like). An easy way to use it in your forms is to print out the old values in hidden fields with name old[$key] and name the visible form fields new[$key]. Feel free to send comments via mail.
<?php
function getUpdateString($tablename, $whereclause, $old, $new) {
$changedvalues = "";
foreach($old as $key => $oldvalue) {
$newvalue = $new[$key];
if($oldvalue != $newvalue) {
if($changedvalues != "")
$changedvalues .= ", ";
$changedvalues .= "`".$key."`=";
if(!is_numeric($newvalue))
$changedvalues .= "'".$newvalue."'";
else
$changedvalues .= $newvalue;
}
}
if($changedvalues == "")
return "";
return "UPDATE ".$tablename. " SET ".$changedvalues." WHERE ".$whereclause;
}
?>
axiak at mit dot edu
24-Oct-2006 02:13
24-Oct-2006 02:13
Gconner at sgi...
your function breaks when you give it a question mark!
Here's a function which correctly implements what I think you want. I'm using it in a pet project of mine.
The code:
<?php
function mysql_prepare ($query, $phs = array()) {
$phs = array_map(create_function('$ph',
'return "\'".mysql_real_escape_string($ph)."\'";'), $phs);
$curpos = 0;
$curph = count($phs)-1;
for ($i=strlen($query)-1; $i>0; $i--) {
if ($query[$i] !== '?') continue;
if ($curph < 0 || !isset($phs[$curph]))
$query = substr_replace($query, 'NULL', $i, 1);
else
$query = substr_replace($query, $phs[$curph], $i, 1);
$curph--;
}
unset($curpos, $curph, $phs);
return $query;
}
?>
veyita_angi at hotmail dot com
04-Oct-2006 06:35
04-Oct-2006 06:35
this could be a nice way to print values from 2 tables with a foreign key. i have not yet tested correctly but it should work fine.
$buscar = mysql_query("SELECT k.*, e.Clasificacion FROM cat_plan_k k, cat_equipo e WHERE Tipo='$tipo' AND k.ID_Eq=a.ID_Eq");
while ($row=mysql_fetch_array($buscar))
{
$nombre = "e.Clasificacion";
$row[$nombre] = $Clasific; echo $row[$nombre].'convertido en '.$Clasific;
}
mysql_free_result($buscar);
cc+php at c2se dot com
02-Sep-2006 02:39
02-Sep-2006 02:39
Here's a parameterised query function for MySQL similar to pg_query_params, I've been using something similar for a while now and while there is a slight drop in speed, it's far better than making a mistake escaping the parameters of your query and allowing an SQL injection attack on your server.
<?php # Parameterised query implementation for MySQL (similar PostgreSQL's PHP function pg_query_params)
# Example: mysql_query_params( "SELECT * FROM my_table WHERE col1=$1 AND col2=$2", array( 42, "It's ok" ) );
if( !function_exists( 'mysql_query_params' ) ) {
function mysql_query_params__callback( $at ) {
global $mysql_query_params__parameters;
return $mysql_query_params__parameters[ $at[1]-1 ];
}
function mysql_query_params( $query, $parameters=array(), $database=false ) {
// Escape parameters as required & build parameters for callback function
global $mysql_query_params__parameters;
foreach( $parameters as $k=>$v )
$parameters[$k] = ( is_int( $v ) ? $v : ( NULL===$v ? 'NULL' : "'".mysql_real_escape_string( $v )."'" ) );
$mysql_query_params__parameters = $parameters;
// Call using mysql_query
if( false===$database )
return mysql_query( preg_replace_callback( '/\$([0-9]+)/', 'mysql_query_params__callback', $query ) );
else return mysql_query( preg_replace_callback( '/\$([0-9]+)/', 'mysql_query_params__callback', $query ), $database );
}
}
?>
joe
29-Aug-2006 09:45
29-Aug-2006 09:45
alteration to the script reposted by
webmaster at vs2055067 dot vserver dot de
$fields = implode(array_keys($toAdd), ',');
$values = "'".implode(array_values($toAdd), "','")."'";
should really be
$fields = "`".implode(array_keys($toAdd), '`,`')."`";
$values = "'".implode(array_values($toAdd), "','")."'";
as keys like `desc` (short for description) cause errors
spencer at barekoncept dot com
24-Aug-2006 06:15
24-Aug-2006 06:15
Here's an easy way to store the column names from a specified table in the array "cnames".
$result = mysql_query("SHOW COLUMNS FROM tablename");
$count = 0;
while ($row=mysql_fetch_row($result)){
$cnt = 0;
foreach ($row as $item){
if ($cnt == 0){
$cnames[$count] = $item;
$cnt++;
$count++;
}
}
}
Then, to display the results comma delimited:
foreach($cnames as $c){
echo $c.",";
}
I hope this helps some people as it took me a while to figure it out.
webmaster at vs2055067 dot vserver dot de
27-Jul-2006 05:03
27-Jul-2006 05:03
in the first note the function doesn't work and the other function is pretty complicated. Here is the corrected version of the first one and a function for update.
<?php
function mysql_insert($table, $toAdd){
$fields = implode(array_keys($toAdd), ',');
$values = "'".implode(array_values($toAdd), "','")."'"; # better
$q = 'INSERT INTO `'.$table.'` ('.$fields.') VALUES ('.$values.')';
$res = mysql_query($q)OR die(mysql_error());
return true;
//-- Example of usage
//$tToAdd = array('id'=>3, 'name'=>'Yo', 'salary' => 5000);
//insertIntoDB('myTable', $tToAdd)
}
function mysql_update($table, $update, $where){
$fields = array_keys($update);
$values = array_values($update);
$i=0;
$query="UPDATE ".$table." SET ";
while($fields[$i]){
if($i<0){$query.=", ";}
$query.=$fields[$i]." = '".$values[$i]."'";
$i++;
}
$query.=" WHERE ".$where." LIMIT 1;";
mysql_query($query) or die(mysql_error());
return true;
//Example
// mysql_update('myTable', $anarray, "type = 'main'")
}
?>
rob desbois
07-Jul-2006 11:38
07-Jul-2006 11:38
Note that the 'source' command used in the mysql client program is *not* a feature of the server but of the client.
This means that you cannot do
mysql_query('source myfile.sql');
You will get a syntax error. Use LOAD DATA INFILE as an alternative.
cedric ___at___ sadai ___dot___ net
05-Jun-2006 05:26
05-Jun-2006 05:26
This is a quick way for adding data to a table. It is the same way than PEAR::DB, so if you are working on a server without PEAR, it enables you to keep up with your habits.
<?php
function insertIntoDB($table, $toAdd)
{
$fields = implode(array_keys($toAdd), ',');
$values = implode(array_values($toAdd), ',');
$q = 'INSERT INTO `'.$table.'` ('.$fields.') VALUES ('.$values.')';
$res = mysql_query($q)OR die(mysql_error());
return true;
}
//-- Example of usage
$tToAdd = array('id'=>3, 'name'=>'Yo', 'salary' => 5000);
insertIntoDB('myTable', $tToAdd)
?>
matt
21-Mar-2006 12:45
21-Mar-2006 12:45
Just realised I posted the wrong functions. Oops!
Here you go....
<?php
function compile_insert_string($data)
{
$field_names = "";
$field_values = "";
foreach ($data as $k => $v)
{
$v = preg_replace( "/'/", "\\'", $v );
//$v = preg_replace( "/#/", "\\#", $v );
$field_names .= "$k,";
$field_values .= "'$v',";
}
$field_names = preg_replace( "/,$/" , "" , $field_names );
$field_values = preg_replace( "/,$/" , "" , $field_values );
return array('FIELD_NAMES' => $field_names,
'FIELD_VALUES' => $field_values,
);
}
//------------------------------------------
// insert_query
//
// Wrapper for an insert query
//------------------------------------------
function insert_query($data, $table)
{
if (!is_array($data) or count($data) < 1)
{
$this->fatal_error("Insert data missing");
}
$insert = $this->compile_insert_string($data);
$query = "INSERT INTO {$table} (".$insert['FIELD_NAMES'].") VALUES (".$insert['FIELD_VALUES'].")";
return $this->query($query);
}
?>
yankee at gmeil dot com
10-Mar-2006 11:07
10-Mar-2006 11:07
Another shorter possibility to print options of an ENUM as <select>-tag:
<?php
$result=mysql_query('SHOW COLUMNS FROM <your table> WHERE field=\'<you column>\'');
while ($row=mysql_fetch_row($result))
{
foreach(explode("','",substr($row[1],6,-2)) as $v)
{
print("<option>$v</option>");
}
}
?>
gconnor at sgi dot com
02-Mar-2006 02:19
02-Mar-2006 02:19
I happily grabbed and used the "mysql_prepare()" function given in the first note above. All is well.
I made a slight tweak so that I could feed in NULL values without getting an empty string (or 0) instead.
// mysql_query() wrapper. takes two arguments. first
// is the query with '?' placeholders in it. second argument
// is an array containing the values to substitute in place
// of the placeholders (in order, of course).
// Pass NULL constant in array to get unquoted word NULL
function mysql_prepare ($query, $phs = array()) {
foreach ($phs as $ph) {
if ( isset($ph) ) {
$ph = "'" . mysql_real_escape_string($ph) . "'";
} else {
$ph = "NULL" ;
}
$query = substr_replace(
$query, $ph, strpos($query, '?'), 1
);
}
return mysql_query($query);
}
Sample function call:
// Check to see if all variables are defined
if ( isset($f_hostid,$f_eventid,$f_owner,$f_comment) ) {
// For numeric values, blank means NULL
if ( $f_eventid=="" ) { $f_eventid = NULL ; }
$result = mysql_prepare(
'UPDATE Hosts SET event_id=?, owner=?, comment=? WHERE id=?',
array( $f_eventid,$f_owner,$f_comment, $f_hostid )
);
if (!$result) {
$message = 'Error while updating: ' . mysql_error() . "<br />\n";
die($message);
}
echo "Update successful. <br />\n" ;
} else {