PHP Classes

using _GET var in WHERE clause

Recommend this page to a friend!

      DrasticTools  >  All threads  >  using _GET var in WHERE clause  >  (Un) Subscribe thread alerts  
Subject:using _GET var in WHERE clause
Summary:I'd like to use a variable passed in URL in the WHERE clause
Messages:9
Author:Bob Smith
Date:2009-08-30 21:38:20
Update:2009-09-28 09:32:47
 

  1. using _GET var in WHERE clause   Reply   Report abuse  
Picture of Bob Smith Bob Smith - 2009-08-30 21:38:20
I have problems, I can't get a _GET variable working. Here's the relevant of the code - first one works, the second one (which I want to use) doesn't.

// when accessing document.php?id=13
// THIS ONE WORKS:

class mysrc extends drasticSrcMySQL {
protected function select(){
// DIFFERENCE $getid=htmlspecialchars($_GET["id"]);
$getid=13;
$res = mysql_query("SELECT * FROM $this->table WHERE userid='".$getid."'" . $this->orderbystr, $this->conn) or die(mysql_error());
return ($res);
}
protected function add(){
mysql_query("INSERT INTO $this->table (userid) VALUES('".$getid."')", $this->conn) or die(mysql_error());
if (mysql_affected_rows($this->conn) == 1) return(true); else return(false);
}
}

// THIS ONE DOESN'T WORK:

class mysrc extends drasticSrcMySQL {
protected function select(){
$getid=htmlspecialchars($_GET["id"]);
// DIFFERENCE $getid=13;
$res = mysql_query("SELECT * FROM $this->table WHERE userid='".$getid."'" . $this->orderbystr, $this->conn) or die(mysql_error());
return ($res);
}
protected function add(){
mysql_query("INSERT INTO $this->table (userid) VALUES('".$getid."')", $this->conn) or die(mysql_error());
if (mysql_affected_rows($this->conn) == 1) return(true); else return(false);
}
}

Help please

  2. Re: using _GET var in WHERE clause   Reply   Report abuse  
Picture of dd dd - 2009-08-31 21:55:50 - In reply to message 1 from Bob Smith
Hi Bob,

Your second example will not work because the GET variable you try to catch will not be passed on from the calling php file to the javascript to the php backend (if this is abracadabra, just ignore.....).

A way to get it working is to either use the "defaultcols" option as in exampleGrid5 or use the "addparams" method to pass information from the javascript to the php backend. At first sight the first approach (defaultcols) is the one to try first, but it may be that you have to use the addparams way.

regards, DrasticData

  3. Re: using _GET var in WHERE clause   Reply   Report abuse  
Picture of Bob Smith Bob Smith - 2009-09-01 08:31:26 - In reply to message 2 from dd
Thanks for the reply.

I tried the defaultcols way first, but it didn't work:
---
$getid = $_GET['id'];
// $getid = 13; works
$options = array(
"defaultcols" => array("userid" => $getid)
);
---
The _GET value isn't passed on either :(

Could you write me an example how to use the addparams way to limit the query to one value of "userid" column?
And would the limiting be done server side or only client side? I prefer the server side.

  4. Re: using _GET var in WHERE clause   Reply   Report abuse  
Picture of dd dd - 2009-09-02 21:01:15 - In reply to message 3 from Bob Smith
Hi Bob,

That would be something like Examplegrid9, with:

thegrid = new drasticGrid('grid1', {
pathimg:"img/",
path:"MODIFIEDdrasticSrcMySQL.class.php",
pagelength:10,
addparams:"&getid="+<?php echo $getid=htmlspecialchars($_GET["id"]);?>
});

---------------------------------------------------
And the file "MODIFIEDdrasticSrcMySQL.class.php" contains the line:

$getid = $_REQUEST["tablename"];

and then use $getid in this file to perform your own select and add function.

Hope this helps......

regards, dd

  5. Re: using _GET var in WHERE clause   Reply   Report abuse  
Picture of Bob Smith Bob Smith - 2009-09-03 16:09:18 - In reply to message 4 from dd
Thanks for the help! I've finally got it working. I had to change your code a bit more:

addparams:"&getid=<?php echo $getid=htmlspecialchars($_GET["id"]);?>"

And in drasticSrcMySQL.class.php after the protected function select(){
added:
$getid = $_REQUEST["getid"];
and modified the next line - replaced:
" . $this->wherestr .
with:
WHERE idfield='" . $getid . "' " .

Hopefully someone finds it useful as well :)



  6. Re: using _GET var in WHERE clause   Reply   Report abuse  
Picture of dd dd - 2009-09-03 17:23:55 - In reply to message 5 from Bob Smith
Great,
yes it is always possible to extend the package to implement this kind of functionality, though may take some effort.
We'll put on the wish to think about how to make this kind of functionality easrier to implement.

regards, dd

  7. Re: using _GET var in WHERE clause   Reply   Report abuse  
Picture of Bob Smith Bob Smith - 2009-09-21 16:54:21 - In reply to message 6 from dd
Turns out using
addparams:"&getid=<?php echo $getid=htmlspecialchars($_GET["id"]);?>"
breaks another thing. I'm no longer able to add new rows. The star icon is there, the script is "thinking" after I clicking. But then no row is added.
Taking out addparams makes it working again.

Any suggestions?

  8. Re: using _GET var in WHERE clause   Reply   Report abuse  
Picture of dd dd - 2009-09-27 09:23:20 - In reply to message 7 from Bob Smith
Hi Bob,

If all is working except adding a row, it is probably a matter of taking the variable you passed via the addparams into the

protected function add(){
....
}

function. Probably you need to create an INSERT statement that takes the id into account? Anyway, best way to start is probably to log the INSERT statement that is carried out and see if this makes sense.

good luck,

DD

  9. Re: using _GET var in WHERE clause   Reply   Report abuse  
Picture of Bob Smith Bob Smith - 2009-09-28 09:32:48 - In reply to message 8 from dd
Thanks!
Turns out the rows were being created, but with all empty values.

Here's what helped:
REPLACED

$this->addstr = " () VALUES () ";

WITH

$getid = $_REQUEST["getid"];
$this->addstr = " (idfield) VALUES (" . $getid . ") ";