NYCPHP Meetup

[Carlos A Hoyos]

1- It's a good idea to use alias in the query to make it easier to read:

$query= "SELECT images.id as imageid, format.id as formatid, format.name as
formatname
FROM images, format
WHERE images.id=$id";  /* $id is a passed from a from*/

2- If you use extract, variables $imageid, $formatid and $formatname will
have the expected values. You can also use
$row["imageid"], $row["formatid"] and $row["formatname"], without having to
use extract.

3- Just a side note: If you're building the query out of data received from
the outside, take necessary precautions validating it, as well as handling
any errors in case the resulting query is bad/empty.

One backdoor to hack pages, for example, is to craft a URL to your page
passing
$id= "3; delete from mysql.user where 1=1" . If executed, this query could
do some damage to your db.





                                                                                                                                       
                      Matthew Zimmerman                                                                                                
                      <mz34 at nyu.edu>           To:       NYPHP Talk <talk at nyphp.org>                                                   
                                               cc:                                                                                     
                      09/11/2002 01:25         Subject:  [nycphp-talk] Printing from arrays.                                            
                      PM                                                                                                               
                      Please respond to                                                                                                
                      talk                                                                                                             
                                                                                                                                       
                                                                                                                                       



Hello,

Sorry if this is a RTFM question, but this list has been such a great
resource I wanted to start here.

Just a question about printing from an array using PHP/MySQL

My real database and code is a little more complex then this, but to
illustrate my problem let me say

1. I have two tables: "images" and "format". They each have two fields
"id" and "name".

2. I have a query that says

$query= "SELECT images.id, format.id, format.name
FROM images, format
WHERE images.id=$id";  /* $id is a passed from a from*/

3. Then I assign the results to an array using

$result= mysql_query($query);

while ($row=mysql_fetch_array($result)

             {
                         extract($row);

             }

4. Then I want to print the results which I would think would go like
this:

echo "$images.id, $format.id, $format.name";

But it seems these are not the keys in the array, but instead there is
just one $id key and the value of that is whatever "id" came last in
the query. In other words, if the query read "Select format.id,
images.id" then there would be a value in the array for $id equal to
"images.id" and if query read "Select images.id, format.id" then there
would be a value in the array for the key $id equal to "format_id".

I expected there would be two keys in the array: images.id and format.id

Am I wrong to expect that?

Thanks for any help. I am new to PHP and databases and this code I am
using I got from a book, so maybe it is the wrong technique.


Matt Zimmerman
NYU



--- Unsubscribe at http://nyphp.org/list ---