| Re: PHP mysql_excape but need to search for those items [message #178379 is a reply to message #178361] |
Tue, 12 June 2012 09:26   |
Arno Welzel
Messages: 317
Registered: October 2011
Karma:
|
Senior Member |
|
|
mrgushi, 11.06.2012 18:48:
> Interesting... Thx.
> You have any samples codes to give me an idea of how something like
> that would work. The JS issue is a fantastic point but not as
I assume you can use the mysqli extension and we have a table named
"lookuptable" where you want to get a result (id, data) for a specified
key, which was passed as GET parameter "key":
<?php
// Check, if GET parameter "key" is set
if(!isset($_GET['key']))
{
echo 'Parameter missing';
exit();
}
// Open database connection
$db = new mysqli('host', 'username', 'password', 'db');
// Handle connection error
if(mysqli_connect_errno())
{
echo 'Database connection failed: '.mysqli_connect_errno();
exit();
}
// Prepare SELECT statement with a placeholder (?) for the key
$stmt = $db->prepare('SELECT id, data FROM lookuptable WHERE key=?');
if($stmt)
{
// Bind key parameter as string
$stmt->bind_param('s', $_GET['key']);
// Execute the statement
$stmt->execute();
// Bind the result columns
$stmt->bind_result($id, $data);
// Fetch the first row from the table
if($stmt->fetch())
{
echo 'ID: '.$id.', data: '.$data;
}
// Close the statement
$stmt->close();
}
// Close the database connection
$db->close();
?>
For further information see:
<http://www.php.net/manual/en/book.mysqli.php>
Or as an alternative to mysqli you can also use PDO:
<http://de.php.net/manual/en/book.pdo.php>
--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]