mysql_real_escape_string
Escapes special characters in a string for use in a SQL statement
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die(mysql_error());
// Query
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
?>
// Query database to check if there are any matching users
$query = "SELECT * FROM users WHERE user='{$_POST['username']}' AND password='{$_POST['password']}'";
mysql_query($query);
// We didn't check $_POST['password'], it could be anything the user wanted! For example:
$_POST['username'] = 'aidan';
$_POST['password'] = "' OR ''='";
// This means the query sent to MySQL would be:
echo $query;
//output SELECT * FROM users WHERE user='aidan' AND password='' OR ''=''
?>
// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die(mysql_error());
// Make a safe query
$query = sprintf("SELECT * FROM users WHERE user=%s AND password=%s",
quote_smart($_POST['username']),
quote_smart($_POST['password']));
mysql_query($query);
?>
Minggu, 16 Maret 2008
mysql_error
mysql_error
Returns the text of the error message from previous MySQL operation
$link = mysql_connect("localhost", "mysql_user", "mysql_password");
mysql_select_db("nonexistentdb", $link);
echo mysql_errno($link) . ": " . mysql_error($link). "\n";
mysql_select_db("kossu", $link);
mysql_query("SELECT * FROM nonexistenttable", $link);
echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
?>
Returns the text of the error message from previous MySQL operation
$link = mysql_connect("localhost", "mysql_user", "mysql_password");
mysql_select_db("nonexistentdb", $link);
echo mysql_errno($link) . ": " . mysql_error($link). "\n";
mysql_select_db("kossu", $link);
mysql_query("SELECT * FROM nonexistenttable", $link);
echo mysql_errno($link) . ": " . mysql_error($link) . "\n";
?>
execute SQL sintak
execute SQL sintak
mysql_query() sends a query (to the currently active database on the server that's associated with the specified link_identifier).
$result = mysql_query('SELECT * WHERE 1=1');
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
// This could be supplied by a user, for example
$firstname = 'fred';
$lastname = 'fox';
// Formulate Query
// This is the best way to perform a SQL query
// For more examples, see mysql_real_escape_string()
$query = sprintf("SELECT firstname, lastname, address, age FROM friends WHERE firstname='%s' AND lastname='%s'",
mysql_real_escape_string($firstname),
mysql_real_escape_string($lastname));
// Perform Query
$result = mysql_query($query);
// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $query;
die($message);
}
// Use result
// Attempting to print $result won't allow access to information in the resource
// One of the mysql result functions must be used
// See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
while ($row = mysql_fetch_assoc($result)) {
echo $row['firstname'];
echo $row['lastname'];
echo $row['address'];
echo $row['age'];
}
// Free the resources associated with the result set
// This is done automatically at the end of the script
mysql_free_result($result);
?>
mysql_query() sends a query (to the currently active database on the server that's associated with the specified link_identifier).
$result = mysql_query('SELECT * WHERE 1=1');
if (!$result) {
die('Invalid query: ' . mysql_error());
}
?>
// This could be supplied by a user, for example
$firstname = 'fred';
$lastname = 'fox';
// Formulate Query
// This is the best way to perform a SQL query
// For more examples, see mysql_real_escape_string()
$query = sprintf("SELECT firstname, lastname, address, age FROM friends WHERE firstname='%s' AND lastname='%s'",
mysql_real_escape_string($firstname),
mysql_real_escape_string($lastname));
// Perform Query
$result = mysql_query($query);
// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $query;
die($message);
}
// Use result
// Attempting to print $result won't allow access to information in the resource
// One of the mysql result functions must be used
// See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
while ($row = mysql_fetch_assoc($result)) {
echo $row['firstname'];
echo $row['lastname'];
echo $row['address'];
echo $row['age'];
}
// Free the resources associated with the result set
// This is done automatically at the end of the script
mysql_free_result($result);
?>
connect to MYSQL
connect to MYSQL
use mysql_connect() to connecting PHP with MYSQL
pattern :
mysql_connect('host','mysql_user','mysql_password');
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
?>
// we connect to example.com and port 3307
$link = mysql_connect('example.com:3307', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
// we connect to localhost at port 3307
$link = mysql_connect('127.0.0.1:3307', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
?>
use mysql_connect() to connecting PHP with MYSQL
pattern :
mysql_connect('host','mysql_user','mysql_password');
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
?>
// we connect to example.com and port 3307
$link = mysql_connect('example.com:3307', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
// we connect to localhost at port 3307
$link = mysql_connect('127.0.0.1:3307', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
?>
explode and implode
explode and implode
to Split a string by string
and output with array
Returns an array of strings, each of which is a substring of string formed by splitting it on boundaries formed by the string separator. If limit is set, the returned array will contain a maximum of limit elements with the last element containing the rest of string.
// Example 1
$pizza = "piece1 piece2 piece3 piece4 piece5 piece6";
$pieces = explode(" ", $pizza);
echo $pieces[0]; // piece1
echo $pieces[1]; // piece2
// Example 2
$data = "foo:*:1023:1000::/home/foo:/bin/sh";
list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
echo $user; // foo
echo $pass; // *
?>
$str = 'one|two|three|four';
// positive limit
print_r(explode('|', $str, 2));
// negative limit (since PHP 5.1)
print_r(explode('|', $str, -1));
?>
implode
Join array elements with a string
Returns a string containing a string representation of all the array elements in the same order, with the glue string between each element.
$array = array('lastname', 'email', 'phone');
$comma_separated = implode(",", $array);
echo $comma_separated; // lastname,email,phone
?>
to Split a string by string
and output with array
Returns an array of strings, each of which is a substring of string formed by splitting it on boundaries formed by the string separator. If limit is set, the returned array will contain a maximum of limit elements with the last element containing the rest of string.
// Example 1
$pizza = "piece1 piece2 piece3 piece4 piece5 piece6";
$pieces = explode(" ", $pizza);
echo $pieces[0]; // piece1
echo $pieces[1]; // piece2
// Example 2
$data = "foo:*:1023:1000::/home/foo:/bin/sh";
list($user, $pass, $uid, $gid, $gecos, $home, $shell) = explode(":", $data);
echo $user; // foo
echo $pass; // *
?>
$str = 'one|two|three|four';
// positive limit
print_r(explode('|', $str, 2));
// negative limit (since PHP 5.1)
print_r(explode('|', $str, -1));
?>
implode
Join array elements with a string
Returns a string containing a string representation of all the array elements in the same order, with the glue string between each element.
$array = array('lastname', 'email', 'phone');
$comma_separated = implode(",", $array);
echo $comma_separated; // lastname,email,phone
?>
trim() function
To disapearing a white space of words we coud use trim() function
trim() will be delete white space from the beginning and end of a string
$text = "\t\tThese are a few words :) ... ";
echo trim($text); // "These are a few words :) ..."
echo trim($text, " \t."); // "These are a few words :)"
// trim the ASCII control characters at the beginning and end of $binary
// (from 0 to 31 inclusive)
$clean = trim($binary, "\x00..\x1F");
?>
ltrim() Strip whitespace (or other characters) from the beginning of a string
$text = "\t\tThese are a few words :) ... ";
$trimmed = ltrim($text);
// $trimmed = "These are a few words :) ... "
$trimmed = ltrim($text, " \t.");
// $trimmed = "These are a few words :) ... "
$clean = ltrim($binary, "\x00..\x1F");
// trim the ASCII control characters at the beginning of $binary
// (from 0 to 31 inclusive)
?>
Strip whitespace (or other characters) from the end of a string
$text = "\t\tThese are a few words :) ... ";
$trimmed = rtrim($text);
// $trimmed = "\t\tThese are a few words :) ..."
$trimmed = rtrim($text, " \t.");
// $trimmed = "\t\tThese are a few words :)"
$clean = rtrim($binary, "\x00..\x1F");
// trim the ASCII control characters at the end of $binary
// (from 0 to 31 inclusive)
?>
trim() will be delete white space from the beginning and end of a string
$text = "\t\tThese are a few words :) ... ";
echo trim($text); // "These are a few words :) ..."
echo trim($text, " \t."); // "These are a few words :)"
// trim the ASCII control characters at the beginning and end of $binary
// (from 0 to 31 inclusive)
$clean = trim($binary, "\x00..\x1F");
?>
ltrim() Strip whitespace (or other characters) from the beginning of a string
$text = "\t\tThese are a few words :) ... ";
$trimmed = ltrim($text);
// $trimmed = "These are a few words :) ... "
$trimmed = ltrim($text, " \t.");
// $trimmed = "These are a few words :) ... "
$clean = ltrim($binary, "\x00..\x1F");
// trim the ASCII control characters at the beginning of $binary
// (from 0 to 31 inclusive)
?>
Strip whitespace (or other characters) from the end of a string
$text = "\t\tThese are a few words :) ... ";
$trimmed = rtrim($text);
// $trimmed = "\t\tThese are a few words :) ..."
$trimmed = rtrim($text, " \t.");
// $trimmed = "\t\tThese are a few words :)"
$clean = rtrim($binary, "\x00..\x1F");
// trim the ASCII control characters at the end of $binary
// (from 0 to 31 inclusive)
?>
Function
Function
we could make function to make our code simple
pattern:
function name_of _function(){
}
sample
function takes_array($input)
{
echo "$input[0] + $input[1] = ", $input[0]+$input[1];
}
?>
to call function
take_array(3);
?>
or complete code
function name_of _function(){
}
sample
function takes_array($input)
{
echo "$input[0] + $input[1] = ", $input[0]+$input[1];
}
take_array(3);
?>
we could make function to make our code simple
pattern:
function name_of _function(){
}
sample
function takes_array($input)
{
echo "$input[0] + $input[1] = ", $input[0]+$input[1];
}
?>
to call function
take_array(3);
?>
or complete code
function name_of _function(){
}
sample
function takes_array($input)
{
echo "$input[0] + $input[1] = ", $input[0]+$input[1];
}
take_array(3);
?>
session
session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
?>
session_start();
Must be include in first step to starting session
Session could be writes with
session_start()
$barney = "A big purple dinosaur.";
session_register("barney");
?>
to destroy session we coud use
session_destroy();
or
unset ($_SESSION['count']);
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
?>
session_start();
Must be include in first step to starting session
Session could be writes with
session_start()
$barney = "A big purple dinosaur.";
session_register("barney");
?>
to destroy session we coud use
session_destroy();
or
unset ($_SESSION['count']);
Rabu, 05 Maret 2008
Hello world
How to began study on php (PHP Hypertext Processor).
PHP always began with sign
The first lesson is display 'hello word' in the browser.
Code:
echo 'hello world';
?>
save this file in the web root with file name hello.php(sample). and call in the browser.
Similar with this code is
print 'hello world';
?>
we could use a variable to display in the browser. Variable always began with $ sign.
$words='Heloo world';
echo $words;
?>
$words='Heloo world';
$new_words=' have a nice day';
$words =$words.$new_words
echo $words;
?>
will oputput helloo world have a nice day
or that code coul be write
$words='Heloo world';
$new_words=' have a nice day';
$words .=$new_words
echo $words;
?>
that meaning .= is adding $words with $new_words
PHP always began with sign
The first lesson is display 'hello word' in the browser.
Code:
echo 'hello world';
?>
save this file in the web root with file name hello.php(sample). and call in the browser.
Similar with this code is
print 'hello world';
?>
we could use a variable to display in the browser. Variable always began with $ sign.
$words='Heloo world';
echo $words;
?>
$words='Heloo world';
$new_words=' have a nice day';
$words =$words.$new_words
echo $words;
?>
will oputput helloo world have a nice day
or that code coul be write
$words='Heloo world';
$new_words=' have a nice day';
$words .=$new_words
echo $words;
?>
that meaning .= is adding $words with $new_words
Langganan:
Postingan (Atom)