How to query MySQL from a web browser URL.
I 've a Apache server running on my Ubuntu machine which has PHP and MySQL installed.
I 've an assignment to demonstrate how SQL Injection works, I need to pass SQL Queries through my PHP Page so that i can INSERT, UPDATE, DROP data from the MySQL Database.
I need to complete the project at the earliest
Any help Appreciated !!!!!!!!!!!!!
4 6795
Heya, karthikeyanck.
You posted this in the Articles section. I'll go ahead and move it to the Forum where an Expert will be more likely to find it.
When it is just simply passing an SQL query to the db and echoing the output resource ID and the array of rows returned (e.g. after a select), this snippet will do. You'll have to adapt it to your own needs.
[php]
<?php
if (isset($_POST['sql']) ) {
$sql=$_POST['sql'];
// Make a MySQL Connection
$conn = mysql_connect("localhost", "ronverdonk", "ronnie09")
or die("Could not connect to the db server: ".mysql_error());
mysql_select_db("vwso",$conn)
or die("Could not select the db: " . mysql_error());
$result=mysql_query($sql);
echo $result.'<br />';
if ($_POST['out'] == 'y') {
while ($row = mysql_fetch_assoc($result)) {
echo '<pre>'; print_r($row);
}
}
}
?>
<form name="MyForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Type your mySQL query:<br />
<input type="text" name="sql" size="70" value="<?php echo (isset($_POST['sql'])) ? $_POST['sql'] : ""; ?>"><br />
Do you want query output displayed?<br />
<input type="radio" name="out" value="y"<?php if ($_POST['out'] == 'y') echo " checked"; ?> />yes
<input type="radio" name="out" value="n"<?php if ($_POST['out'] == 'n') echo " checked"; ?> />No<br />
<input type="submit" value="submit query" />
</form>
</body>
</html>
[/php]
Ronald
When it is just simply passing an SQL query to the db and echoing the output resource ID and the array of rows returned (e.g. after a select), this snippet will do. You'll have to adapt it to your own needs.
[php]
<?php
if (isset($_POST['sql']) ) {
$sql=$_POST['sql'];
// Make a MySQL Connection
$conn = mysql_connect("localhost", "ronverdonk", "ronnie09")
or die("Could not connect to the db server: ".mysql_error());
mysql_select_db("vwso",$conn)
or die("Could not select the db: " . mysql_error());
$result=mysql_query($sql);
echo $result.'<br />';
if ($_POST['out'] == 'y') {
while ($row = mysql_fetch_assoc($result)) {
echo '<pre>'; print_r($row);
}
}
}
?>
<form name="MyForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Type your mySQL query:<br />
<input type="text" name="sql" size="70" value="<?php echo (isset($_POST['sql'])) ? $_POST['sql'] : ""; ?>"><br />
Do you want query output displayed?<br />
<input type="radio" name="out" value="y"<?php if ($_POST['out'] == 'y') echo " checked"; ?> />yes
<input type="radio" name="out" value="n"<?php if ($_POST['out'] == 'n') echo " checked"; ?> />No<br />
<input type="submit" value="submit query" />
</form>
</body>
</html>
[/php]
Ronald
The script works fine, but when I query the server like the one below SELECT * FROM employee WHERE username = 'admin'
I get Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result ***********
This was just a simple sample and you'll have to play with it. At my site the error is probably the insertion of backslashes. At your site I assume you have no result set. So I changed the snippet code to get rid of backslashes and test the result. Next is the first part.
[php]
<?php
if (isset($_POST['sql']) ) {
$sql=$_POST['sql'];
$sql=str_replace('\\','',$sql);
$db=$_POST['db'];
// Make a MySQL Connection
$conn = mysql_connect("localhost", "ronverdonk", "ronnie09")
or die("Could not connect to server: ".mysql_error());
mysql_select_db($db,$conn)
or die("Could not select db $db: " . mysql_error());
$result=mysql_query($sql) or
die('Error: '.mysql_error());
echo "<b>statement:</b> $sql<br />";
if ($_POST['out'] == 'y') {
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_assoc($result)) {
echo '<pre>'; print_r($row);
}
}
else
echo 'No results';
}
}
?>
[/php]
Ronald
Sign in to post your reply or Sign up for a free account.
Similar topics
by: leegold2 |
last post by:
Like so many questions this involves MYSQL and the PHP (or Perl) layer.
I'm going to have html in text fields and there's going to be what
normally would be an internal link to another place in...
|
by: John Smith |
last post by:
Hi,
I've got a query that works fine when used in mySQL but completely fails
when I try to apply it to MS Access, weird thing is that it is just a copy
of a stored procedure that works fine in...
|
by: KaHuNa |
last post by:
Is there a query to check directly if a datarecord exists?
|
by: Mairhtin O'Feannag |
last post by:
Hello,
I have a client (customer) who asked the question : "Why would I buy and
use UDB, when MySql is free?"
I had to say I was stunned. I have no experience with MySql, so I was
left sort...
|
by: Peter Neumaier |
last post by:
Hi!
I'm looking for a sample code to access MySQL from Access/Excel with
VBA,ADO via OLEDB (no ODBC).
Anyone got sample code, or pages on the web (I was looking for it but I
didn't find...
|
by: thepresidentis |
last post by:
here is my problem,
i have a website that compiles concert listings for users to search for shows in their local area, i ran into a problem with returning search results due to an improper format...
|
by: Donald Campbell |
last post by:
Is it possible to pick up information from a MySQL database using a
macro in Excel?
Don
|
by: oranoos3000 |
last post by:
hi
i work with php and mysql on the os windows
i want to using function strtotime for compute diffrences between
two date , one with format date("Y-F-d") and another date is current time
and...
|
by: leroesler |
last post by:
When I do an select statement in PHP for mysql that contains fields that end in a # sign, I receive an error that indicates that it can't find the table and I receive no results. If I remove the...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |