473,386 Members | 1,793 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > mysql database > questions > how to query mysql from a web browser url ?

Join Bytes to post your question to a community of 473,386 software developers and data experts.

How to query MySQL from a web browser URL ?

How to query MySQL from a web browser URL.

I 've a Apache server running on my Ubuntu machine which has PHP and MySQL installed.

I 've an assignment to demonstrate how SQL Injection works, I need to pass SQL Queries through my PHP Page so that i can INSERT, UPDATE, DROP data from the MySQL Database.

I need to complete the project at the earliest

Any help Appreciated !!!!!!!!!!!!!
Oct 15 '07 #1
4 6795
pbmods
5,821 Expert 4TB
Heya, karthikeyanck.

You posted this in the Articles section. I'll go ahead and move it to the Forum where an Expert will be more likely to find it.
Oct 15 '07 #2
ronverdonk
4,258 Expert 4TB
When it is just simply passing an SQL query to the db and echoing the output resource ID and the array of rows returned (e.g. after a select), this snippet will do. You'll have to adapt it to your own needs.
[php]
<?php
if (isset($_POST['sql']) ) {
$sql=$_POST['sql'];
// Make a MySQL Connection
$conn = mysql_connect("localhost", "ronverdonk", "ronnie09")
or die("Could not connect to the db server: ".mysql_error());
mysql_select_db("vwso",$conn)
or die("Could not select the db: " . mysql_error());
$result=mysql_query($sql);
echo $result.'<br />';
if ($_POST['out'] == 'y') {
while ($row = mysql_fetch_assoc($result)) {
echo '<pre>'; print_r($row);
}
}
}
?>
<form name="MyForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Type your mySQL query:<br />
<input type="text" name="sql" size="70" value="<?php echo (isset($_POST['sql'])) ? $_POST['sql'] : ""; ?>"><br />
Do you want query output displayed?<br />
<input type="radio" name="out" value="y"<?php if ($_POST['out'] == 'y') echo " checked"; ?> />yes&nbsp;
<input type="radio" name="out" value="n"<?php if ($_POST['out'] == 'n') echo " checked"; ?> />No<br />
<input type="submit" value="submit query" />
</form>
</body>
</html>
[/php]
Ronald
Oct 15 '07 #3
When it is just simply passing an SQL query to the db and echoing the output resource ID and the array of rows returned (e.g. after a select), this snippet will do. You'll have to adapt it to your own needs.
[php]
<?php
if (isset($_POST['sql']) ) {
$sql=$_POST['sql'];
// Make a MySQL Connection
$conn = mysql_connect("localhost", "ronverdonk", "ronnie09")
or die("Could not connect to the db server: ".mysql_error());
mysql_select_db("vwso",$conn)
or die("Could not select the db: " . mysql_error());
$result=mysql_query($sql);
echo $result.'<br />';
if ($_POST['out'] == 'y') {
while ($row = mysql_fetch_assoc($result)) {
echo '<pre>'; print_r($row);
}
}
}
?>
<form name="MyForm" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Type your mySQL query:<br />
<input type="text" name="sql" size="70" value="<?php echo (isset($_POST['sql'])) ? $_POST['sql'] : ""; ?>"><br />
Do you want query output displayed?<br />
<input type="radio" name="out" value="y"<?php if ($_POST['out'] == 'y') echo " checked"; ?> />yes&nbsp;
<input type="radio" name="out" value="n"<?php if ($_POST['out'] == 'n') echo " checked"; ?> />No<br />
<input type="submit" value="submit query" />
</form>
</body>
</html>
[/php]
Ronald

The script works fine, but when I query the server like the one below

SELECT * FROM employee WHERE username = 'admin'

I get Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result ***********
Oct 16 '07 #4
ronverdonk
4,258 Expert 4TB
This was just a simple sample and you'll have to play with it. At my site the error is probably the insertion of backslashes. At your site I assume you have no result set. So I changed the snippet code to get rid of backslashes and test the result. Next is the first part.
[php]
<?php
if (isset($_POST['sql']) ) {
$sql=$_POST['sql'];
$sql=str_replace('\\','',$sql);
$db=$_POST['db'];
// Make a MySQL Connection
$conn = mysql_connect("localhost", "ronverdonk", "ronnie09")
or die("Could not connect to server: ".mysql_error());
mysql_select_db($db,$conn)
or die("Could not select db $db: " . mysql_error());
$result=mysql_query($sql) or
die('Error: '.mysql_error());
echo "<b>statement:</b> $sql<br />";
if ($_POST['out'] == 'y') {
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_assoc($result)) {
echo '<pre>'; print_r($row);
}
}
else
echo 'No results';
}
}
?>
[/php]
Ronald
Oct 16 '07 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

3
click a hyperlink to query MYSQL w/PHP - how?
by: leegold2 | last post by:
Like so many questions this involves MYSQL and the PHP (or Perl) layer. I'm going to have html in text fields and there's going to be what normally would be an internal link to another place in...
PHP
1
Query / mySQL / Access
by: John Smith | last post by:
Hi, I've got a query that works fine when used in mySQL but completely fails when I try to apply it to MS Access, weird thing is that it is just a copy of a stored procedure that works fine in...
ASP / Active Server Pages
0
Query mysql
by: KaHuNa | last post by:
Is there a query to check directly if a datarecord exists?
MySQL Database
39
DB2 v MySql
by: Mairhtin O'Feannag | last post by:
Hello, I have a client (customer) who asked the question : "Why would I buy and use UDB, when MySql is free?" I had to say I was stunned. I have no experience with MySql, so I was left sort...
DB2 Database
0
Query MySQL
by: Peter Neumaier | last post by:
Hi! I'm looking for a sample code to access MySQL from Access/Excel with VBA,ADO via OLEDB (no ODBC). Anyone got sample code, or pages on the web (I was looking for it but I didn't find...
Microsoft Access / VBA
1
problem with returning all results from search query MYSQL & PHP
by: thepresidentis | last post by:
here is my problem, i have a website that compiles concert listings for users to search for shows in their local area, i ran into a problem with returning search results due to an improper format...
PHP
0
Query MySQL from Excel
by: Donald Campbell | last post by:
Is it possible to pick up information from a MySQL database using a macro in Excel? Don
MySQL Database
3
oranoos3000
problem in using strtotime in query mysql
by: oranoos3000 | last post by:
hi i work with php and mysql on the os windows i want to using function strtotime for compute diffrences between two date , one with format date("Y-F-d") and another date is current time and...
MySQL Database
14
How to query mysql for data that has "#" in the string?
by: leroesler | last post by:
When I do an select statement in PHP for mysql that contains fields that end in a # sign, I receive an error that indicates that it can't find the table and I receive no results. If I remove the...
PHP
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!