Solved

Backbase and MySQL

Posted on 2008-06-22
2
415 Views
Last Modified: 2010-10-05
I have the instructions on how to pull XML out of a MySQL query:
http://bdn.backbase.com/blog/sjoerd/dynamic-data-in-the-pim-demo-using-php-and-mysql

However,
How do I write the changes back up into MySQL?  My Webpages are in PHP.
Thanks
0
Comment
Question by:Evan Cutler
2 Comments
 
LVL 1

Accepted Solution

by:
binarydesignnz earned 500 total points
Comment Utility
For a start, you should modify the initial query for getting the data, as it is currently vulnerable to SQL injection.  A simple addslashes command will fix this.
I would recommend changing the line:
    $section = $_GET['section'];
with:
    $section = addslashes($_GET['section']);

This will add a leading backslash to any escape characters.

For updating the database, I am assuming you are using a HTTP POST or GET from your Ajax code,  Here is a solution using POST:
<?
 
 

$dbName = "";			//insert db name here

$dbUser = ""; 			//insert db Username here

$dbPass = ""; 			//insert db Password here

$dbHost = "localhost";  //insert db Host here

$dbTable = "";  		//insert db Table name here
 
 

$updString = "";

$seperator = ", ";

$index = 1;
 

$data = $_POST;			//$_POST or $_GET
 

foreach($data as $name => $value) {
 

	if ($name && $value){

		

		$updString .= "`".addslashes($name)."` = \'".addslashes($value)."\'";  //protect the input parameters

		

		if ($index < sizeof($data)){

			$updString .= $seperator; //add the delimater if there is another parameter

		}

		$index++;

	

	}
 

}
 
 

if(($db = mysql_connect($dbHost, $dbUser, $dbPass)) && sizeof($data) ){

	if(mysql_select_db($dbName, $db) ){
 

		mysql_query("UPDATE `".$dbName."`.`".$dbTable."` SET ".$updString." WHERE `".$dbTable."`.`id` = ".(int)($data['id'])." LIMIT 1;", $db );

		print "success";

		

	}

}else{

	print "fail";

}
 

?>

Open in new window

0
 
LVL 9

Author Closing Comment

by:Evan Cutler
Comment Utility
thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A publishing tool, a Version Control System, or a Collaboration Platform! These can be some of the defining words for the two very famous web-hosting Git repositories: Bitbucket and Github. Git is widely used amongst the programmers and developers f…
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now