Solved

Backbase and MySQL

Posted on 2008-06-22
2
422 Views
Last Modified: 2010-10-05
I have the instructions on how to pull XML out of a MySQL query:
http://bdn.backbase.com/blog/sjoerd/dynamic-data-in-the-pim-demo-using-php-and-mysql

However,
How do I write the changes back up into MySQL?  My Webpages are in PHP.
Thanks
0
Comment
Question by:Evan Cutler
2 Comments
 
LVL 1

Accepted Solution

by:
binarydesignnz earned 500 total points
ID: 21842347
For a start, you should modify the initial query for getting the data, as it is currently vulnerable to SQL injection.  A simple addslashes command will fix this.
I would recommend changing the line:
    $section = $_GET['section'];
with:
    $section = addslashes($_GET['section']);

This will add a leading backslash to any escape characters.

For updating the database, I am assuming you are using a HTTP POST or GET from your Ajax code,  Here is a solution using POST:
<?
 
 
$dbName = "";			//insert db name here
$dbUser = ""; 			//insert db Username here
$dbPass = ""; 			//insert db Password here
$dbHost = "localhost";  //insert db Host here
$dbTable = "";  		//insert db Table name here
 
 
$updString = "";
$seperator = ", ";
$index = 1;
 
$data = $_POST;			//$_POST or $_GET
 
foreach($data as $name => $value) {
 
	if ($name && $value){
		
		$updString .= "`".addslashes($name)."` = \'".addslashes($value)."\'";  //protect the input parameters
		
		if ($index < sizeof($data)){
			$updString .= $seperator; //add the delimater if there is another parameter
		}
		$index++;
	
	}
 
}
 
 
if(($db = mysql_connect($dbHost, $dbUser, $dbPass)) && sizeof($data) ){
	if(mysql_select_db($dbName, $db) ){
 
		mysql_query("UPDATE `".$dbName."`.`".$dbTable."` SET ".$updString." WHERE `".$dbTable."`.`id` = ".(int)($data['id'])." LIMIT 1;", $db );
		print "success";
		
	}
}else{
	print "fail";
}
 
?>

Open in new window

0
 
LVL 9

Author Closing Comment

by:Evan Cutler
ID: 31469546
thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If I have to fix slow responding website my first thoughts are server side optimizations: the database may not be optimized or caching is not enabled, or things like that. We often overlook another major part of our web application: the client. We o…
When table data gets too large to manage or queries take too long to execute the solution is often to buy bigger hardware or assign more CPUs and memory resources to the machine to solve the problem. However, the best, cheapest and most effective so…
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question