Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 433
  • Last Modified:

Backbase and MySQL

I have the instructions on how to pull XML out of a MySQL query:
http://bdn.backbase.com/blog/sjoerd/dynamic-data-in-the-pim-demo-using-php-and-mysql

However,
How do I write the changes back up into MySQL?  My Webpages are in PHP.
Thanks
0
Evan Cutler
Asked:
Evan Cutler
1 Solution
 
binarydesignnzCommented:
For a start, you should modify the initial query for getting the data, as it is currently vulnerable to SQL injection.  A simple addslashes command will fix this.
I would recommend changing the line:
    $section = $_GET['section'];
with:
    $section = addslashes($_GET['section']);

This will add a leading backslash to any escape characters.

For updating the database, I am assuming you are using a HTTP POST or GET from your Ajax code,  Here is a solution using POST:
<?
 
 
$dbName = "";			//insert db name here
$dbUser = ""; 			//insert db Username here
$dbPass = ""; 			//insert db Password here
$dbHost = "localhost";  //insert db Host here
$dbTable = "";  		//insert db Table name here
 
 
$updString = "";
$seperator = ", ";
$index = 1;
 
$data = $_POST;			//$_POST or $_GET
 
foreach($data as $name => $value) {
 
	if ($name && $value){
		
		$updString .= "`".addslashes($name)."` = \'".addslashes($value)."\'";  //protect the input parameters
		
		if ($index < sizeof($data)){
			$updString .= $seperator; //add the delimater if there is another parameter
		}
		$index++;
	
	}
 
}
 
 
if(($db = mysql_connect($dbHost, $dbUser, $dbPass)) && sizeof($data) ){
	if(mysql_select_db($dbName, $db) ){
 
		mysql_query("UPDATE `".$dbName."`.`".$dbTable."` SET ".$updString." WHERE `".$dbTable."`.`id` = ".(int)($data['id'])." LIMIT 1;", $db );
		print "success";
		
	}
}else{
	print "fail";
}
 
?>

Open in new window

0
 
Evan CutlerVolunteer Chief Information OfficerAuthor Commented:
thanks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now