Solved

Backbase and MySQL

Posted on 2008-06-22
2
418 Views
Last Modified: 2010-10-05
I have the instructions on how to pull XML out of a MySQL query:
http://bdn.backbase.com/blog/sjoerd/dynamic-data-in-the-pim-demo-using-php-and-mysql

However,
How do I write the changes back up into MySQL?  My Webpages are in PHP.
Thanks
0
Comment
Question by:Evan Cutler
2 Comments
 
LVL 1

Accepted Solution

by:
binarydesignnz earned 500 total points
ID: 21842347
For a start, you should modify the initial query for getting the data, as it is currently vulnerable to SQL injection.  A simple addslashes command will fix this.
I would recommend changing the line:
    $section = $_GET['section'];
with:
    $section = addslashes($_GET['section']);

This will add a leading backslash to any escape characters.

For updating the database, I am assuming you are using a HTTP POST or GET from your Ajax code,  Here is a solution using POST:
<?
 
 
$dbName = "";			//insert db name here
$dbUser = ""; 			//insert db Username here
$dbPass = ""; 			//insert db Password here
$dbHost = "localhost";  //insert db Host here
$dbTable = "";  		//insert db Table name here
 
 
$updString = "";
$seperator = ", ";
$index = 1;
 
$data = $_POST;			//$_POST or $_GET
 
foreach($data as $name => $value) {
 
	if ($name && $value){
		
		$updString .= "`".addslashes($name)."` = \'".addslashes($value)."\'";  //protect the input parameters
		
		if ($index < sizeof($data)){
			$updString .= $seperator; //add the delimater if there is another parameter
		}
		$index++;
	
	}
 
}
 
 
if(($db = mysql_connect($dbHost, $dbUser, $dbPass)) && sizeof($data) ){
	if(mysql_select_db($dbName, $db) ){
 
		mysql_query("UPDATE `".$dbName."`.`".$dbTable."` SET ".$updString." WHERE `".$dbTable."`.`id` = ".(int)($data['id'])." LIMIT 1;", $db );
		print "success";
		
	}
}else{
	print "fail";
}
 
?>

Open in new window

0
 
LVL 9

Author Closing Comment

by:Evan Cutler
ID: 31469546
thanks
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CA single sign on 2 87
Connect MySql database to wordpress site 3 66
unable to insert record into a table 2 29
MYSQL database problem within Coldfusion 2016 environment 12 32
New Relic: Our company recently started researching several products to figure out what were the best ways for us to increase our web page speed and to quickly identify performance problems that we may be having. One of the products we evaluated wa…
Introduction A frequently used term in Object-Oriented design is "SOLID" which is a mnemonic acronym that covers five principles of OO design.  These principles do not stand alone; there is interplay among them.  And they are not laws, merely princ…
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question