Your question, your audience. Choose who sees your identity—and your question—with question security.
select * from Person where LastName = 'Arnold';
<html>
<head>
<title>Premiere Products</title>
</head>
<body>
<h1>Arnold-Jackson-Silacci-Nixon Genealogy</h1>
<form action="index.php" method="post">
<p>
DB Server : <input type="text" name="host" value="localhost"></input><br/>
Database Name: <input type="text" name="database" value="mysql"></input><br/>
DB User : <input type="text" name="user" value="root"></input><br/>
DB Password : <input type="text" name="password"></input><br/>
Query:
<textarea NAME="quest" ROWS=4 COLS=40></textarea><BR />
</p>
<input TYPE="submit" NAME="submit" VALUE="Go!"/>
</form>
<?php
$linkID = 0; // Result of mysql_connect()
function connect() {
$host = $_POST['host']; // Hostname of our MySQL server
$database = $_POST['database']; // Logical database name on that server
$user = $_POST['user']; // Database user
$password = $_POST['password']; // Database user's password
echo "Host : $host <br/>";
echo "Database : $database <br/>";
echo "Username : $user <br/>";
echo "Password : $password <br/>";
$lID = mysql_connect($host, $user, $password);
if (!$lID) {
echo("connect failed");
}
$selectResult = mysql_select_db($database, $lID);
if(!$selectResult) {
$errno = mysql_errno($lID);
$error = mysql_error($lID);
echo("cannot select database <I>".$database."</I>");
}
return $lID;
}
//Here is the important part of the php file:
$query = mysql_escape_string($_POST['quest']);
if (strlen($query) > 0) {
$linkID = connect();
echo "linkID : $linkID<br/>";
echo "Query : $query <br/>";
$result = mysql_query($query, $linkID);
echo "<table border='2' cellspacing='0' cellpadding='6'>";
if (mysql_num_rows($result)>0) {
echo "<tr>";
//loop thru the field names to print the correct headers
$i = 0;
while ($i < mysql_num_fields($result)) {
echo "<th>". mysql_field_name($result, $i) . "</th>";
$i++;
}
echo "</tr>";
}
if($result) {
while($row = mysql_fetch_array($result,MYSQL_BOTH)) {
echo "<tr>";
//loop thru the fields
$i = 0;
while ($i < mysql_num_fields($result)) {
echo "<td>".$row[$i]."</td>";
$i++;
}
echo "</tr>";
}
}
}
?>
</body>
</html>
<html>
<head>
<title>Premiere Products</title>
</head>
<body>
<h1>Arnold-Jackson-Silacci-Nixon Genealogy</h1>
<form action="index.php" method="post">
<p>
DB Server : <input type="text" name="host" value="localhost"></input><br/>
Database Name: <input type="text" name="database" value="mysql"></input><br/>
DB User : <input type="text" name="user" value="root"></input><br/>
DB Password : <input type="text" name="password"></input><br/>
Query:
<textarea NAME="quest" ROWS=4 COLS=40></textarea><BR />
</p>
<input TYPE="submit" NAME="submit" VALUE="Go!"/>
</form>
<?php
$linkID = 0; // Result of mysql_connect()
function connect() {
$host = $_POST['host']; // Hostname of our MySQL server
$database = $_POST['database']; // Logical database name on that server
$user = $_POST['user']; // Database user
$password = $_POST['password']; // Database user's password
echo "Host : $host <br/>";
echo "Database : $database <br/>";
echo "Username : $user <br/>";
echo "Password : $password <br/>";
$lID = mysql_connect($host, $user, $password);
if (!$lID) {
echo("connect failed");
}
$selectResult = mysql_select_db($database, $lID);
if(!$selectResult) {
$errno = mysql_errno($lID);
$error = mysql_error($lID);
echo("cannot select database <I>".$database."</I>");
}
return $lID;
}
//Here is the important part of the php file:
$query = $_POST['quest'];
if (strlen($query) > 0) {
$linkID = connect();
echo "linkID : $linkID<br/>";
echo "Query : $query <br/>";
$result = mysql_query($query, $linkID);
echo "<table border='2' cellspacing='0' cellpadding='6'>";
if (mysql_num_rows($result)>0) {
echo "<tr>";
//loop thru the field names to print the correct headers
$i = 0;
while ($i < mysql_num_fields($result)) {
echo "<th>". mysql_field_name($result, $i) . "</th>";
$i++;
}
echo "</tr>";
}
if($result) {
while($row = mysql_fetch_array($result,MYSQL_BOTH)) {
echo "<tr>";
//loop thru the fields
$i = 0;
while ($i < mysql_num_fields($result)) {
echo "<td>".$row[$i]."</td>";
$i++;
}
echo "</tr>";
}
}
}
?>
</body>
</html>
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
From novice to tech pro — start learning today.
foreach($_POST as $name => $value){
if(get_magic_quotes_gpc()=
$_POST[$name] = stripslashes($value);
}else{
}
}
at the beginning of the php code, so finally :
(this file has to be named index.php because the post method posts to itself, or change the form action to the file)
Open in new window