|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
September 28th, 2000, 08:20 PM
|
|||
|
|||
|
I would like to be able to enter at least part of a SELECT SQL statement in an HTML form and have it return the results. But for obvious reasons I would like to limit this query to SELECTs
I am thinking that I will prepend a "SELECT " to the form data and strip out all semi-colons are commands that are available in a mysql client available in mysql_query()? (i.e. c -- clear, q -- quit, etc.) Is there anything else that I should be aware of that would allow a user to execute anything but a SELECT query? [This message has been edited by RyanP (edited September 28, 2000).]
|
|
#3
September 28th, 2000, 09:55 PM
|
|||
|
|||
|
i have a feeling that mysql client commands are not available in mysql_query() , but i just wanted to make sure
|
|
#4
September 29th, 2000, 01:19 AM
|
|||
|
|||
|
Hello Ryan, I am thinking about doing the same thing. I think your plan to prepend the "SELECT" to the form data is a good idea, but what happen if the user make a mistake in their select statement? How do you deal with that? What I meant is, how do you prevent the browser from display the stupid "Internal Server Error" message and display a nicer message that let the user know that their is something wrong with their statement. --DVN
|
|
| Viewing: Dev Shed Forums > Databases > MySQL Help > Creating a safe HTML form query template |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
