Advanced Search

Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Strip Characters

  1. #1
    Join Date
    Apr 2006
    Posts
    190
    Thanks
    3
    Thanked 7 Times in 7 Posts

    Default Strip Characters

    I have 2 MySQL Databases and I want to link them together.

    What I am trying do is when you brin up a record say record ID in one DB is RMA-4598 and in the other the record ID is 4598. What I want to do is Strip the RAM- off so im left with 4598 and have the 4598 place into a mySQL query string


    PHP Code:
    <? 
    mysql_connect
    ("localhost","root","rootpass"); 
    mysql_select_db("service"); 

    if(
    $_GET["cmd"]=="view" || $_POST["cmd"]=="view")
    {
        
    $id $_GET["id"];
        
    $sql "SELECT * FROM service WHERE id=$id";
        
    $result mysql_query($sql);        
        
    $myrow mysql_fetch_array($result);
    }
    ?>

    The RMA field for the DB code above is
    PHP Code:
    <?php echo $myrow["svc"?>
    So i want to strip RMA- from the SVC number and use it as the ID for another DB

    PHP Code:
    <? 
    mysql_connect
    ("localhost","root","rootpass"); 
    mysql_select_db("service"); 

    if(
    $_GET["cmd"]=="view" || $_POST["cmd"]=="view")
    {
        
    $id $_GET["id"];
        
    $sql "SELECT * FROM rma WHERE id=$id";
        
    $result mysql_query($sql);        
        
    $myrow mysql_fetch_array($result);
    }
    ?>
    Once i get that down i should be able to load the Data From both DB's and display on screen.

  2. #2
    Join Date
    Dec 2004
    Location
    UK
    Posts
    2,358
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by NXArmada
    I have 2 MySQL Databases and I want to link them together.
    It really is in your best interest to use the right terms: you have two tables or relations in a single database.

    What I am trying do is when you brin up a record say record ID in one DB is RMA-4598 and in the other the record ID is 4598. What I want to do is Strip the RAM- off so im left with 4598 and have the 4598 place into a mySQL query string
    Use the built-in SQL SUBSTRING(str [FROM off [FOR len]]) function. In your example,

    Code:
    SELECT SUBSTRING('RMA-4598' FROM 5)
    would return '4598'.

    To perform a join, you could use something like:

    Code:
    "SELECT * FROM rma WHERE id=SUBSTRING((SELECT svc FROM service WHERE id=$id) FROM 5)"
    The subquery finds the tuple containing the matching id value, and returnings the value from the 'svc' attribute. The SUBSTRING function then removes the first four characters ('RMA-') and that value is then used in the condition for the outer query.

    PHP Code:
        $id $_GET["id"];
        
    $sql "SELECT * FROM service WHERE id=$id"
    I really hope that you aren't using data sent with the request directly within a SQL query. That's asking for trouble.

    Mike

  3. #3
    Join Date
    Apr 2006
    Posts
    190
    Thanks
    3
    Thanked 7 Times in 7 Posts

    Default

    This is for an Intranet.

    But thanks i well try our what you posted.

  4. #4
    Join Date
    Apr 2006
    Posts
    190
    Thanks
    3
    Thanked 7 Times in 7 Posts

    Default

    Thanks mwinter that was exactly what i wanted.

  5. #5
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,878
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    This is for an Intranet.
    That's still asking for trouble, unless you happen to trust every single user (and potential user) of that intranet with all the data in that database, and with the power to insert, alter and delete data. That's the sort of privileges the perpetrator of an SQL injection attack can expect from most SQL setups. It is possible to restrict SQL users' permission to just that necessary, but I doubt you've done that; in any case, it's still more power than you really want to entrust to people you don't know.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  6. #6
    Join Date
    Apr 2006
    Posts
    190
    Thanks
    3
    Thanked 7 Times in 7 Posts

    Default

    Well the pages that the user see dont have any fields to change it just displaying a record for print you can't change anything.

  7. #7
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,878
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    Doesn't matter, it's still being passed from the browser to the server (using GET, even worse), and so can be arbitrary content.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  8. #8
    Join Date
    Apr 2006
    Posts
    190
    Thanks
    3
    Thanked 7 Times in 7 Posts

    Default

    what would you suggest?

  9. #9
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,878
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    Firstly, you need to keep a reference to the connection. You should have done this anyway.
    Code:
    $conn = mysql_connect("localhost","root","rootpass");
    You can then encode the query:
    Code:
    $id = mysql_real_escape_string($_GET["id"], $conn);
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends franšais | entiendo espa˝ol | t˘i Ýt hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  10. #10
    Join Date
    Apr 2006
    Posts
    190
    Thanks
    3
    Thanked 7 Times in 7 Posts

    Default

    Thanks Twey i well give that a try.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •