Continued from PHP and sqlite page 1
Query Database
- Query the Database
- Two parts – the query part and the results from the query.
- query.html
<html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>query</title> </head> <body> <h1>Query the Database</h1> <p>Build the query. It will look like <i>Select What <content of what> from Table where <content of where></i><br> </p> <p>Fields are ID, Name, Image, Description<br> </p> <form method="post" action=result.php> <h2>Select <br>Fields <input name="what" type="text"> <br>From Minerals <br>Where <input name="where" type="text">;<br> <input type="submit"></h2> </form> </body> </html>
- result.php
<?php
class MyDB extends SQLite3 {
function __construct($dbname) {
$this->open($dbname);
}
}
// Open the DB
$db = new MyDB('minerals');
// Pick up the form fariables
$what = $_POST['what'];
// Look for anything fishy. Punt if there is.
if (preg_match('/;|"|\'|insert|drop|join|alter|delete|select|update|where/i', $what)) {
echo "<html><head><meta http-equiv=\"refresh\" content=\"0;URL='query.html'\" />";
exit;
}
// Check if there should be a where clause.
if ($_POST['where'] != "") {
$where = $_POST['where'];
// Check the where clause too:
if (preg_match('/;|"|insert|drop|join|alter|delete|select|update|where/i', $where)) {
echo "<html><head><meta http-equiv=\"refresh\" content=\"0;URL='query.html'\" />";
exit;
}
$whereClause = "where ". $where;
} else {
$whereClause = "";
}
// Build the query
$sql = "select $what from Minerals $whereClause";
// Execute the query
$result = $db->query($sql);
// Is there a result?
if ($result) {
echo "<table border=\"2px\"><tr>";
// Get and display the field names for the result as a table
$columns = $result->numColumns();
for($i = 0; $i < $columns; $i++) {
$fields[$i] = $result->columnName($i);
echo "<td><b><center>$fields[$i]<center><b></td>";
}
echo "</tr>";
// Fetch rows of the result indexed by field name and display
while($row = $result->fetchArray(SQLITE3_ASSOC) ) {
$outval = "";
echo "<tr>";
foreach($fields as $field ) {
if($field == "Image") {
$outval = $outval . "<td><img src=".$row[$field]."></td>";
} else {
$outval = $outval . "<td>$row[$field]</td>";
}
}
echo $outval;
echo "</tr>";
}
echo "</table>";
} else {
echo "No results!";
}
?>
Things to note about what I have done to the PHP Config:
-
Display Errors
- Centos: /etc/php.ini
- Raspbian /etc/php5/apache2/php.ini
-
Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/display-errors
display_errors = On
-
Default Value: On
- I turn display_errors on so that the errors are displayed on
the web page. As you can imagine a bad idea in a
production machine. Leave the errors in the log file.
-
Pretty Printing
- Centos:
- /etc/httpd/conf.d/php.conf
- #
# Uncomment the following line to allow PHP to
pretty-print .phps
# files as PHP source code:
#
AddType application/x-httpd-php-source .phps
- #
- /etc/httpd/conf.d/php.conf
- Raspbian:
- /etc/apache2/mods-enabled/php5.conf
- FilesMatch”.+\.phps$”>
SetHandler application/x-httpd-php-source
# Deny access to raw php sources by default
# To re-enable it’s recommended to enable access to the files
# only in specific virtual host or directory
###DR #Require all denied
- FilesMatch”.+\.phps$”>
- /etc/apache2/mods-enabled/php5.conf
- Again, this is a security issue. You don’t want to
leave .phps files laying about, or allow this feature to be
enabled on production (facing the Internet) servers.
- Centos: