WordPress.org

Ready to get started?Download WordPress

Forums

WPDB and PHP (7 posts)

  1. Shaotzu
    Member
    Posted 2 years ago #

    I'm trying to utilize some existing queries from an old site to a SQL database via PHP and just trying to figure out how to change the PHP code correctly.

    My old method was I had a "Connection" file that contained needed variables and then called the database table via:

    $select=$_GET['id'];

    mysql_select_db($database_Dbase, $Dbase);
    $query_Break = "SELECT * FROM TB WHERE TB.id='$select'";
    $Break = mysql_query($query_Break, $Dbase) or die(mysql_error());
    $row_Break = mysql_fetch_assoc($Break);
    $totalRows_Break = mysql_num_rows($Break);

    Apparently, I should be using the wpdb, but not quite sure how it will change my calls.

  2. Tejaswini
    Member
    Posted 2 years ago #

    You can use the code as follows:

    global $wpdb;
    
    $select=$_GET['id'];
    $query_Break = "SELECT * FROM TB WHERE TB.id='$select'";
    $Break=$wpdb->get_results($query_Break, ARRAY_A);
    $totalRows_Break = count($Break);
    
    foreach( $Break as $row_Break ) {
      $idvalue=$row_Break['id'];
    }

    In fact, you can get the $row_Break row (associative array) as

    $row_Break=$Break[0];

    Hope this helps somehow!

    Best Regards,
    Tejaswini

  3. Marble23
    Member
    Posted 2 years ago #

    Note: That code is bad. Its a text book case for sql injection. I'd advise against doing it like that and never pass variables directly from the URL into sql queries. You need to explicitly check $_GET['id'] before doing this.

    $select=$_GET['id'];
    
    mysql_select_db($database_Dbase, $Dbase);
    $query_Break = "SELECT * FROM TB WHERE TB.id='$select'";
  4. Wampum
    Member
    Posted 2 years ago #

    Data validation methods for WordPress are here http://codex.wordpress.org/Data_Validation

  5. Tejaswini
    Member
    Posted 2 years ago #

    You can validate the id (as it seems to be an integer) as follows:

    $select = (int) $select;

    and then use $select in your SQL query

  6. Shaotzu
    Member
    Posted 2 years ago #

    Thanks for the help guys! It's working perfectly. And yes - the id validation is an integer and that works well.

  7. rjmman
    Member
    Posted 1 year ago #

    So this 'gets' the variable. How is it passed? I've been trying to use this without any success:
    echo "<td>".$username."</td>";

    But doing this doesn't get it in the link to page:

    $user_input = $_GET['user'];

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags