PHP, Grabbing Mysql Data

A users will post Form Data, sending to the server the Year and Number to query a MySql database with.
I am also showing here how to pick the correct table based on the user input of the Year. So depending on the Year chosen by the user, it will use the database appropriate to that year.
When the rows of data are returned we are also going to give each row and alternating color
These are the 2 colors being used,
$rowColors = Array(‘#BDBDBD’,’WHITE’); $i= 0;
and this colors the rows
echo ‘
‘;
echo “
Activity for the Year.”;
echo ”
“; echo “Year”;
echo “Number”;?>
?> $year = $row[‘year’];
$number = $row[‘number’];print <‘table’>;print ‘
‘;print ‘
‘.$year.”;
print ‘
‘.$number.”;
print ”;}print <‘/table’>;?>
Advertisements

Apostrophe Fix

PHP5.4-Myql 5+   –  APOSTROPHES, how to allow them in file names

Allow an apostrophe in a file name during the upload of a file.

This line is taking the data from within a page.  Meaning, I already passed the data, but before I insert it into MySql, I want to deal and allow the apostrohpe.

$file_name=mysqli_real_escape_string($mysqli,$file_name);

From a FORM Post we can also grab and deal with that apostrophe.

$file_name=mysqli_real_escape_string($mysqli,$_POST[‘file_name’]);

Insert into a mysql DB:

$mysql = INSERT into Table (file_name) VALUES (‘$file_name’);

 

In conclusion, we are using the mysqli real escape string to clean up the data from the user input.