A database for my data

From: Peter (BOUGHTONP)12 Dec 2008 19:10
To: ANT_THOMAS 68 of 158
quote:
Is it possible to use any other unique field to determine which one I want?

Yes.

quote:
Do I need to make the field a Primary or Unique or Indexed field or something?

No, but correctly indexing tables improves performances.

I can't remember your database structure (if you shared it), but you would make id your Primary key, and code could be either Indexed or Unique Indexed.
(Afaik, Unique is a constraint that prevents you INSERTing non-distinct code values, but doesn't affect SELECTing.)

Depending on other queries, you may benefit from adding other indexes/indices also - missing or incorrect indexes is a common cause of slow performance in database [web] apps.



quote:
Coding that is fine, but it doesn't pull the record out. I'm assuming it's because it's not indexed?


Nope - just to be clear - indexes affect how queries run, but not what they return. (Analogy: The index in the back of a book doesn't change what a book contains, but can speed up your searching for something.)

If you're doing the parameterized queries that Matt suggested before, you will need to use %s for this instead of %d, as the latter means decimal integer and your code looks to be a string.
From: Peter (BOUGHTONP)12 Dec 2008 19:18
To: ANT_THOMAS 69 of 158
quote:
$tablecode = $_GET['code'];
$query = "SELECT * FROM nmr WHERE code=$tablecode";

If code/$tablecode is a string, it needs to be quoted.


Except, if you simply wrap single quotes, I'll come and do:
http://domain/full.php?code=AT';DROP TABLE nmr;'

And kill all your data.
(well, I wouldn't, but an evil person might)


Unless of course you're just not showing the bit where you sanitize it, in which case I'm still going to shout at you - examples that don't use/show proper database sanitization mean that anyone who just copies and pastes the example will have code with bugs and security holes, which makes it easier for evil people to do bad things. :@
EDITED: 12 Dec 2008 19:21 by BOUGHTONP
From: ANT_THOMAS12 Dec 2008 19:23
To: Peter (BOUGHTONP) 70 of 158

Right. Quoting made it work. Thanks.

 

I still need to sort out protecting my database.

 

I may just password protect the site (fail)

From: Peter (BOUGHTONP)12 Dec 2008 19:35
To: ANT_THOMAS 71 of 158
quote:
I may just password protect the site

Depends how much you trust the rest of your group/etc?


Even if you trust them absolutely, I'd still getting into the habit of parametrising queries.

(Not sure about PHP, but with CFML the param-ing queries can further help performance as well, since it can cache one query execution plan for many queries, which is often more efficient.)



Oh, and whilst I'm thinking about it... since this is important data, you are backing up your database, right?

(Can be as simple as an automated mysqldump then zip the output and move somewhere.)
EDITED: 12 Dec 2008 19:35 by BOUGHTONP
From: ANT_THOMAS12 Dec 2008 19:38
To: Peter (BOUGHTONP) 72 of 158

Aye. I've been taking a backup every so often. But automated would be far more useful.

 

I also handwrite each entry in my lab book :D

From: Peter (BOUGHTONP)12 Dec 2008 19:55
To: ANT_THOMAS 73 of 158
Well there's an assortment of examples you could use on the mysqldump manual page:
http://dev.mysql.com/doc/refman/5.1/en/mysqldump.html

Some of them rather complex, but there's some simple ones there too.
From: ANT_THOMAS12 Dec 2008 20:09
To: Peter (BOUGHTONP) 74 of 158
Ok! I shall have a look at that. Thanks again.

Another question (yay) :

I want an input box where I can stick my 'code' (AT052 etc), click "Go to entry" and it takes me to fullc.php?='AT052'. This one I assume is painfully easy and really does show my lack of knowledge, or more so, what to search since I've been searching lots.

Found plenty of form code for sticking a URL in a box and going to it but I want to stick part of the URL in a box.

Ended up with this:
HTML code:
<form name="openlocation">
<input type="text" name="code" value="AT">
<input type="button" value="Go To" onClick="document.location = "fullc.php?="'document.openlocation.code.value';; ">
</form>

(Which clearly doesn't work)
From: Peter (BOUGHTONP)12 Dec 2008 20:47
To: ANT_THOMAS 75 of 158
I think you've got jQuery up and running? If so, you can do:
HTML code:
<input type="text" id="code" value="AT"/>
<button type="button" onclick="location.href='./fullc.php?code='+$j('#code').val();">Go To</button>



If not, it's slightly longer but not too bad:
HTML code:
<input type="text" id="code" value="AT"/>
<button type="button" onclick="location.href='./fullc.php?code='+document.getElementById('code').value;">Go To</button>
From: ANT_THOMAS12 Dec 2008 20:57
To: Peter (BOUGHTONP) 76 of 158

Yay, nearly there. Just the 'code' needs to be in single quotes in the final URL.

 

Though that now seems to have broken somehow :@

From: Peter (BOUGHTONP)12 Dec 2008 21:19
To: ANT_THOMAS 77 of 158
No no no no no - put the single quotes around the variable in the SQL query, not inside the code variable itself!

Otherwise you're just making things much more complicated for yourself.
From: ANT_THOMAS12 Dec 2008 21:29
To: Peter (BOUGHTONP) 78 of 158

Fantastic. Done. Sorted. Working. :D

 

Also, don't worry, I'll be keeping you occupied with more questions in the coming weeks/months. :Y

From: Ally13 Dec 2008 22:00
To: Peter (BOUGHTONP) 79 of 158
You do terrible things with HTML tags :-((
From: Peter (BOUGHTONP)13 Dec 2008 22:15
To: Ally 80 of 158
If by "terrible things" you mean use them properly as intended, then yes.
From: Ally13 Dec 2008 22:21
To: Peter (BOUGHTONP) 81 of 158
Well, not really. In this case it's just an internal project and it clearly doesn't matter and I'm just being pedantic. But a button with an onclick to change URLs is horrible.
From: Peter (BOUGHTONP)13 Dec 2008 23:40
To: Ally 82 of 158
Hmmm... actually you're right - should have done a form with method=get instead of the onclick stuff; I was just 'fixing' what was there, rather than thinking properly. :(
From: Ally13 Dec 2008 23:48
To: Peter (BOUGHTONP) 83 of 158
Meh, it rarely matters in situations like this one. BUT YES YOU SHOULD HAVE B-)
From: ANT_THOMAS13 Dec 2008 23:55
To: Ally 84 of 158
I can't believe he's been fobbing me off with poorly thought out code :((
From: Peter (BOUGHTONP)13 Dec 2008 23:57
To: Ally 85 of 158
It always matters. :( An undisciplined mind leads to sloppy thinking, which leads to inefficiency and results in not having a new personal website for half a decade. :((
From: Peter (BOUGHTONP)14 Dec 2008 00:01
To: ANT_THOMAS 86 of 158
Please accept my humble apologies. :$


Here is what I should have given you:
HTML code:
<form action="./fullc.php" method="get">
	<input type="text" name="code" value="AT"/>
	<button type="submit">Go To</button>
</form>
From: ANT_THOMAS14 Dec 2008 00:09
To: Peter (BOUGHTONP) 87 of 158

(hug)

 

I might just keep the original code :P

 

Anyway, what makes this "better"?