Control SQL query through URL?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Publisher Bucks
    Confirmed User
    • Oct 2018
    • 1330

    #1

    Tech Control SQL query through URL?

    Im trying to figure out how to run an sql query via a url with a string appended to it like this:

    domain.com/collection.php?keyword=chicken%garlic

    That would display a listing of recipes where the ingredients specifically contained both chicken and garlic.

    This is what I have in my regular SQL statement in the coding, how would I make it so that the URL controls the SQL query itself?

    $con=mysqli_connect("localhost","user","pass","dat abase");

    $result = mysqli_query($con,"SELECT * FROM Recipe WHERE Ingredient REGEXP '(?=.*chicken)(?=.*garlic)' ORDER BY RAND() LIMIT 10;");
    Is this even possible without significantly changing what I already use for the pages SQL query?

    The end goal is to be able to randomly list a bunch of specific recipes from the database in their own page, kind of like how sites like TasteofHome and BHG do for their visitors as a 'recipe collection' article.

    So in this instance, that url when clicked would display some filler content, with a dynamically generated listing of 10 (or however many I choose) random recipes that contain both chicken and garlic in their ingredients.

    As I undertand it, I'll need to put an escape string in the page somewhere to(?)

    Any help/pointers would be greatly appreciated.
    Extreme Link List - v1.0
  • k0nr4d
    Confirmed User
    • Aug 2006
    • 9231

    #2
    Untested, and assuming your regex is correct.


    domain.com/collection.php?keyword=chicken|garlic

    $keywords = explode("|",$_GET['keyword']);
    foreach($keywords as $i) {
    $output[] = "(?=.*".mysqli_real_escape_string($con,$i).")" ;
    }
    $result = mysqli_query($con,"SELECT * FROM Recipe WHERE Ingredient REGEXP '".implode("",$output)."' ORDER BY RAND() LIMIT 10");
    Mechanical Bunny Media
    Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development

    Comment

    • Publisher Bucks
      Confirmed User
      • Oct 2018
      • 1330

      #3
      Originally posted by k0nr4d
      Untested, and assuming your regex is correct.


      domain.com/collection.php?keyword=chicken|garlic

      $keywords = explode("|",$_GET['keyword']);
      foreach($keywords as $i) {
      $output[] = "(?=.*".mysqli_real_escape_string($con,$i).")" ;
      }
      $result = mysqli_query($con,"SELECT * FROM Recipe WHERE Ingredient REGEXP '".implode("",$output)."' ORDER BY RAND() LIMIT 10");
      Thank you.

      That gives me something to work off, its tossing out a few SQL errors but I can get those fixed.

      Appreciate the assistance
      Extreme Link List - v1.0

      Comment

      • V_RocKs
        Damn Right I Kiss Ass!
        • Nov 2003
        • 32449

        #4
        domain.com/collection.php?keyword=chicken%garlic'--; SELECT * from...

        Comment

        • fuzebox
          making it rain
          • Oct 2003
          • 22351

          #5
          Originally posted by V_RocKs
          domain.com/collection.php?keyword=chicken%garlic'--; SELECT * from...

          Comment

          Working...