Hi All,
I am trying to create a website that allows a user to enter an SQL string into a text field which is used to query a database and display results.
The catch is that it has to done via the use of CGI.
I have heard that this can be accomplished by using the $_SERVER variable in the processing page, and that a parser would also have to be written.
The code I currently have for my processing page looks like this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Result Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<?php
Acquire SQL string and output on page
$sql_query = $_POST['sql_textfield'];
echo "Your SQL Query was: <b>$sql_query</b>"."<br>"."<br>"."<b>Results</b>"."<br>"."<br>";
Declare variables
$host = 'localhost';
$user = 'user_02015072';
$passwd = 'password';
$dbname = 'db_02015072';
Connect to database
$link = mysql_connect($host, $user, $passwd);
Connect to the database and output results
if ( isset($sql_query) && $sql_query != "" ) {
mysql_select_db($dbname,$link);
$sql_query = stripSlashes($sql_query);
$result = mysql_query($sql_query,$link);
if ( $result == 0 ) {
echo "Error " . mysql_errno() . ":" . mysql_error();
} elseif ( !is_resource($result) ) {
echo "Query executed successfully";
} else {
echo "<table><thead><tr><th class=\"idx\">Row</th>";
for ( $i = 0 ; $i < mysql_num_fields($result) ; $i++ ) {
echo "<th>" . mysql_field_name($result,$i) . "</th>\n";
}
echo "</tr></thead>\n<tbody>";
for ( $i = 0 ; $i < mysql_num_rows($result) ; $i++ ) {
echo "<tr><td class=\"idx\">" . ($i + 1) . "</td>";
$row = mysql_fetch_row($result);
for ( $j = 0 ; $j < mysql_num_fields($result) ; $j++ ) {
echo "<td> " . $row[$j] . "</td>";
}
echo "</tr>\n";
}
echo "</tbody></table>";
}
}
?>
<form name="form1" method="get" action="start.php">
<input type="submit" name="Submit" value="< Back">
</form>
</body>
</html>
The query page can be seen here (part 3):
http://www.comp.glam.ac.uk/students/02015072/SE3S04_AvancedInternetDevelopment/Assignment_2/start_2.php
My database tables look like this:
http://www.comp.glam.ac.uk/students/02015072/degree.jpg
http://www.comp.glam.ac.uk/students/02015072/student.jpg
As you can see, I am using $_POST at the moment.
How would I be able to modify this code to turn it into a CGI script?
Many Thanks,
dai.hop
