Top

HTML Code view of C:\gystdoit\famed\fmquery2.php

02/01/2017 06:52:26 PM
Legend
Javascript Function Definition function name
Javascript Function Call function name
Div Tag Definition or Call DIV ID
PickList Control Definition PickList name
PickList Control Call PickList name
< HTML Tag >
Image or External Javascript URL
URL
In-page link
Comments
Javascript Functions
sanitizeString
Picklist Controls
Input Controls
<?php //fmquery2.php
require_once 'login.php';
$link = mysqli_connect($hn, $un, $pw, $db);

/* fmquery( $table, $slct ,$famindid, $cond, $ord)

fmquery executes and outputs results of query against family or fam_member table of the familygps mysql database

Parameters
$table "0" / "1" query source indicator :
"0" family table
"1" fam_member table
$slct Columns to select
Select all fields if blank
$famindid Query Target
Fam ID or
Ind ID to search for
$cond Additional WHERE clause conditions
$ord Overrides ID order

Example of call to this function

fmquery( "0", "mother,father, photo", 103)

queries the family table
displays the mother, father and photo values
for family identified by FAM ID: 103
*/

if (isset($_POST['famindid']))
{ $famindid = sanitizeString($_POST['famindid']);

$slctstr = $fromstr = $condstr = $ordstr = $slctcols[0] = $out = '';


if (isset($_POST['$slct']))
{ $slct = sanitizeString($_POST['$slct']);
$slctstr = 'SELECT ' . $slct;
$slctcols = explode(",",$slct);
} else {
$slctstr = 'SELECT * ';
}

if (isset($_POST['$famindid'])) $famindid = sanitizeString($_POST['$famindid']);

if (isset($_POST['$cond'])) $cond = sanitizeString($_POST['$cond']);

if (isset($_POST['$ord'])) $cond = sanitizeString($_POST['$ord']);

if ( $gpstable == "0") {
$fromstr = ' FROM family ';
$ordstr = ' ORDER BY fam_id';
if (($famindid) && ($cond)) {
$condstr = ' WHERE fam_id ="' . $famindid .'" AND ' . $cond;
} elseif ($famindid) {
$condstr = ' WHERE fam_id ="' . $famindid .'" ';
} elseif ($cond) {
$condstr = ' WHERE ' . $cond;
} else {
$condstr = ''; }
} else {
$fromstr = ' FROM fam_member ';
$ordstr =' ORDER BY ind_id';
if (($famindid) && ($cond)) {
$condstr = ' WHERE ind_id ="' . $famindid .'" AND ' . $cond;
} elseif ($famindid) {
$condstr = ' WHERE ind_id ="' . $famindid .'" ';
} elseif ($cond) {
$condstr = ' WHERE ' . $cond;
} else {
$condstr = '';
}

}
$ordstr = ( $ord) ? (' ORDER BY ' . $ord) : $ordstr;


/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit(); }

$parsedstmt = $slctstr . $fromstr . $condstr . $ordstr;

$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) die($conn->connect_error);

$query = $parsedstmt;

$result = $conn->query($query);
if (!$result) die($conn->error);

$rows = $result->num_rows;
$cols = $result->num_cols;

$out = $out . ' Returned ' . $rows . ' Rows <br><br> and ' . $cols . ' Columns<br><br>';

for ($j = 0; $j < $rows; ++$j)
{
$result->data_seek($j);
$row = $result->fetch_array(MYSQLI_NUM);
$counter = $j + 1 ;
$out = $out . '<br><br>';
for ($k = 0; $k < $cols; ++$k)
{
$out = $out . '<br>';
$out = $out . $row[$k ] . '<br>';
}
}

} else {
$out = '';
}


echo <<<_END
<html>
<head>
<title>Family GPS Lookup </title>
<link rel="stylesheet" type="text/css" href="SPC.CSS" />
</head>
<body>
<TABLE BORDER=1 > <TR><TD>

<form method="post" action="fmquery2.php">


<TABLE BORDER=1 >
<TR>
<TD> <h2> Family GPS Dynamic Query </h2>

</TD>
</TR>

<tr><TH> Table </TH>
<td>
<input type="radio" name="gpstable" id="fam_member" value="1" class ="fam_member" checked='checked' > Fam Member
<input type="radio" name="gpstable" id="family" value="0" class = "family" > Family<br>

</tr><tr>
<th> ID </th> <td> Family OR Individual ID <input type="text" name="famidindid" class="indid" size="10">
</td></tr>
<tr><TH> SELECT cols </TH></tr>
<tr><td> <input type="text" name="slct" class="slct" size="50">
</td></tr>
<tr><TH> Condition </TH></tr>
<tr><td> Individual ID <input type="text" name="cond" class="indid" size="7">
</td></tr>
<tr><TH> Order </TH></tr>
<tr><td> <input type="text" name="indid" class="ord" size="7">
</td></tr>
<TR>
<td> $picklist
</td>
</TR><TR>
<td> <input type="submit" value="Search">
</td></tr>
</TABLE>

<i>Search Family and/or
<br>Family Member table
<br>on ID number </i>
</form>

</TD><TD>
<br /><br />
<TABLE BORDER=1 ><TR><TH> Query Output </TH>
</TR>
<TR><TD> <b>$out</b> </TD>
</TR></TABLE>

</TD></TR></TABLE>
</body>
</html>
_END;

function sanitizeString($var)
{
$var = stripslashes($var);
$var = strip_tags($var);
$var = htmlentities($var);
return $var;
}

?>