Results 1 to 5 of 5
  1. #1
    Join Date
    Oct 2008
    Location
    Midwest USA
    Posts
    71
    Plugin Contributions
    0

    Default How to use query_factory and ZC the database class?

    Hello All,

    I have been working on a couple of mods that may or may not be of value to others, the kind folks of this forum have helped me along and that is greatly appreciated. I have one problem however and need your help again.

    I have searched the forum high and low for days (about 5 days now) and after reading the API docs and the developers documentation, and trying to download the Book Mod referred to by DrByte and others (the book mod's link appears to be broken) I still haven't found the information I am looking for.

    I'll say up front that I am new to PHP and MySQL, but I am an experienced procedural programmer (on and off since 1983) with former SQL experience (in the old days) and I am just getting the hang of OOP constructs.

    Can someone help me or point me to documentation on how to use the built in query system?

    Specifically I need to know how to escape strings and "prepare" input. I have found the functions in query_factory and have an idea of how these work but I'm confused because I can't figure out where the dbs are set up (opened or initialized...) and how the query strings are constructed, called and tested... I am lost as to my next step.

    Below is a simple update script that I want to make Zen Cart Friendly, all is well until a user enters a character into a field (a string) that requires escaping (such as when they input an apostrophe in the mytest_title field I.E. "Mike's Gizmo") and the user hits submit...

    The apostrophe breaks the query and the script fails... I can hand code my own function to clean up strings and numeric vars etc... but I know this isn't the right way to do it for public Zen Cart Use...

    Code:
    <?php
    /**************************************************************************************
     * Simple Test myupdate.php
     **************************************************************************************/
     
    //Get database credentials
    require 'config_mytest.php';
    
    //Load the POST vars
    $mytest_id = $_POST['mytest_id'];
    $mytest_entry_count = $_POST['mytest_entry_count'];
    $mytest_title = $_POST['mytest_title'];
    $mytest_image = $_POST['mytest_image'];
    $mytest_image_caption = $_POST['mytest_image_caption'];
    $mytest_customer = $_POST['mytest_customer'];
    $mytest_product_name = $_POST['mytest_product_name'];
    $mytest_product_url = $_POST['mytest_product_url'];
    $mytest_product_model = $_POST['mytest_product_model'];
    $mytest_status = $_POST['mytest_status'];
    
    // connect to the mysql database server.
    mysql_connect ($dbhost, $dbusername, $dbuserpass);
    
    //select the database
    mysql_select_db($dbname) or die('Cannot select database');
    
    // Build the query.
    $query = "UPDATE mytest" .
    " SET mytest_entry_count = '".$mytest_entry_count."'," .
    " mytest_title = '".$mytest_title."'," .
    " mytest_image = '".$mytest_image."'," .
    " mytest_image_caption = '".$mytest_image_caption."'," .
    " mytest_customer = '".$mytest_customer."'," .
    " mytest_product_name = '".$mytest_product_name."'," .
    " mytest_product_url = '".$mytest_product_url."'," .
    " mytest_product_model = '".$mytest_product_model."'," .
    " mytest_status = '".$mytest_status."'" .
    " WHERE mytest_id = '".$mytest_id."'";
    
    
    //Run the query
    $result = mysql_query($query) or die(mysql_error());
    
    
    if ($result === TRUE) {
        echo "mytest table updated sucessfully."; } 
        else {
            printf("Could not update table:%s\n", mysql_error());
        }
            
    //link variable is equal to the referring page
    $link = $_SERVER['HTTP_REFERER'];
    //sends a header directly to the browser telling it to redirect the user to the referring page
    header("Location: $link");
    
    ?>
    Please ignore the extraneous code (the echos etc...) that was put in for testing purposes in the above script...

    I put forth an honest effort to figure this out on my own, and I simply can't give this mod to the public in it's current state so any help at this point would be greatly appreciated!

    Thanks in advance,

    Gary777

  2. #2
    Join Date
    Oct 2006
    Posts
    5,477
    Plugin Contributions
    11

    Default Re: How to use query_factory and ZC the database class

    $db->Execute ($db is a global object, you have to declare global if you want to use it inside a function)
    Check the db class for all the methods related, and their returns.
    I no longer provide installation support on forum for all my modules. However, if there are real bugs with the modules please feel free to contact me

  3. #3
    Join Date
    Aug 2005
    Location
    Arizona
    Posts
    27,761
    Plugin Contributions
    9

    Default Re: How to use query_factory and ZC the database class

    Gary777,

    eMail me at the mail in my profile(do not PM me), and make sure to ask for the book module and I will send it back to you
    Zen-Venom Get Bitten

  4. #4
    Join Date
    Oct 2007
    Location
    Los Angeles / Simi Valley
    Posts
    40
    Plugin Contributions
    0

    Default Re: How to use query_factory and ZC the database class

    I'm resurrecting this post as it was never properly answered, and I'm looking for something similar.

    I can't find a "list" of functions and their "proper way" of being called.

    just an idea for Gary777...
    Imput sanitation is rather important, and

    php's mysql_real_escape_string() should be built in into the function zen_prepare_db_imput <- not sure that's the actual name...

    running that and assiging it to the same variable should "sanitaize" your imput, and make sure that the query can not be broken like it happens for you...

    imagine what would happened if you typed

    "get this'; drop table costumers;"

    into the imput field... (assuming you are not using a zen_ table header or any other table header) you would basically loose the database of all your costumers, which would not be fun


    Another thing to pay attention to is the PHP htmlentities() which can be used to read back data from the database into an imput filed.

    imagine a

    <imput name="my_imput" value="$row['hello']" />

    and what would happen if $row['hello'] contains a " character...
    assume $row['hello']='mark "jonse" pain';

    the imput filed would not compute the correct value, but with

    <imput name="my_imput" value="htmlentities($row['hello'])" />

    there would be no problem.


    Hope that helps.


    Hope someone can address the "how to find a list of the function prototipes" question.
    Need anything done on your zen cart Shop that other people said was impossible? send me a PM, I'll be happy to discuss the situation :)

  5. #5
    Join Date
    Oct 2007
    Location
    Los Angeles / Simi Valley
    Posts
    40
    Plugin Contributions
    0

    Default Re: How to use query_factory and ZC the database class

    Somehow i'm unable to edit the previous message.
    I wanted to add the following...



    to initiate a call:
    Code:
    	global $db;
    	$mysql="SELECT * FROM `blog`";
    	$result = $db->Execute($mysql);
    	print_r($result);
    the result will look as foolows
    Code:
    queryFactoryResult Object
    (
        [is_cached] => 
        [resource] => Resource id #123
        [cursor] => 0
        [EOF] => 
        [fields] => Array
            (
                [id] => 1
            )
    
    )
    therefore the filed results are accessible through
    $result['fields']['Your_filed_name'];

    this is only the first result though, I'm checking on how to have this advance to display the second result.

    these are some of the function that operate on the queryFatoryResult that I have been able to scoop up... pretty obvious what they do...

    ->RecordCount()

    ->EOF (used in while (!$result->EOF) { } loop)

    ->MoveNext()
    Need anything done on your zen cart Shop that other people said was impossible? send me a PM, I'll be happy to discuss the situation :)

 

 

Similar Threads

  1. Replies: 3
    Last Post: 29 Aug 2012, 02:57 PM
  2. Replies: 1
    Last Post: 29 May 2012, 04:27 PM
  3. Replies: 7
    Last Post: 1 May 2007, 10:16 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR