0

Hello I just need to point to right direction. I went a long way to make a [for most of you simple] code.

But now I am on crossroad if I should dig deeper in php or sql.

I manage to parse some web page and put the data need into sql database. The data looks like 

<a>name of the street</a> of course I need a name of the street without html

now

Can I put any mysql command through php? [that means I dig deeper into sql and just pass that command]

Or does php vs mysql commands have some limitation [wich means dig deeper into regex to get better result]

Yeah I found examples how to split rows in sql I am not just sure if I can pass them.

Smita Ahinave
  • 1,901
  • 7
  • 23
  • 42
QLsmPgrep
  • 11
  • 3
  • On what criteria would you split the (sample) text in what way into ....rows? – VolkerK Mar 11 '16 at 11:23
  • @VolkerK well thats what I have to find out, my real output is more complex. For this one I can imagine trim 3 chars from left and 4 from right. Split was the first idea before I dig deeper and found trim option. I dont need to store the html tags of course. rows maybe I should write columns? – QLsmPgrep Mar 11 '16 at 12:24

1 Answers1

1

There a three types of Database connections, or API's, in PHP; to keep this to the point, I am going to cover PDO.

Your question: Can I use complex SQL in PHP, meaning put anything into the query?
The Answer: Yes, you can - in fact, its just like running it inside the Database.

PHP is a weakly typed language meaning you do not need to use Ragex to do complex sequences.

An example here is joining rows for a deletion:

// Connecting to the database via PDO
$dsn = 'mysql: host=localhost; dbname=example';
$user = "user";
$password = "pass";
try {
   $db = new PDO($dsn, $user, $password);
   $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

// The query
$stmt = $db->prepare("DELETE t2.* FROM table t1 JOIN table1 t2 ON t1.column= t2.column");
if($stmt->execute()): echo 'Successfully deleted!'; endif; // Conditional statements

// note this returns a bool datatype so we can check if it was successful or not

To learn more about PDO you can use this manual.

Note: You may want to read up on SQL Injections if you're taking this approach - PDO is secure but injections come from user-code sides. (See integration of Classes and Scopes for security when using Databases).

Mysqli example (as requested):

$db = mysqli_connect("localhost","user","pass","name");
if($db->query("DELETE t2.* FROM table t1 JOIN table1 t2 ON t1.column= t2.column")):
    echo 'Deleted Successfully!';
endif;
Community
  • 1
  • 1
Jaquarh
  • 6,493
  • 7
  • 34
  • 86
  • thx a lot for a good info. I use very old book so I started with MYSQL. In meantime I tried to pass some commands and it works, so you r of course right. Thx for mentioning SQL injection, I imagine is hard to make a good code to avoid this type of vulnerability, but for testing its not the main concern right now. So after these months of php I have to go back again and learn basic sql syntax, hmm, more beyond basic I dont need simple insert or select :-). Hmm but link about sql injection look interesting a lot stuff to do :-). – QLsmPgrep Mar 11 '16 at 12:16
  • `mysqli` is a lot more straight forwards, I'll put an example in the answer for you. (mysqli *API* is used mainly for programs that are not using user input and for queries that are absolute - you **shouldn't** have injections if you're not passing **un-trusted** data). Use the `bind parameter` in **PDO** if you're passing un-trusted data. – Jaquarh Mar 11 '16 at 12:19
  • 1
    thx for another good hint bcs as you guessed my intention is not to create a web-shop (not interest in forms at all) so no user inputs. – QLsmPgrep Mar 12 '16 at 04:39