mysql - PHP SQL QUERY - Filtering with Query, multiple values for item -
i have been learning php/mysql time, have not learned much, focusing on iphone development tackling full time job well.
i building mesaging client, using json pull new messages , chat windows.... part having ap roblem getting information database. loking in request messages betwen people (ie: fromuser , touser) , display them in json, cannot display in json reason.
here example
<?php $enduser = $_get['usernameto']; $enduser1 = $_get['usernamefrom']; $db = mydatabase; $con = mysql_connect("localhost","admin","password"); if (!$con) { die('could not connect: ' . mysql_error()); } mysql_select_db($db, $con); $arr = array(); //execute query $rs = mysql_query("select * messages touser = '$enduser' , fromuser = '$enduser1'"); $rs1 = mysql_query("select * messages touser = '$enduser1' , fromuser = '$enduser'"); // add rows array while($obj = mysql_fetch_object($rs)) { $arr = $obj; } // add rows array while($obj1 = mysql_fetch_object($rs1)) { $arr1 = $obj1; } echo '{"users":'.json_encode($arr).' '.json_encode($arr1).'}'; // echo ''.json_encode($arr).''; mysql_close($con); ?> now show messages example fromuser= user1 touser= user2 , shows fromuser= user2 , touser = user1. in 2 seperate json lists, them pulled on 1 simple json list, if can done, amazing, know must lay in query section...
i know tons of vulnerabilities , issues code not "clean" time been doesn't need follow methods, until go , learn how follow sqli , real escape strings/injections....
thanks :-)
the comment learning sql injection correct able messages in 1 query:
select * messages (touser = '$enduser' , fromuser = '$enduser1') or (touser = '$enduser1' , fromuser = '$enduser') this should select looking for.
Comments
Post a Comment