Question : MySQL Query

I have set up a html form:
<FORM ACTION="http:// -----------" METHOD="post">
<INPUT TYPE='text" NAME="quest" SIZE="40" MAXLENGTH="100" VALUE="" />
etc.
and a php file that contains
$query = $_POST['quest'];

The idea is that an SQL Query is typed in as text and then that is passed to the php file which executes the query. It works sometimes, but doesn't work most of the time --- evidently that $_POST doesn't capture the query just as typed. (The php program works fine if I type the query in.

This is my first question to Experts-Exchange.

Answer : MySQL Query

You have to add :

foreach($_POST as $name => $value){
if(get_magic_quotes_gpc()==1){
$_POST[$name] = stripslashes($value);
}else{
}
}

at the beginning of the php code, so finally :

(this file has to be named index.php because the post method posts to itself, or change the form action to the file)

                       
         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:

           
           
             <html>
<head>
      <title>Premiere Products</title>
</head>
<body>
  <h1>Arnold-Jackson-Silacci-Nixon Genealogy</h1>
  <form action="index.php" method="post">
    <p>
      DB Server : <input type="text" name="host" value="localhost"></input><br/>
      Database Name: <input type="text" name="database" value="mysql"></input><br/>
      DB User : <input type="text" name="user" value="root"></input><br/>
      DB Password : <input type="text" name="password" value=""></input><br/>
      Query:
      <textarea NAME="quest" ROWS=4 COLS=40></textarea><BR />
    </p>
    <input TYPE="submit" NAME="submit" VALUE="Go!"/>
  </form>

<?php
  foreach($_POST as $name => $value){
   if(get_magic_quotes_gpc()==1){
    $_POST[$name] = stripslashes($value);
   }else{
   }
  }

  $linkID = 0;                      // Result of mysql_connect() 

  function connect() { 
    $host = $_POST['host'];           // Hostname of our MySQL server 
    $database = $_POST['database'];         // Logical database name on that server 
    $user = $_POST['user'];           // Database user 
    $password = $_POST['password'];   // Database user's password 
    
    echo "Host : $host <br/>";
    echo "Database : $database <br/>";
    echo "Username : $user <br/>";
    echo "Password : $password <br/>";
  
    $lID = mysql_connect($host, $user, $password); 
    if (!$lID) { 
      echo("connect failed"); 
    } 
    $selectResult = mysql_select_db($database, $lID); 
    if(!$selectResult) { 
        $errno = mysql_errno($lID); 
        $error = mysql_error($lID); 
        echo("cannot select database <I>".$database."</I>"); 
    } 
    return $lID;
  } 

  $query = $_POST['quest'];
  
  if (strlen($query) > 0) {
    $linkID = connect(); 
    echo "linkID : $linkID<br/>";

   //$query = mysql_real_escape_string($query, $linkID);
  
    echo "Query : $query <br/>";


    $result = mysql_query($query, $linkID);

    echo "<table border='2' cellspacing='0' cellpadding='6'>";

    if (mysql_num_rows($result)>0) { 
      echo "<tr>";
      //loop thru the field names to print the correct headers 
      $i = 0; 
      while ($i < mysql_num_fields($result)) { 
        echo "<th>". mysql_field_name($result, $i) . "</th>"; 
        $i++; 
      } 
      echo "</tr>"; 
    }

    if($result) {
      while($row = mysql_fetch_array($result,MYSQL_BOTH)) {
        echo "<tr>";
        //loop thru the fields
        $i = 0;
        while ($i < mysql_num_fields($result)) {
          echo "<td>".$row[$i]."</td>";
          $i++;
        }
        echo "</tr>";
      }
    }
   }
   
?>

</body>
</html>
           
         