-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpokemon_of_type.php
More file actions
72 lines (54 loc) · 1.3 KB
/
pokemon_of_type.php
File metadata and controls
72 lines (54 loc) · 1.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<?php
include('connectionData.txt');
$conn = mysqli_connect($server, $user, $pass, $dbname, $port)
or die('Error connecting to MySQL server.');
?>
<html>
<head>
<title>Pokemon Type Query</title>
</head>
<body bgcolor="white">
<hr>
<?php
$ptype = $_POST['ptype'];
$ptype = mysqli_real_escape_string($conn, $ptype);
// this is a small attempt to avoid SQL injection
// better to use prepared statements
$query = "SELECT pokemon_id, name, COALESCE(type_2, 'None') as other_type FROM pokemon WHERE type_1 LIKE '$ptype' UNION SELECT pokemon_id, name, COALESCE(type_1, 'None') as other_type FROM pokemon WHERE type_2 LIKE '$ptype' ORDER BY pokemon_id;";
?>
<p>
The following query was submitted to the pokemon database:
<p>
<?php
print $query;
?>
<p>
<hr>
<p>
<?php
$result = mysqli_query($conn, $query)
or die(mysqli_error($conn));
print "<pre>";
if(! mysqli_num_rows($result))
{
print "There are no pokemon matching your query! '$ptype' may be an invalid type! Please try a different type!";
}
else
{
print "Pokedex No.\tName\t\tSecondary Type\n";
while($row = mysqli_fetch_array($result, MYSQLI_BOTH))
{
print "\n";
print "$row[pokemon_id]\t\t $row[name]\t\t $row[other_type]";
}
}
?>
<?php
print "</pre>";
mysqli_free_result($result);
mysqli_close($conn);
?>
<p>
<hr>
</body>
</html>