AppGini Community Forums

A place where AppGini users can exchange ideas and help each other.
https://forums.appgini.com:443/phpbb/

Custom Page, Query Database

https://forums.appgini.com:443/phpbb/viewtopic.php?f=2&t=5631

Page 1 of 1

Custom Page, Query Database

Posted: 2025-06-11 14:33
by andrewlaw
What files should I include on a custom page to query the database?

Per the documentation, this is my current code:

Code: Select all

<?php
const PREPEND_PATH = '../';
$hooks_dir = __DIR__;
include("$hooks_dir/../lib.php");

include_once("$hooks_dir/../header.php");

/* grant access to all logged users */
$mi = getMemberInfo();
if(!$mi['username'] || $mi['username'] === 'guest') {
    echo "Access denied";
    exit;
}

echo "<p>Coming Soon</p>";

include_once("$hooks_dir/../footer.php");
I would like to use the sql method which is part of incFunctions.php (line 342) unless there is a better way to query the database. Do I just include incFunctions.php or will it already be included when I include header.php or should I include some other file?

Re: Custom Page, Query Database

Posted: 2025-06-11 19:15
by jsetzer
Just lib.php for using all available functions including authentication and sql/sqlValue functions.

If you need a custom page in default layout with navbar etc. also include header.php and footer.php. render your custom content between those.

Re: Custom Page, Query Database

Posted: 2025-06-11 20:54
by andrewlaw
Thanks - is there documentation on how custom queries should be made using the sql functions?

Re: Custom Page, Query Database

Posted: 2025-06-12 01:50
by jsetzer
https://bigprof.com/appgini/help/advanc ... erence#sql

https://bigprof.com/appgini/help/advanc ... e#sqlValue

Re: Custom Page, Query Database

Posted: 2025-06-12 20:37
by andrewlaw
Thanks, so would this be the correct syntax for an update?

Usual sql:

Code: Select all

	$sql = "UPDATE address SET latitude = {$coordinates['latitude']}, longitude = {$coordinates['longitude']} WHERE id = {$data['id']}";
	$result = db_query($sql);
The appGini way:

Code: Select all

        $sql = "UPDATE address SET latitude = :latitude, longitude = :longitude WHERE id = :id";
        $params = [":latitude" => $coordinates['latitude'], ":longitude" => $coordinates['longitude'], ":id" => $data['selectedID'];
        sql($sql, $params);

Re: Custom Page, Query Database

Posted: 2025-06-13 14:09
by andrewlaw
Turns out the sql function does not accept parameters (at least the type you would normally send to a sql function) which, in my opinion, creates an injection vulnerability.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/