php-general Digest 25 May 2011 14:38:59 -0000 Issue 7328

[php-general-digest-help]

php-general Digest 25 May 2011 14:38:59 -0000 Issue 7328

Topics (messages 313137 through 313152):

simple question abt convert to integer
        313137 by: Negin Nickparsa
        313138 by: Bálint Horváth
        313139 by: Negin Nickparsa
        313140 by: Negin Nickparsa
        313141 by: Negin Nickparsa
        313142 by: Bálint Horváth
        313143 by: Negin Nickparsa
        313144 by: Paul M Foster
        313145 by: Bálint Horváth
        313146 by: Vitalii Demianets
        313147 by: Bálint Horváth
        313148 by: Ashley Sheridan
        313149 by: Andre Polykanine
        313152 by: Negin Nickparsa

Re: WHERE field = a range of values (value
        313150 by: Paul S

How can a UTF-8 string can be converted to  an array of Bytes?
        313151 by: Eli Orr (Office)

Administrivia:

To subscribe to the digest, e-mail:
        php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-gene...@lists.php.net


----------------------------------------------------------------------

--- Begin Message ---

my code is this:
$query1="select * from patient where id=".$_POST['txt'];
it works but
i think because i have error in next line:
*Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
given

$num2=Mysql_num_rows($result1);

i echoed $ query1 and the result was this=>select * from patient where id=1
maybe  it can't convert $_POST['txt'] from String to integer and then it
can't get my $num
it is int in my mysql
how can i correct $query1?

--- End Message ---

--- Begin Message ---

Hi,
I've a simply idea...
If you have integer in your mysql, don't use " at that field in the query...
Try this:
$query="select * from patient where id=".$id."";
There isn't apostrofy in the mysql query...

Bálint Horváth
On 25 May 2011 06:06, "Negin Nickparsa" <nickpa...@gmail.com> wrote:
> my code is this:
> $query1="select * from patient where id=".$_POST['txt'];
> it works but
> i think because i have error in next line:
> *Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
> given
>
> $num2=Mysql_num_rows($result1);
>
> i echoed $ query1 and the result was this=>select * from patient where
id=1
> maybe it can't convert $_POST['txt'] from String to integer and then it
> can't get my $num
> it is int in my mysql
> how can i correct $query1?

--- End Message ---

--- Begin Message ---

$id=(int)$_POST['txt'];
$query1="select * from patient where id=".$id."";
echo $query1;
$result1=mysql_query($query1);

echo $result1;
$num2=Mysql_num_rows($result1);
$num3=Mysql_num_fields($result1);

still it has previous error

Here is my output:select * from patient where id=1
*Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
given in

*Warning*: mysql_num_fields() expects parameter 1 to be resource, boolean
given in **

--- End Message ---

--- Begin Message ---

Bálint Horváth,
the second post of me is using your idea
your idea is working but why i have error still?

--- End Message ---

--- Begin Message ---

$result1=mysql_query($query1);

echo $result1;

it can't echo $result1
i don't know why?

--- End Message ---

--- Begin Message ---

If the query is incorrect u get boolean: false, if its correct u get a
resource id...

Bálint Horváth
On 25 May 2011 06:28, "Negin Nickparsa" <nickpa...@gmail.com> wrote:

--- End Message ---

--- Begin Message ---

i recieve nothing not a resource id and nore false

--- End Message ---

--- Begin Message ---

On Wed, May 25, 2011 at 08:57:18AM +0430, Negin Nickparsa wrote:

> $id=(int)$_POST['txt'];
> $query1="select * from patient where id=".$id."";

You're not *thinking* about what you're doing. The above is silly. Think
about it: you're sending a string to MySQL. If $_POST['txt'] returns a
string which looks like the number 1, then

$query1 = "select * from patient where id = $_POST[txt]";

should suffice. If you like, test $_POST['txt'] first by echoing it.


> echo $query1;
> $result1=mysql_query($query1);

Ideally, you should be calling this function with an added "connection"
parameter. Like this:

$link = mysql_connect($connection_stuff);
$result1 = mysql_query($query1, $link);

It's not *necessary*, but advisable.

mysql_query() returns a "resource" object, unless there is a problem. If
there is a problem, then it returns FALSE. You can check what it returns
this way:

if (is_resource($result1))
        print "It's a resource!";
elseif ($result1 === FALSE)
        print "It's false!";
else
        print "I don't know what the heck it is!";

> 
> echo $result1;

I don't know what you'll get from this "echo" if $result1 truly is a
resource. But if it's false, you won't get much. $result1 should be a
"resource" object, which means it's opaque. You can't know what's in it
unless you use a "helper" function like mysql_num_rows(), etc.

> $num2=Mysql_num_rows($result1);
> $num3=Mysql_num_fields($result1);
> 
> still it has previous error
> 
> Here is my output:select * from patient where id=1
> *Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
> given in
> 
> *Warning*: mysql_num_fields() expects parameter 1 to be resource, boolean
> given in **

Your error messages clearly mean that 1) you're not getting a proper
resource object back from mysql_query(), or 2) you're somehow changing
$result1 into a boolean before passing it to these other functions. But
I suspect it's #1 above.

Please see the documentation for these functions at php.net. It may
even be available in your native language.

Paul

-- 
Paul M. Foster
http://noferblatz.com
http://quillandmouse.com

--- End Message ---

--- Begin Message ---

Problem solved succesfully after changed the query integer apostrofyless..
and printed the mysql_errno() and mysql_error()...

Remember:
-In the script languages as php the apostrofy ' or " or sg. like these means
the string marker...
-While ure developing show all error codes and messages...
-If ur query contains errors u'll not get the resource id to use just a
false boolean...
-..and always check u don't have empty variables... :D

Let's ride PHP!

Bálint Horváth
(Valentine)
On 25 May 2011 06:57, "Negin Nickparsa" <nickpa...@gmail.com> wrote:
> :D
> tnx very much
> *Notice*: Undefined variable: query in *D:\phpweb\Doctor.php* on line *45*
> 1065:Query was empty

--- End Message ---

--- Begin Message ---

On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
> my code is this:
> $query1="select * from patient where id=".$_POST['txt'];
> it works but

Holy Jesus!
Can't wait to send to your server POST request with txt="1;DROP DATABASE; --"

Of course, if you'll  switch to prepare statement instead of string embedding 
there will be no much fun.

-- 
Vitalii

--- End Message ---

--- Begin Message ---

Of course have to use filters and etc...

Bálint Horváth
On 25 May 2011 09:53, "Vitalii Demianets" <vi...@nppfactor.kiev.ua> wrote:
> On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
>> my code is this:
>> $query1="select * from patient where id=".$_POST['txt'];
>> it works but
>
> Holy Jesus!
> Can't wait to send to your server POST request with txt="1;DROP DATABASE;
--"
>
> Of course, if you'll switch to prepare statement instead of string
embedding
> there will be no much fun.
>
> --
> Vitalii
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

--- End Message ---

--- Begin Message ---

"Vitalii Demianets" <vi...@nppfactor.kiev.ua> wrote:

>On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
>> my code is this:
>> $query1="select * from patient where id=".$_POST['txt'];
>> it works but
>
>Holy Jesus!
>Can't wait to send to your server POST request with txt="1;DROP
>DATABASE; --"
>
>Of course, if you'll  switch to prepare statement instead of string
>embedding
>there will be no much fun.
>
>--
>Vitalii
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php

Prepared statements aren't the only solution, a decent bit of filtering would 
work too. In the OPs example he only needed an int, so something like:

$val = intval($_POST['txt']);

Would do the trick. It just means that the value is safe (or at least in an 
expected range) for use elsewhere in the code, it may not necessarily only be 
restricted to a DB query.


Thanks
Ash
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

--- End Message ---

--- Begin Message ---

Hello Negin,
$query1="select * from patient where id=".$_POST['txt'];
$result1=mysql_query($query1);
$rows=mysql_num_rows($result1);
Note: you *didn't* execute the query by calling mysql_query on it.

-- 
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion

------------ Original message ------------
From: Negin Nickparsa <nickpa...@gmail.com>
To: php-gene...@lists.php.net
Date created: , 7:05:18 AM
Subject: [PHP] simple question abt convert to integer


      my code is this:
$query1="select * from patient where id=".$_POST['txt'];
it works but
i think because i have error in next line:
*Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
given

$num2=Mysql_num_rows($result1);

i echoed $ query1 and the result was this=>select * from patient where id=1
maybe  it can't convert $_POST['txt'] from String to integer and then it
can't get my $num
it is int in my mysql
how can i correct $query1?

--- End Message ---

--- Begin Message ---

Tnx to all:D
Paul you are absolutly right:D
it was a bad mistake from me
there was no need 2 convert it
Balint helped me n with mysql_error i found that
my code hasn't any mistake
i just forgot the BIG thing!
selecting db:D
i totally forgot it because i had array keys with if statement n in there i
selected it
but in the last one of them i forgot 2 set the selection of DB
Ashley what is OP? and filtering i didn't understand
Andre why u r telling me
Note: you *didn't* execute the query by calling mysql_query on it.
if it doesn't execute the query then what's it doing?
Reply
Vitalli believe me that i tried it n i can send the string without  error i
tried it:
$query1="select * from patient where id=".$_POST['txt'];
it works! after i found my error i tried it 2 n it was right!!!

--- End Message ---

--- Begin Message ---

On Tue, 24 May 2011 23:47:47 +0700, "Paul S" <pau...@roadrunner.com> wrote:

On Tue, 24 May 2011 21:09:34 +0700, "Richard S. Crawford" <rscrawf...@mossroot.com> wrote:

On Tue, May 24, 2011 at 6:51 AM, Paul S <pau...@roadrunner.com> wrote:

I'd like to check a table to retrieve rows for which one field equals one

of a set of values

....
#get products(fields) in category list
   while ($row = $db_connect->fetch_array($productsincategory_list)) {
      $product = $row ['selection'];
      $fields = "$fields" . " $product,";
   }
   $fields = substr($fields,'',-1);

###### echo "$fields<br><br>";
###### $fields = Prod1, ProD2, Prod3

This ...

$db_connect->fetch_array($sql_result);

$store_result = $db_connect->query("select * from $sql_usertable WHERE
(($sql_usertable.product1 = '($fields)')||( $sql_usertable.product2 =
'($fields)')||($sql_usertable.product3 = '($fields)')) order by id desc
limit $entry, $entries_per_page");

doesn't work. It selects nothing (obviously because no single field equals

' (Prod1, Prod2, Prod3) '). But it's the idea. Can I change the:

= '($fields)'

syntax I'm trying?

The actual select checks more fields for this or that and gets more
complicated so I'd like to keep this as simple
as possible. I would like to do this without UNIONS (in one pass) if
possible (my
dbsql.php doesn't seem to go beyond regular query).

Try "in":

where productx in (Prod1, Prod2, Prod3)

THANKS. You saved me another day of frustration trying UNION! :-)

In addition your answer also got me here:
http://dev.mysql.com/doc/refman/4.1/en/comparison-operators.html

Except when $fields = '' (blank) >>> MySql error. Can put in if but leaves an undefined resource (warning). Any way to initialize a resourse? ($store_result = $db_connect->query)?

--
Using Opera's revolutionary email client: http://www.opera.com/mail/

--- End Message ---

--- Begin Message ---

Hi,

Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes UTF-8 encoded character a single character

How can it be break into the REAL bytes array that represent the UTF-8 string

 and how  can we reassembled the bytes array  back to UTF-8?

--
Best Regards,

*Eli Orr*
CTO & Founder
*LogoDial Ltd.*

__

--- End Message ---