forbidden syntax search

[M. Bader]

Hi,

I need a little help on my SQL syntax.

I want to store forbidden inputs from the GUI in a table and query it on
input from the user;

simple layout:

CREATE TABLE `forbidden_input` (`lfdnr` TINYINT (3) UNSIGNED DEFAULT '0'
AUTO_INCREMENT, `input` VARCHAR (255) NOT NULL, PRIMARY KEY(`lfdnr`),
UNIQUE(`input`));

Content is something like this:
1,'+'
2,'^'
3,'>'
4,'<'
5,'('
6,')'
7,'~'
8,'&'
9,'%'


The Query shall be something like (Where 'Hello Wor&ld' will later be
substituted with the user's input by PHP.):

SELECT `input` FROM lok_forbidden_input WHERE 'Hello Wor&ld' like '%\&%';

I get a strange behavior here, which I can't explain myself: I get either no
results or all results.



More bad: I originally wanted to compare the table content agains the user's
input.
So the query should rather look like this:

SELECT `input` FROM lok_forbidden_input WHERE 'Ha%llo Welt' like
'%\'+`input`+'%';

But here I get a problem with the backslash with should mask out something
like '%' in table's row number 9.


Where am i wrong here?

Thanks for any help
Maik




-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

SQL: forbidden syntax search

[M. Bader]

Hi,

I need a little help on my SQL syntax.

I want to store forbidden inputs from the GUI in a table and query it on
input from the user;

simple layout:

CREATE TABLE `forbidden_input` (`lfdnr` TINYINT (3) UNSIGNED DEFAULT '0'
AUTO_INCREMENT, `input` VARCHAR (255) NOT NULL, PRIMARY KEY(`lfdnr`),
UNIQUE(`input`));

Content is something like this:
1,'+'
2,'^'
3,'>'
4,'<'
5,'('
6,')'
7,'~'
8,'&'
9,'%'


The Query shall be something like (Where 'Hello Wor&ld' will later be
substituted with the user's input by PHP.):

SELECT `input` FROM lok_forbidden_input WHERE 'Hello Wor&ld' like '%\&%';

I get a strange behavior here, which I can't explain myself: I get either no
results or all results.



More bad: I originally wanted to compare the table content agains the user's
input.
So the query should rather look like this:

SELECT `input` FROM lok_forbidden_input WHERE 'Ha%llo Welt' like
'%\'+`input`+'%';

But here I get a problem with the backslash with should mask out something
like '%' in table's row number 9.


Where am i wrong here?

Thanks for any help
Maik



-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

RE: Adding up DATETIME field

[M. Bader]

Hi again,

> From: Diana Soares [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 21, 2003 4:05 PM
> | NOW() + sec_to_time(6000) |

That i allready tried, and it's leading to wrong results,
as same as

> From: Cybot [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 21, 2003 3:42 PM
> UPDATE `user_login` SET `expire` = (NOW() + 6000)

'cause 6000 will be interpreted as 60:00, resulting in 

Thanks Diana, this one worked:

> Try using DATE_ADD(NOW(), INTERVAL 6000 SECOND)


Thank you

Maik




-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

Adding up DATETIME field

[M. Bader]

Hi,

i'm struggling with updating session expire times in my login table.

Can you tell me, how to correctly add an amount of seconds (after that
the session expires) to a datetime field?

when i do the insert for a new login, or an update, the expire field
will alway end up containing zeros

below are my statements and structure, (MySQL version: 4.0.13)


Thanks for any help

Maik

INSERT INTO `user_login` (
`id_kontakt`,
`id_user`,
`session`,
`expire`,
`ip`,
`browser`,
`id_sprache`,
`username`)
VALUES (
25,
39,
'1061461259142493',
(NOW()+SEC_TO_TIME(6000)),
'192.168.0.3',
'Opera/7.11 (Windows NT 5.0; U)  [de]',
1,
'maik'
);


UPDATE `user_login` SET `expire` = (NOW()+SEC_TO_TIME(6000))
WHERE `session` LIKE '1061461259142493';


CREATE TABLE `lok_user_login` (
  `lfdnr` bigint(20) unsigned NOT NULL auto_increment,
  `id_kontakt` bigint(20) unsigned NOT NULL default '0',
  `id_user` bigint(20) unsigned NOT NULL default '0',
  `username` varchar(255) NOT NULL default '',
  `session` varchar(255) NOT NULL default '',
  `expire` datetime NOT NULL default '-00-00 00:00:00',
  `ip` varchar(15) NOT NULL default '',
  `browser` varchar(255) NOT NULL default '',
  `id_sprache` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`lfdnr`),
  UNIQUE KEY `session` (`session`),
  FULLTEXT KEY `session2` (`session`)
) TYPE=MyISAM;






-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

RE: How can I display images from a mySQL Database in a web page?

[M. Bader]

>
> 
> 
>


use this:

echo '';

where "0,0" is the result-set index for your mysql field. you might
use other mysql functions of course, but the place to put the output
in is the same

the html-source code will look like it is only a normal image path,
but the server sends the binary data too


hope that helps
Maik




-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

RE: Aborted Result in simple Query

[M. Bader]

Hello Shane,

> I found nothing better than the standard
> MySQL C API standard with MySQL.

That's true. I read it now i find it very easy in comparison to the C++
documents.
This one reminds me of PHP functions a lot.

> I have made 2 such classes, which are quite
> simple, not a significant ammount of error checking, or
> functionality, but
> ResultSet's and Queries can be made.
>
> If you are interested in my classes, I'd be happy to pack them
> up for you to

That whould be very kind of you mate. Allthough i tried to use the C-API
now, i'm still getting some errors, that dont now know of why they occure.
It whould be alot easier to one complete example to get a glue of how to
start  in C/C++.

> use, I only ask the headers be kept in the code.

if you wish so, of course.

Thanks a lot,
Maik


-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]

Aborted Result in simple Query

[M. Bader]

Hi all,

this _my_ "simple" problem: I wrote a little c++ programm in linux using
the plusplus api

My purpose was to create a simple interface to mysql. Programmer uses my
class, gives a sql-string and gets a pointer to the result array wich my
class creates out of the result set.

this is a shortened part of my scripts:
[...]
Query* q = new Query(&conn);
[...]

bool myConn::runQuery(char *sql)
{
(*q) << sql;
cout << q->preview() << endl;
cout << "one" << endl;
Result res = q->store();
cout << "two" << endl;
[...]
}

and the following is the output:
[...]
SELECT name FROM test;
one
Aborted

...that's it.

If I try to get out what's wrong by
try{ [...] }
catch(BadQuery er) { cout << er.error; }

i'll only receive cryptic symbols (like a misplaced pointer)

So here are my questions:
1. Is there any way to get out correctly what's wrong?
2. Is there any good(!) description of the mySQL C++ API?
(http://www.mysql.com/documentation/mysql++/index.html is horrific!)

Best regards

M. Bader


-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]