[PHP] mysqli_connect problem
I am a newbie. The following script works but the second one (below) loads the variables from an html form and then fails. The connection commands in the second sript are identical as the first script was copied from the first. Only the variable values have been changed. #!/usr/bin/php # ?php $first_name = 'Harry'; $last_name = 'Potter'; $when_it_happened = 'This morning'; $how_long = '6 ms'; $how_many = 'millions'; $alien_description = 'angels'; $what_they_did = 'danced on the head of a pin'; $fang_spotted = 'No'; $other = 'There were bright flashing lights'; $email = 'ha...@aol.com'; $dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase') or die('Error connecting to MySQL server'); $query = INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, . how_many, alien_description, what_they_did, fang_spotted, other, email) . VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', . '$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email'); $result = mysqli_query($dbc,$query) or die('Error Querying the database'); mysqli_close($dbc); ? The following program successfully loads the variables from an html form and then fails. ?php $first_name = $_POST['firstname']; $last_name = $_POST['lastname']; $when_it_happened = $_POST['whenithappened']; $how_long =$_POST['howlong']; $how_many = $_POST['howmany']; $alien_description = $_POST['aliendescription']; $what_they_did = $_POST['whattheydid']; $fang_spotted = $_POST['fangspotted']; $other = $_POST['other']; $email = $_POST['email']; echo 'got to here, '; echo $last_name\n\n; $dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase') or die('Error connecting to MySQL server'); $query = INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, . how_many, alien_description, what_they_did, fang_spotted, other, email) . VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', . '$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email'); $result = mysqli_query($dbc,$query) or die('Error Querying the database'); mysqli_close($dbc); ? The echo entries confirm the variables a have been loaded from an html form. The program just stops after the echo entries - no die message, nothing in /var/log/mysql.err or mysql.log. My system is Debian Squeeze, 64 bit. I have php5 version 5.3.1-5, php5-mysql version 5.3.1-5, mysql-client-5 and mysql-server-5 version 5.1.41-3 installed. Any suggestions? Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysqli_connect problem
On 03/01/2010 07:54 PM, Thomas H. George wrote: ?php ... $alien_description = $_POST['aliendescription']; $what_they_did = $_POST['whattheydid']; $email = $_POST['email']; ... $query = INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, . how_many, alien_description, what_they_did, fang_spotted, other, email) . VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', . '$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email'); Any suggestions? Tom Yes I have one. Whatever book you are using, burn it then shoot it! Without looking at the query, it is most likely failing because you are inserting un-escaped data into your database. So when you enter something like: Goa'uld into your alien database then it will fail because you have an unescaped control character. This code, when freely accessible, will ensure that your database will be compromised quickly. Search for SQL Injection on Google. Unfortunately I can not recommend a good beginners guide since most of the ones I have seen teach this kind of stuff but hopefully someone else on this list can. BTW, you can do your mysql connection this way and get the error returned plus the SQL query. mysqli_query($link, $sql) or die(p$sql/p.mysqli_error($link)); -- John Gerechtigkeit entspringt dem Neid; denn ihr oberster Grundsatz ist: Allen das Gleiche. [Walther Rathenau] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] mysqli_connect problem
I am a newbie. The following script works but the second one (below) loads the variables from an html form and then fails. The connection command in the second sript are identical as the first script was copied from the first. Only the variable values have been changed. #!/usr/bin/php # ?php $first_name = 'Harry'; $last_name = 'Potter'; $when_it_happened = 'This morning'; $how_long = '6 ms'; $how_many = 'millions'; $alien_description = 'angels'; $what_they_did = 'danced on the head of a pin'; $fang_spotted = 'No'; $other = 'There were bright flashing lights'; $email = 'ha...@aol.com'; $dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase') or die('Error connecting to MySQL server'); $query = INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, . how_many, alien_description, what_they_did, fang_spotted, other, email) . VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', . '$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email'); $result = mysqli_query($dbc,$query) or die('Error Querying the database'); mysqli_close($dbc); ? The following program successfully loads the variables from an html form and then fails. ?php $first_name = $_POST['firstname']; $last_name = $_POST['lastname']; $when_it_happened = $_POST['whenithappened']; $how_long =$_POST['howlong']; $how_many = $_POST['howmany']; $alien_description = $_POST['aliendescription']; $what_they_did = $_POST['whattheydid']; $fang_spotted = $_POST['fangspotted']; $other = $_POST['other']; $email = $_POST['email']; echo 'got to here, '; echo $last_name\n\n; $dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase') or die('Error connecting to MySQL server'); $query = INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, . how_many, alien_description, what_they_did, fang_spotted, other, email) . VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', . '$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email'); $result = mysqli_query($dbc,$query) or die('Error Querying the database'); mysqli_close($dbc); ? The echo entries confirm the variables a have been loaded from an html form. The program just stops after the echo entries - no die message, nothing in /var/log/mysql.err or mysql.log. I believe the problem is a permissions problem. I had to make the first script executable so of course I also made the second executable but this did not help. My system is Debian Squeeze, 64 bit. I found I had to install php5-mysql to use the mysqli_connect command. Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] mysqli_connect problem
ok, couple of things; - if you're using user input in SQL queries, you have to push 'm through a function that sanitizes the input against sql-insertions. For now, let that be function antiSQLinsertion ($var) { return mysql_real_escape($var); }; - if you're going to output values from the DB into HTML that have been put there by the user, you have to also guard against HTML-level insertions (malicious html/js/flash to name a few). however, this is not easy, and i havent found a good way of doing this, save stripping all js,iframe,img and flash.. :( - you may want to add adodb.sf.net as a database abstraction layer. it will help if you ever want to switch mysql to another rdbms. as for your actual problem; - you could be right about the permissions issue, connect to the database as root instead and execute a GRANT statement to allow tom xs to the db. http://dev.mysql.com/doc/refman/5.1/en/grant.html google debian mysql change root password if you can't get in as root.. it's just strange to me that it works from 1 env, but not another.. On Sun, Feb 28, 2010 at 10:48 PM, Thomas H. George li...@tomgeorge.info wrote: I am a newbie. The following script works but the second one (below) loads the variables from an html form and then fails. The connection command in the second sript are identical as the first script was copied from the first. Only the variable values have been changed. #!/usr/bin/php # ?php $first_name = 'Harry'; $last_name = 'Potter'; $when_it_happened = 'This morning'; $how_long = '6 ms'; $how_many = 'millions'; $alien_description = 'angels'; $what_they_did = 'danced on the head of a pin'; $fang_spotted = 'No'; $other = 'There were bright flashing lights'; $email = 'ha...@aol.com'; $dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase') or die('Error connecting to MySQL server'); $query = INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, . how_many, alien_description, what_they_did, fang_spotted, other, email) . VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', . '$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email'); $result = mysqli_query($dbc,$query) or die('Error Querying the database'); mysqli_close($dbc); ? The following program successfully loads the variables from an html form and then fails. ?php $first_name = $_POST['firstname']; $last_name = $_POST['lastname']; $when_it_happened = $_POST['whenithappened']; $how_long =$_POST['howlong']; $how_many = $_POST['howmany']; $alien_description = $_POST['aliendescription']; $what_they_did = $_POST['whattheydid']; $fang_spotted = $_POST['fangspotted']; $other = $_POST['other']; $email = $_POST['email']; echo 'got to here, '; echo $last_name\n\n; $dbc = mysqli_connect('localhost', 'tom', 'fog^horn9', 'aliendatabase') or die('Error connecting to MySQL server'); $query = INSERT INTO aliens_abduction (first_name, last_name, when_it_happened, how_long, . how_many, alien_description, what_they_did, fang_spotted, other, email) . VALUES ('$first_name', '$last_name', '$when_it_happened', '$how_long', '$how_many', . '$alien_description', '$what_they_did', '$fang_spotted', '$other', '$email'); $result = mysqli_query($dbc,$query) or die('Error Querying the database'); mysqli_close($dbc); ? The echo entries confirm the variables a have been loaded from an html form. The program just stops after the echo entries - no die message, nothing in /var/log/mysql.err or mysql.log. I believe the problem is a permissions problem. I had to make the first script executable so of course I also made the second executable but this did not help. My system is Debian Squeeze, 64 bit. I found I had to install php5-mysql to use the mysqli_connect command. Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php