Re: [sqlite] Porting a simple logon script to SQLite3 from MySQL
C Lindgren writes: > $sql=$db->exec("INSERT INTO users(ID,username,password) > VALUES > ('0','".$username."','".$password."')"); In MYSQL, null and 0 are magic for a INTEGER PRIMARY KEY AUTO_INCREMENT column. In SQLite, only null is magic for a INTEGER PRIMARY KEY column. Use NULL instead of '0' in both platforms. --David Garfield ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Porting a simple logon script to SQLite3 from MySQL
Quoting Stephan Beal: On Wed, Oct 5, 2011 at 6:56 PM, C Lindgren wrote: if (isset ($_post ['submit'] )) { Aside from this use of POST being a huge security hole, $_post is spelled wrong: it whould be $_POST (or $_REQUEST if you want to treat GET/POST the same). $sql=$db->exec("INSERT INTO users(ID,username,password) VALUES ('0','".$username."','".$**password."')"); If it's not clear why that is a huge security hole, google for "sql injection attack" and then read up on PDO::prepare() for how to avoid that problem: http://php.net/manual/en/pdo.prepare.php -- - stephan beal http://wanderinghorse.net/home/stephan/ ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users Thanks... So, I can eliminate the $_POST block of code and replace it with PDO::prepare() then execute it with PDOStatement::execute() ? I'm sure I'll have additional questions after I rewrite that code block. Even though this is in an intranet environment it's nice to know! Thanks again for your straight answer. -- C Lindgren ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Porting a simple logon script to SQLite3 from MySQL
On 5 Oct 2011, at 5:56pm, C Lindgren wrote: > I'm trying to port a simple logon script that was originally for MySQL to > SQLite3. MySQL uses connections to a server with a password. SQLite accesses a file on a hard disk. Make sure your web app (probably apache or httpd) has enough access to the database file to be able to open it with readwrite permissions. Do this by temporarily lowering the permissions all the way. Simon. ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Porting a simple logon script to SQLite3 from MySQL
On Wed, Oct 5, 2011 at 6:56 PM, C Lindgrenwrote: > if (isset ($_post ['submit'] )) { Aside from this use of POST being a huge security hole, $_post is spelled wrong: it whould be $_POST (or $_REQUEST if you want to treat GET/POST the same). >$sql=$db->exec("INSERT INTO > users(ID,username,password) >VALUES > ('0','".$username."','".$**password."')"); > If it's not clear why that is a huge security hole, google for "sql injection attack" and then read up on PDO::prepare() for how to avoid that problem: http://php.net/manual/en/pdo.prepare.php -- - stephan beal http://wanderinghorse.net/home/stephan/ ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Porting a simple logon script to SQLite3 from MySQL
I'm trying to port a simple logon script that was originally for MySQL to SQLite3. Everything seems to work but won't post data to the database and won't return the else statements if no data is entered or "user added" when submitted. New and trying to learn PDO with SQLite3... Can someone give me an idea what's wrong with my code? The code is below... -- C Lindgren CODE try { /*** connect to SQLite database ***/ $db = new PDO("sqlite:///my_path/to_my/sqlite3_db_file"); } catch(PDOException $e) { echo $e->getMessage(); } if (isset ($_post ['submit'] )) { $username = ($_post ['username']); $password = ($_post ['password']); if (!empty ($username) && !empty ($password)) { $sql=$db->exec("INSERT INTO users(ID,username,password) VALUES ('0','".$username."','".$password."')"); print 'User Added'; } else { print 'You must enter a valid Username and Password'; } } else { print ' Username: Password: '; } ?> CODE ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users