|
PHP - Php Mysql_query And Utf8 - Problem
Similar TutorialsI'm pretty new to PHP and I'm having trouble inserting data into my database from a webpage. Here is the code. The error is on the lines with $query and $result. The error comes back: Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/content/76/5697876/html/corbinreynolds/insert.php on line 39 Lost connection to MySQL server at 'reading initial communication packet', system error: 111 I've been working at this for hours and can't seem to figure this out. Any ideas? <?php $first=$_POST['first']; $last=$_POST['last']; if (!$first || !$last) { echo 'Error: Enter the required data.'; exit; } if (!get_magic_quotes_gpc()) { $first = addslashes($first); $last = addslashes($last); } $hostname = '127.0.0.1'; $username = 'root'; $password = 'root'; $dbname = 'phonebook'; @ $db = mysql_connect($hostname,$username.$password,$dbname); if (mysqli_connect_errno()) { echo 'Errer: Could not connect to database'; echo '<br>'; echo mysqli_connect_error(); exit; } $query = "INSERT INTO contact (first,last) VALUES ('$first','$last')"; $result = mysql_query($query,$db) or die(mysql_error()); if ($result) { echo $db->affected_rows." contact inserted into the database"; echo 'Contact Entered: '.$first.' '.$last.''; } else { echo 'Error: Contact not added.'; exit; } echo 'Closing Database'; $db->close(); ?> Hi... Before I have no problem in using On Duplicate Key, but now i have because of using time function. Before I only have insert query: Code: [Select] $result = mysql_query("INSERT INTO regular_sum_hours(EMP_NO, Hours) SELECT EMP_NO, sec_to_time(SUM(time_to_sec(Rendered))) FROM regular_dtr_total GROUP BY EMP_NO") or die(mysql_error()); And now I think that I need to add a syntax for Update, so i revise my code: Code: [Select] $result = mysql_query("INSERT INTO regular_sum_hours(EMP_NO, Hours) SELECT EMP_NO, sec_to_time(SUM(time_to_sec(Rendered))) FROM regular_dtr_total GROUP BY EMP_NO ON DUPLICATE KEY EMP_NO = EMP_NO, Hours = sec_to_time(SUM(time_to_sec(Rendered)))") or die(mysql_error()); and I got a problem in this part: Hours = sec_to_time(SUM(time_to_sec(Rendered)))") Thank you Hi, I am trying to update the database with the arabic characters using utf8, when am trying with firefox no problem in updating also i check with database values are in utf8 format. But at the same time working with IE, values are not updating as utf8 format. Looking for answer confused..hope.. Thanks hello i have problem with reading utf-8 text from normal text file with utf8 encoding. I am bulgarian i want to read and write bulgarian text but i cant. $fh = fopen("pics/names.txt", 'r'); $theData = fread($fh, 5); fclose($fh); echo $theData; This is what i use. Iam with windows 7. Pls help me... Im using this code Code: [Select] //create message with token gained before $post = array( 'access_token' => $access_token, 'message' => html_entity_decode($description, ENT_QUOTES), 'name' => html_entity_decode(strip_tags($post_title, ENT_QUOTES)), 'caption' => html_entity_decode(strip_tags($post_title, ENT_QUOTES)), 'link' => $_SESSION['blog_base'].'article/'.$post_url.'/', 'description' => html_entity_decode($description, ENT_QUOTES), 'picture' => 'http://www.socialnewsoffice.com/uploads/'.$article_img); to publish information to facebook however when i publish this i get this Code: [Select] Leasing receive another Great Testimonial from�Steve Brennan at�MCM Insurance Group\r\nTo whom it may concern\r\nEarlier this year we to... any ideas? Hi everybody !
Am back with the never ending security issues, just that this time it has to do with the character set related security issues. I read the whole day on utf-8 and am still lost on certain aspects related to PHP security.
Consider the simple script below:
<?php
//error_reporting(E_ALL & ~E_NOTICE);
session_start();
if(isset($_POST['login'], $_POST['password']))
{
$login = $_POST['login'];
$password = $_POST['password'];
if(!empty($login) && !empty($password))
{
//echo "Ok";
echo "Welcome ". $login;
echo "<br> You password is.$password ";
}
}
?>
<html>
<body>
<form action="welcome2.php" method="post">
Name: <input type="text" name="login" />
Password: <input type="password" name="password" />
<input type="submit" name="submit"/>
</form>
</body>
</html>
It is not a login script, but assuming that it was one, I would like to know that if UTF-8 was the charset that was selected for this script, then :
1. how could it be exploited to pass a string that would effectively break thorugh this login. It would be great if someone can demonstrate the hack using the above script example.
2. Could the same be thwarted by the use of input filters?
3. I also read that the use of a regex to limit the use of special characters in passwords is not good . So in case the hack can be thwarted by the use of regex and that is a bad idea in the first place what should be done?
There are a few more questions that are on my mind but I would only ask those once I am clear on these that I have just asked.
Thanks all.
Hello, I am using a regex with /iumsU modifiers. On some servers this crashes PHP and I need to turn UTF8 off thus the modifier becoming /imsU I am wondering how can I detect the requirements for /u to work normally so I can dynamically adjust my regex? Cheers In attachment is the code I generated from Flex Builder: My issue is that the UTF8 (coding of the MySQL database) isn't correctly interpreted, the solution is to use : $stmt = mysqli_prepare($this->connection, "SET NAMES UTF8;"); But I don't know how to enter it in this syntax? It is I think the: $stmt = mysqli_prepare($this->connection, "SELECT * from $this->tablename"); that has to be modified, but how? Really searching a long time on the correct syntax, but without any result... Please help, thanks a lot Wimmerke Hello, I've got a huge database that is filled with text. It is encoded in UTF8 and some of the symbols used (like emoticons) are encoded in the private use area of UTF8 (http://www.fileformat.info/info/unicode/block/private_use_area/utf8test.htm). Now I want to replace those codes of the private use area with the corresponding smilies etcetera. So actually my question is, how do I replace specific UTF8 codes with something else in PHP? Thanks in advance! OK So I have a quick question... how would I go about making a query like: mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND key='$key' "); You see, theres an error: Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' key='1234' LIMIT 1' at line 1 I know this is a simple issue, and I know you cant keep creating AND's inside the query, but how would I do it? I've never attempted to use more than one AND before, so its new to me even though I'm a experienced PHP Developer. Thanks in advance! Hey guys, I've been playing around with this open source php game, I'm having problems with the registration system. For some reason the script is echoing back that there is no password in the password fields. When in fact there is: Add_player.php: Code: [Select] <?php session_start(); session_register("pid"); include("common.inc"); include("date.inc"); include("header.inc"); dbConnect(); $res = mysql_query("select id from $dbName.pdm_players where name=\"$name\"") or die(mysql_error()); if ($name == "" || $password1 == "") { echo "<center><div class=\"sheader\">Oh dear me!</div> You have to actually enter a name and password!"; $name = ""; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } if ($name == $password1) { echo "<center><div class=\"sheader\">Oh dear me!</div> You can't make the password the same as the name. People will guess your password!"; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } if (strlen($password1) < 6) { echo "<center><div class=\"sheader\">Oh dear me!</div> Passwords must be at least 6 characters, otherwise they are easy to guess!"; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } if (mysql_fetch_row($res)) { echo "<center><div class=\"sheader\">Oh dear me!</div> Player $name already exists, try a different name."; $name = ""; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } if ($password1 != $password2) { echo "<center><div class=\"sheader\">Oh dear me!</div>"; echo "The two passwords didn't match - type carefully now!."; include("character_form.inc"); echo "</center>"; include("footer.inc"); return 0; } echo "<div class=\"sheader\">Registration for $name successful</div>"; $cp = crypt($password1); $dateArray = getdate(time()); $likeNowScoob = $dateArray["year"] . "-" . $dateArray["mon"] . "-" . $dateArray["mday"]; if ($character < 1 || $character > 9) { die("you are an idiot"); } pdm_characters(); $res = mysql_query("select type from $dbName.pdm_characters where cid = $character") or die(mysql_error()); $t = mysql_fetch_row($res); pdm_stuff(); $specRes = mysql_query("select sid from $dbName.pdm_stuff where sid >= 28 and sid <= 33 and type like \"%$t[0]%\"") or die(mysql_error()); $res = mysql_query("BEGIN") or die(mysql_error()); $res = mysql_query("insert into $dbName.pdm_players (name, used, dob, cpass, char_id, roundswon, evo, aWeapon, dWeapon) VALUES (\"$name\", 1, \"$likeNowScoob\", \"$cp\", $character, 0,0,0,0)") or die(mysql_error()); $res = mysql_query("select id from $dbName.pdm_players where name=\"$name\" for update") or die(mysql_error()); $row = mysql_fetch_row($res); $pid = $row[0]; $res = mysql_query("insert into $dbName.pdm_league (id, highest, days_no_1, yesterday, longPoints) VALUES ($pid, 16777215, 0, 16777215, 0)") or die(mysql_error()); $res = mysql_query("insert into $dbName.pdm_stats (id, level, attack, defence, health, speed, exp, ko, healthpercent, fights) VALUES ($pid, 1, 100, 100, 100, 100, 0, 0, 10, 0)") or die(mysql_error()); $res = mysql_query("insert into $dbName.pdm_clanmembers2 (id, clanTag, applyTag, utype) VALUES ($pid, NULL, NULL, '')") or die(mysql_error()); $res = mysql_query("insert into $dbName.pdm_money (id, bank, wallet, bankdate) VALUES ($pid, 0,0, '0000-00-00')") or die(mysql_error()); while ($row = mysql_fetch_row($specRes)) { $res = mysql_query("insert into $dbName.pdm_specials (id, sid, qty, switch) values ($pid, $row[0], 0, 1)") or die(mysql_error()); } $res = mysql_query("COMMIT") or die(mysql_error()); session_register("playerName"); $playerName = stripper($name); echo "<P><diV>Welcome $playerName, click the Fight link down the left to fight your first opponent.</div>"; include("main_screen.inc"); include("footer.inc"); ?> Character_form.inc: Code: [Select] <center> <form method="post" action="add_player.php"> <P> <table cellpadding="0" cellspacing="0"><tr><td align="center"> <?php dbConnect(); pdm_characters();#check HEAP table exists $res = mysql_query("select cid, name, type from $dbName.pdm_characters order by type") or die(mysql_error()); $marker = "X"; $firstOne = 1; $cTypes["A"] = "Alien"; $cTypes["M"] = "Magic"; $cTypes["S"] = "Spirit"; while ($row = mysql_fetch_row($res)) { if ($marker != $row[2]) #new type (alien/magic etc) { if ($marker != "X") { echo "</table>\n"; } $cn = $cTypes[$row[2]]; echo "\n<table cellpadding=\"0\" cellspacing=\"0\" border=1> <tr><td colspan=\"3\" align=\"center\"><div class=\"sheader\"> $cn characters</div></td></tr><tr bgcolor=\"#efefef\">"; $marker = $row[2]; } echo "\n<td><table><tr><td align=center>$row[1]</td></tr><tr><td align=center> <img alt=\"Pick me!\" src=\"images/$row[0]0.gif\"></td></tr><tr> <td align=center><input type=\"radio\" name=\"character\" value=\"$row[0]\""; if ($firstOne and $character == "") { $firstOne = 0; echo " CHECKED "; } if ($character == $row[0]) { echo " CHECKED "; } echo "></td></tr></table></td>"; } echo "</tr></table> <table width=\"551\" cellpadding=0 cellspacing=0><tr><td colspan=\"3\"><div class=\"sheader\">character details</div></td></tr> <tr><td align=\"center\">Name<br><input size=20 maxlength=20 type=text name=\"name\" value = \"$name\"></td>"; ?> <td align="center">Password<br><input type="password" name="password1" size=20 maxlength=20></td> <td align="center">Password again<br><input type="password" name="password2" size=20 maxlength=20></td></tr> <tr><td colspan="3" align="center"><input type="submit" value="Register my character"></td></tr></table> </td></tr></table> <hr> </form> </centER> Anyone able to offer up any advice or where its going wrong, If I remove the validation stuff, it still doesn't insert the user into the database. Cheers Hey Guys, Im having problems with my code. What im trying to do is run a mysql query and show the results, but if the query returns no data, echo out "No incoming requests!" Here is my code: <? $check = "SELECT * FROM requests WHERE club='" . $_SESSION['club'] . "' AND team='" . $_SESSION['team'] . "' AND accepted='0'"; $result=mysql_query($check); if (mysql_num_rows($result) == 0) { while ($getinfo = mysql_fetch_array($result)) { $time = $getinfo["time"]; $who = $getinfo["player_name"]; $whofor = $getinfo["toplayfor"]; $from = $getinfo["team"]; $idp = $getinfo["player_id"]; echo "<a href='profile.php?id=".$idp."&team=".$from."'>".$who." </a><div style='float:right;'>(".$from.")</div><br />"; echo "<div style='margin-top: 2px;'></div>"; echo date('l, F jS, g:ia',$time); echo "<br /><div style='margin-top: 2px;'></div><a href='accept.php?playerid=".$idp."&toplayfor=".$whofor."'>Accept</a> | Decline"; echo "<div id='newsline'></div>"; } } else { echo 'No incoming requests'; } ?> Could someone help me out here? Thanks Heaps! Hi, why won't this work, there is no error messages so it gets to this point, but won't redirect??? (Obviously a lot is missed out here) $query = mysql_query("SELECT * FROM `users` WHERE `username`='$username'"); if ($username==$dbusername&&$password==$dbpassword) { $_SESSION['user'] = $username; while($row = mysql_fetch_array($query)){ $type = $row['Type']; if ($type=="0") { header("Location: chefpanel.php"); }else{ header("Location: restpanel.php"); } } } else $errors[] = 'Password Incorrect'; } else $errors[] = 'Username Incorrect'; I am getting a "mysqli_query() expects parameter 1 to be mysqli, null given" error. the code I am using is below but simplified. connect() does connect to the database without throwing any errors but when I get down to query() I get the above error. public function connect() { mysqli_connect(self::DBHOST, self::DBUSER, self::DBPASS, self::DBNAME); } public function query($query) { mysqli_query(self::connect(), $query); } below is what I am using to call the function. I am not sure if I have to pass the $link in the query function too. I have tried but it didn't seem to do any better. $link = db::connect(); $query = "SELECT name FROM plugins"; db::query($query); I am sure this is something simple that I have overlooked but I am new to this and still learning. Thank you for any help you can provide. This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=328375.0 Is there something wrong this? If so, I'm not seeing it...I keep getting this error: Quote ( ! ) Parse error: syntax error, unexpected T_STRING in C:\Program Files\wamp\www\register.php on line 1059 Here's my code for registering a member: Code: [Select] <?php mysql_query (INSERT INTO fans (id, username, email, password, country, region, gender, status, account, subscription, time_registered, date_registered, birthdate, name, website, age, activation_key) VALUES ('', '{$_SESSION["user"]["username"]}', '{$_SESSION["user"]["email"]}', '{$_SESSION["user"]["password"]}', '{$_SESSION["user"]["country"]}', '{$_SESSION["user"]["region"]}', '{$_SESSION["user"]["gender"]}', 'Offline', 'Inactive', 'Unsubscribed', '{$_SESSION["user"]["time"]}', '{$_SESSION["user"]["date"]}', '{$_SESSION["user"]["birthdate"]}', '{$_SESSION["user"]["name"]}', '{$_SESSION["user"]["website"]}', '{$_SESSION["user"]["age"]}', '{$_SESSION["user"]["activation_key"]}')) or die ("Could not register member"); ?> Help, please and thank you! |
|||||||