503 by match between two databases [duplicate] - php

This question already exists:
PHP's white screen of death [duplicate]
Closed 5 years ago.
I've been working on a project where searching for matches between two databases, but when the cronjob runs i'll get an 503 error.
The variable source is the name like 'Peter' or 'Margot'.
And name_key is the key of the array like 'name' or 'event'.
global $dbh;
global $dbh_second;
$import_sql = $dbh->prepare('SELECT name_key FROM imports WHERE name = :source');
$import_sql->bindParam(':source', $source, PDO::PARAM_STR);
$import_sql->execute();
$name = $import_sql->fetch(PDO::FETCH_ASSOC);
$source = strtolower($source);
$import_data_sql = $dbh->prepare('SELECT * FROM import_data WHERE source = :source AND import_key = :key');
$import_data_sql->bindParam(':key', $name['name_key'], PDO::PARAM_STR);
$import_data_sql->bindParam(':source', $source, PDO::PARAM_STR);
$import_data_sql->execute();
$import_data = $import_data_sql->fetchAll(PDO::FETCH_ASSOC);
foreach ($import_data as $filter) {
$column = $filter['import_key'];
$party_sql = $dbh_second->prepare("SELECT * FROM `digi_gz_parties` WHERE name LIKE :value");
$party_sql->bindParam(':value', $filter['import_value'], PDO::PARAM_STR);
$party_sql->execute();
if($party = $party_sql->fetch(PDO::FETCH_ASSOC)) {
$import_check_sql = $dbh->prepare('UPDATE import_data SET status = 1 WHERE source = :source AND import_value LIKE :value AND created_at = :max');
$import_check_sql->bindParam(':max', $filter['max_data'], PDO::PARAM_STR);
$import_check_sql->bindParam(':value', $filter['import_value'], PDO::PARAM_STR);
$import_check_sql->bindParam(':source', $source, PDO::PARAM_STR);
$import_check_sql->execute();
}
}
Is their another solutions to do this or do i need to set up the timeout seconds higher?
Thanks a lot!


You need to get the records in batches because otherwise it takes too long and gives a timeout. And have a look at some optimization: Indexes, caching and such.

Related

PHP Parse error when executing query [duplicate]

This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
Closed 5 years ago.
This should be a very basic error, but based on the error-description I can't seem to figure it out. Either I misunderstood some part of the concept or it's just some sign missing.
The problem arises when I try to execute a query.
This is some of the code (I think it should be enough):
//Create database connection to my server
$pdo = new PDO($dsn, $user, $password);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//All single variables
$lan = $_POST["lan"];
$botyp = $_POST["botyp"];
//All variables with min and max value
$pris = $_POST["pris"];
$prisArray = explode(",", $pris); //Splits string "minvalue, maxvalue" by delimiter "," to become array with [minvalue, maxvalue]
$prisMin = $prisArray[0];
$prisMax = $prisArray[1];
$storlek = $_POST["storlek"];
$storlekArray = explode(",", $storlek);
$storlekMin = $storlekArray[0];
$storlekMax = $storlekArray[1];
$rum = $_POST["rum"];
$rumArray = explode(",", $rum);
$rumMin = $rumArray[0];
$rumMax = $rumArray[1];
$avgift = $_POST["avgift"];
$avgiftArray = explode(",", $avgift);
$avgiftMin = $avgiftArray[0];
$avgiftMax = $avgiftArray[1];
$query = "SELECT * FROM bostader
WHERE lan = ? AND
objekttyp = ? AND
(pris >= ? AND pris <= ?) AND
(area >= ? AND area <= ?) AND
(rum >= ? AND rum <= ?) AND
(avgift >= ? AND avgift <= ?)";
$stmt = $pdo->prepare($query);
$stmt->execute([$lan, $botyp, $prisMin, $prisMax, $storlekMin, $storlekMax, $rumMin, $rumMax, $avgiftMin, $avgiftMax]); //Execute query using relevant variables
When I run this I get an error saying:
Parse error: parse error, expecting `']'' in /Library/WebServer/Documents/resultat.php on line 58
Which points to this line:
$stmt->execute([$lan, $botyp, $prisMin, $prisMax, $storlekMin, $storlekMax, $rumMin, $rumMax, $avgiftMin, $avgiftMax]);
Thank you in advance for your help.

Instead of this code
$stmt->execute([$lan, $botyp, $prisMin, $prisMax, $storlekMin, $storlekMax, $rumMin, $rumMax, $avgiftMin, $avgiftMax]);
you shuld try this one
$stmt->execute(array(
$lan,
$botyp,
$prisMin,
$prisMax,
$storlekMin,
$storlekMax,
$rumMin,
$rumMax,
$avgiftMin,
$avgiftMax
));

PHP PDO & Large Objects (LOB) broken after update

A few months ago, my Ubuntu package auto-updated PHP from 7.0.8 to 7.0.13, at which point my script for updating photos stored on a SQL database started failing. I got around this by reinstalling 7.0.8. Last month, I was again auto-updated to 7.0.15 and my script failed again.
My script writes a jpg image to a MS-SQL database, using PDO & FreeTDS, plus Large Objects (LOB) to handle the photo. I emphasise that it worked up to PHP version 7.0.8. The following is a test script isolating my problem.
<?php
$dsn = 'dblib:dbname=photos;host=gary';
$id = 693925;
$dbh = new PDO($dsn, $user, $password);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$photo = file_get_contents("coco.jpg");
$query = "UPDATE photo_table SET photo = :photo WHERE id = :id";
$stmt = $dbh->prepare($query);
$stmt->bindValue(":photo", $photo, PDO::PARAM_LOB);
$stmt->bindValue(":id", $id, PDO::PARAM_INT);
$stmt->execute();
}
}
catch (PDOException $e) {
echo $e->getMessage();
}
The result is an "Incorrect syntax" error!?
SQLSTATE[HY000]: General error:
102 Incorrect syntax near '����'.[102] (severity 15) [(null)]
Using the latest available PHP version 7.0.15, reading from the database works, including reading the photo as a Large Object. There is no problem writing every other field to the database, it only fails on my image.
Despite searching over the last few weeks, I still have to find someone else reporting the same problem.
I am after any advice, either a change to the code, or some configuration settings to allow LOBs to work again.

I suggest you use bindParam instead of bindValue always because in bindParam
Unlike PDOStatement::bindValue(), the variable is bound as a
reference and will only be evaluated at the time that
PDOStatement::execute() is called.
$photo = file_get_contents("coco.jpg");//change this to below
$photo = fopen($_FILES['file']['tmp_name'], 'rb');
$query = "UPDATE photo_table SET photo = :photo WHERE id = :id";
$stmt = $dbh->prepare($query);
$stmt->bindValue(":photo", $photo, PDO::PARAM_LOB);//change to this below
$stmt->bindParam(":photo", $photo, PDO::PARAM_LOB);
$stmt->bindValue(":id", $id, PDO::PARAM_INT);//change this to below
$stmt->bindParam(":id", $id, PDO::PARAM_INT);
This is just only suggestions check here...... http://php.net/manual/en/pdo.lobs.php & http://www.php.net/manual/en/pdostatement.bindparam.php#refsect1-pdostatement.bindparam-description

My solution/workaround was to convert the binary from the image into hexadecimal representation before sending the data to SQL.
$photo = bin2hex(file_get_contents("coco.jpg"));
converting it back again during the SQL statement.
$query =
"UPDATE photo_table SET photo=CONVERT(varbinary(max), :photo, 2) WHERE id = :id";

Fatal error: Cannot pass parameter 2 by reference when using PHP and MYSQL [duplicate]

This question already has answers here:
Cannot pass parameter 2 by reference - uuid PDO
(4 answers)
Closed 1 year ago.
I am using PHP PDO to insert into a MYSQL database using PHP. I am getting the error:
Fatal error: Cannot pass parameter 2 by reference in
/home/sandyit/public_html/hosting/findibuzz/design2/sign-up.php on
line 200
This is my code:
$ID is an auto incremented integer while the rest are varchar variables filled out as below as an example:
$db = new PDO('mysql:host=localhost;dbname=dbname;charset=utf8', 'dbusername', 'dbpass');
$FULLNAME = "David";
$PW_HASH = "sadsad";
$SALT = "adadad";
$EMAIL_ADDRESS = "david#gmail.com";
$ID=0;
$addrequest = $db->prepare("INSERT INTO FB_USERS (ID,FULL_NAME,PASSWORD,PASSWORD_SALT,EMAIL_ADDRESS) VALUES (:ID,:FULL_NAME,:PASSWORD,:PASSWORD_SALT,:EMAIL_ADDRESS)");
$addrequest->bindParam(':ID',$ID, PDO::PARAM_INT);
$addrequest->bindParam(':FULL_NAME',$FULL_NAME, PDO::PARAM_STR);
$addrequest->bindParam(':PASSWORD',$PW_HASH, PDO::PARAM_STR);
$addrequest->bindParam(':PASSWORD_SALT',$SALT, PDO::PARAM_STR);
$addrequest->bindParam(':EMAIL_ADDRESS',$EMAIL_ADDRESS, PDO::PARAM_STR);
$addrequest->execute();
$addrequest->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
I know i have something wrong, but i cannot spot the error, can i have some advise please?
Thanks

Just for reference. I know this wont help solve your problem, but you could do something like this (see code below) to achieve the same result:
$db = new PDO('mysql:host=localhost;dbname=dbname;charset=utf8', 'dbusername', 'dbpass');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO FB_USERS (FULL_NAME,PASSWORD,PASSWORD_SALT,EMAIL_ADDRESS)
VALUES (:FULL_NAME,:PASSWORD,:PASSWORD_SALT,:EMAIL_ADDRESS)";
$stmt = $db->prepare($sql);
$params = array
(
'FULL_NAME'=>'David',
'PASSWORD'=>'sadsad',
'PASSWORD_SALT'=>'adadad',
'EMAIL_ADDRESS'=>'david#gmail.com'
);
$stmt->execute($params)
I find it easier to work with an array and than to just pass it to the statment.
But I guess its just a mather of taste.
Like I said this is just for reference and wont help you resolve your issue.

Remove quotation marks from '$ID'
$addrequest->bindParam(':ID',$ID, PDO::PARAM_INT);

Updating sql database using pdo parameters - no errors - do nothing

I know this topic has been discussed a lot in stackoverflow but I've read all topics I couldn't find a solution.
I've got this function which should update a mysql database. It justs do not do nothing, and do not show any errors. As you see I use PDO. I've seen lots of question similar to mine in stackoverflow, and tried their solution but none of them seems to work.
I've checked that all variables that I pass to this function arrive and are correct.
public function updateValues($coreID, $table, $name, $time){
if ($this->databaseConnection()) {
$query_edit_user_name = $this->db_connection->prepare("UPDATE :tableT SET time = :timeT, name = :nameT WHERE id = :coreID");
$query_edit_user_name->bindValue(':coreID', trim($coreID), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':tableT', trim($table), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':nameT', trim($name), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':timeT', trim($time), PDO::PARAM_INT);
$query_edit_user_name->execute();
}
}
I've been trying to add´´ or '' to different rows names or values but didn't worked. The only way it "works" is if there isn't a single PDO parameter:
$query_edit_user_name = $this->db_connection->prepare("UPDATE table1 SET time = '55', name = 'name1' WHERE id = 'core2'");
Any ideas?

You can't use a bind value or parameter for a table name.
$query_edit_user_name = $this->db_connection->prepare("UPDATE :tableT SET time...
^^^^^^^
Try this instead:
public function updateValues($coreID, $table, $name, $time){
if ($this->databaseConnection()) {
$query_edit_user_name = $this->db_connection->prepare("UPDATE `$table` SET time = :timeT, name = :nameT WHERE id = :coreID");
$query_edit_user_name->bindValue(':coreID', trim($coreID), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':nameT', trim($name), PDO::PARAM_STR);
$query_edit_user_name->bindValue(':timeT', trim($time), PDO::PARAM_INT);
$query_edit_user_name->execute();
As has been pointed out in the comments, a dynamic table name is open to a possible injection, depending on where the table name is derived from.
Either, escape the table name before preparing the statement with something like:
$table = str_replace(array('\\',"\0" ,'`'), '', $table);
Or, use a whitelist method:
$allowed = array('table1', 'table2');
if (in_array($table, $allowed)) {
// prepare and execute query
}

Setting PDO/MySQL LIMIT with Named Placeholders [duplicate]

This question already has answers here:
How can I pass an array of PDO parameters yet still specify their types?
(3 answers)
Closed 7 years ago.
I'm having an issue binding the LIMIT part of an SQL query. This is because the query is being passed as a string. I've seen another Q here that deals with binding parameters, nothing that deals with Named Placeholders in an array.
Here's my code:
public function getLatestWork($numberOfSlides, $type = 0) {
$params = array();
$params["numberOfSlides"] = (int) trim($numberOfSlides);
$params["type"] = $type;
$STH = $this->_db->prepare("SELECT slideID
FROM slides
WHERE visible = 'true'
AND type = :type
ORDER BY order
LIMIT :numberOfSlides;");
$STH->execute($params);
$result = $STH->fetchAll(PDO::FETCH_COLUMN);
return $result;
}
The error I'm getting is: Syntax error or access violation near ''20'' (20 is the value of $numberOfSlides).
How can I fix this?

The problem is that execute() quotes the numbers and treats as strings:
From the manual - An array of values with as many elements as there are bound parameters in the SQL statement being executed. All values are treated as PDO::PARAM_STR.
<?php
public function getLatestWork($numberOfSlides=10, $type=0) {
$numberOfSlides = intval(trim($numberOfSlides));
$STH = $this->_db->prepare("SELECT slideID
FROM slides
WHERE visible = 'true'
AND type = :type
ORDER BY order
LIMIT :numberOfSlides;");
$STH->bindParam(':numberOfSlides', $numberOfSlides, PDO::PARAM_INT);
$STH->bindParam(':type', $type, PDO::PARAM_INT);
$STH->execute();
$result = $STH->fetchAll(PDO::FETCH_COLUMN);
return $result;
}
?>

I'd suggest binding the params and forcing their type:
$STH->bindParam(':numberOfSlides', $numberOfSlides, PDO::PARAM_INT);
$STH->execute();

Categories