The title may be misleading. I apologize for that.
Anyways, I am confused about SQL and ODBC.
On my website, I am trying to setup a register page.
Basically, on my dedicated server with MYSQL running on it, I setup some register.php files so that when a person registers on the site, it gets put into a certain database in SQL. When I try to register, I get "odbc not connected" Do I need to add a new data source?
Example of the html/php file: "Register.php"
<?php
$aw=$_GET["q"];
$aws=$_GET["q2"];
$awts=$_GET["q3"];
$conn = odbc_connect('USER_MEMBERDB','Test','Test123');
//$sql="SELECT * FROM chr_log_info WHERE id_loginid = '$q'";
if ($conn)
{
$query = "select * from chr_log_info where id_loginid = '$aw'";
//perform the query
$result=odbc_exec($conn, $query)or die("Error Here!");;
// $aw = mssql_escape_string($aw);
// $aws = mssql_escape_string($aws);
$slashRead1 = "";
$slashRead2 = "";
for($i = 0; $i < strlen($aw); $i++){
if($aw[$i] == '\\'){
$slashRead1 = 'yah';
}
}
for($i = 0; $i < strlen($aws); $i++){
if($aws[$i] == '\\'){
$slashRead2 = 'yah';
}
}
if(!empty($slashRead1) && !empty($slashRead2)){
echo "Username and Password values cannot be accepted. Please change your Username and Password!";
}else if(!empty($slashRead1)){
echo "Username value cannot be accepted. Please change your Username!";
}else if(!empty($slashRead2)){
echo "Password value cannot be accepted. Please change your Password!";
}else{
if(empty($aws)){
echo "Please fill-in the form completely!";
}else{
$count = 0;
//fetch tha data from the database by row
while(odbc_fetch_row($result)){
for($i=1;$i<=odbc_num_fields($result);$i++){
$row = odbc_result($result, $i);
if(!empty($row)){
$count++;
}
}
}
if(empty($aw)){
echo "Please fill-in the form completely!";
}else if($count != 0){
echo "Sorry, the username you entered is not available!";
}else if(strlen($aws) < 6){
echo "Please enter more than 6 characters for your password!";
}else{
$query1 = "Select id_idx from chr_log_info";
$result1=odbc_exec($conn, $query1)or die("Error Here!");;
while(odbc_fetch_row($result1)){
for($i=1;$i<=odbc_num_fields($result1);$i++){
$row = odbc_result($result1, $i);
}
}
$row++;
$query2 = "Select propid from chr_log_info";
$result2=odbc_exec($conn, $query2)or die("Error Here!");;
while(odbc_fetch_row($result2)){
for($i=1;$i<=odbc_num_fields($result2);$i++){
$row2 = odbc_result($result2, $i);
}
}
$row2++;
$query3 = "Insert into chr_log_info(id_idx, propid, id_loginid, id_passwd, id_sexType) values('$row', '$row2', '$aw', '$aws', '$awts')";
$result=odbc_exec($conn, $query3) or die("Error Here!");
echo "Congratulations! You have successfully registered!";
}
}
}
//close the connection
odbc_close ($conn);
}
else echo "odbc not connected";
?>
Another HTML file that is used is this: "responsexml.html"
<?php
$q=$_GET["q"];
$conn = odbc_connect('USER_MEMBERDB','Test','Test123');
if ($conn)
{
$q = mysql_escape_string($q);
$slashRead = "";
for($i = 0; $i < strlen($q); $i++){
if($q[$i] == '\\'){
$slashRead = 'yah';
}
}
if(!empty($slashRead)){
echo "Username value cannot be accepted!";
}else{
//the SQL statement that will query the database
$query = "select * from chr_log_info where id_loginid = '$q'";
//perform the query
$result=odbc_exec($conn, $query) or die("Wrong!");
//fetch tha data from the database
$count = 0;
while($row = odbc_fetch_row($result))
{
for($i=1;$i<=odbc_num_fields($result);$i++)
{
$row = odbc_result($result, $i);
if(!empty($row)){
$count++;
}
}
}
if(empty($q)){
echo "";
}else if($count != 0){
echo "Sorry, the username is not available!";
}else{
echo "Username is available!";
}
}
//close the connection
odbc_close ($conn);
}
else echo "odbc not connected";
?>
Am I missing something? Or do I need to download certain drivers for my dedicated server for it to run. Any suggestions?
My assumption is that USER_MEMBERDB that is in your odbc_connect is the name of the MSSQL database that you are trying to connect to.
You could try:
// Microsoft SQL Server using the SQL Native Client 10.0 ODBC Driver - allows connection to SQL 7, 2000, 2005 and 2008
$connection = odbc_connect("Driver={SQL Server Native Client 10.0};Server=$server;Database=$database;", $user, $password);
However, I would recommend using the built in MSSQL functions over ODBC for this purpose:
$conn = mssql_connect('SERVER', 'username', 'password');
http://php.net/manual/en/ref.mssql.php
Related
I am trying to store IP's in a MySQL database and I had a few problems with it which i was able to fix but i keep getting 1 error for people that trying to get onto my website. So when someone gets on my website their IP is displayed with a time stamp but it only works when I connect to my website. When I got my friend to go onto my website he got an error saying why u no query? which helps me find out where the problem is. Now the problem is that I have been trying to solve this issue for the past 2 hours with no luck :(
Screenshot of my screen: My screen
Screenshot of my friends screen: Friends screen
<html>
<head>
<title>Your IP!</title>
</head>
<body>
<?php
$db_host = '127.0.0.1';
$db_user = '***************';
$db_pwd = '*************';
$db = '***************';
// Find their IP and tell them what it is.
$con=mysqli_connect($db_host, $db_user, $db_pwd);
if (getenv('HTTP_X_FORWARDED_FOR')) {
$pip = getenv('HTTP_X_FORWARDED_FOR');
$ip = getenv('REMOTE_ADDR');
echo "Your Proxy IP is: ".$pip."(via ".$ip.")";
} else {
$ip = getenv('REMOTE_ADDR');
echo "Your IP is: ".$ip;
}
echo "<br /><br />";
// Try to select the database.
if(!mysqli_select_db($con, $db)) {
// die("why u no use db? ".mysql_error());
die("why u no use db?");
}
// Try to perform query.
// This is a function so it may easily be called multiple times.
function do_query($query) { // Take in query.
global $con;
if(!$result = mysqli_query($con, $query)) {
// die("why u no query? ".mysql_error());
die("why u no query?");
}
return $result; // Give back result.
}
// Try to see if they are in the database already,
// and if not, then add them.
$result = do_query("select ip from ips where ip='".$ip."'");
$rows = mysqli_num_rows($result);
if($rows == 0) {
do_query("insert into ips (ip) values ('".$ip."')");
}
// Now, display the table.
$result = do_query("select * from ips");
$cols = mysqli_num_fields($result);
echo "<table cellpadding=\"5\" bgcolor=\"#7F7F7F\"><tr>";
for($i = 0; $i < $cols; $i++) {
echo "<td>".mysqli_fetch_field($result)->name."</td>";
}
echo "</tr>";
while($row = mysqli_fetch_row($result)) {
echo "<tr>";
for($i = 0; $i < $cols; $i++) {
if($row[$i] == $ip) { // bold their IP.
echo "<td><b>".$row[$i]."</b></td>";
} else {
echo "<td>".$row[$i]."</td>";
}
}
echo "</tr>";
}
echo "</table>";
?>
</body>
</html>
So first I changed
function do_query($query) { // Take in query.
global $con;
if(!$result = mysqli_query($con, $query)) {
// die("why u no query? ".mysql_error());
die("why u no query?");
to
function do_query($query) { // Take in query.
global $con;
if(!$result = mysqli_query($con, $query)) {
// die("why u no query? ".mysql_error());
die(mysqli_error($con));
Which showed me the error which was Duplicate entry '0' for key 'PRIMARY' and the problem was that I did not set AUTO_INCREMENT on the Primary key.
I have a very simple use case where I am checking if a certain value is present in the table and it always seems to fail.This is my php code.
<?php
include "config.php";
$con = mysqli_connect($server_name,$mysql_user,$mysql_pass,$dbname);
if(!$con)
{
echo "Connection Error".mysqli_connect_error();
}
else{
//echo "";
}
$device_id = $_POST["device_id"];
$check = "SELECT magazine_id FROM registered_buyers WHERE device_id = $device_id";
$rs = mysqli_query($con,$check);
if(mysqli_num_rows($con,$rs) == 0)
{
$jsonarray = $_POST["jsonarray"];
echo "This will be inserted".$jsonarray;
}else
{
echo "User already registered";
}
?>
Can anyone please point out my mistake.Any help or suggestion is welcome.Thank you.
You can try to follow this code.
<?php
include "config.php";
$con = mysqli_connect($server_name,$mysql_user,$mysql_pass,$dbname);
if(!$con){
echo "Connection Error".mysqli_connect_error();
}
$device_id = $_POST["device_id"];
$check = "SELECT magazine_id FROM registered_buyers WHERE device_id = ".$device_id;
$rs = mysqli_query($con, $check);
if(mysqli_num_rows($rs) == 0){
$jsonarray = $_POST["jsonarray"];
echo "This will be inserted".$jsonarray;
}else{
echo "User already registered";
}
?>
since i dont have enough rep to add a comment, i will consider the device_id is string, if so try something like this:
"SELECT magazine_id FROM registered_buyers WHERE device_id = '$device_id'";
add '
Ok so I wrote some code to find records on a test database, it works if there is a record and does display the data, if there is no record it still says that it found stuff. It should say it did not. It even finds stuff that is not in the database but obviously has no data to display, its annoying.
I need a new pair of eyes.
I think the error is here:
$sql = "SELECT * FROM Kittenzz
WHERE KittenID='".$_POST['KittenID']."';";
$result = mysql_query($sql, $connection);
But just in case here is the full code minus the login credentials to the db.
<?php
if(isset($_POST['Find']))
{
$connection = mysql_connect("Login Info Deleted");
// Check connection
if (!$connection)
{
echo "Connection failed: " . mysql_connect_error();
}
else
{ //else 1
//select a database
$dbName="Katz";
$db_selected = mysql_select_db($dbName, $connection);
//confirm connection to database
if (!$db_selected)
{
die ('Can\'t use $dbName : ' . mysql_error());
}
else
{ //else 2
if ($_POST[KittenID]=='')
{
$OutputMessage = 'Must add a Kitten-ID';
}
else
{//exception else
$sql = "SELECT * FROM Kittenzz
WHERE KittenID='".$_POST['KittenID']."';";
$result = mysql_query($sql, $connection);
while($row = mysql_fetch_array($result))
{
$Name = $row['Name'];
$KittenID = $row['KittenID'];
$KittenAge = $row['KittenAge'];
$Email = $row['Email'];
$Comments = $row['Comments'];
$Gender = $row['Gender'];
$Passive = $row['Passive'];
$Playful = $row['Playful'];
$Activity = $row['Activity'];
}
if ($result)
{
$OutputMessage = 'Record Found';
//echo "<p>Record found<p>";
}
else
{
$OutputMessage = 'RECORD NOT FOUND';
}
}//exception else
}//else 2 end
}//else 1 end
mysql_close($connection);
}
?>
if ($result)
{
$OutputMessage = 'Record Found';
}
There is your mistake, that means if the query executed successfully (even with 0 records) you are saying records found. You should only say that if the number of records returned are more than 0.
if (mysql_num_rows($result)>0)
{
$OutputMessage = 'Record Found';
}
But the bigger problem with your code can be solved by this reading
How can I prevent SQL injection in PHP?
This may happen, because if $_POST['KittenID'] is empty, the sql query would look like : SELECT * FROM Kittenzz WHERE KittenID=""; you have to change the above if statement to:
if (!isset($_POST[KittenID]) || empty($_POST[KittenID]) || $_POST[KittenID]=='')
{
$OutputMessage = 'Must add a Kitten-ID';
}
I'm trying to to test to see if an email address exists in my database by running a query check.
I can connect to the database fine.
However no matter what, even if the email exists it returns "doesn't exist".
<?php
//----------------------------------------------------------------------------------//
//Setup
require_once('SB_Constants.php');
//----------------------------------------------------------------------------------//
//Connect to the database
//----------------------------------------------------------------------------------//
$connection = mysqli_connect(DATABASE_HOST, SAVE_USERNAME, SAVE_PASSWORD, DATABASE_NAME);
// check the connection was successful
if (mysqli_connect_errno($connection)) {
header('HTTP/1.0 500 Internal Server Error', true, 500);
die(FailedToAccessDatabase . ". Failed to connect to Database");
} else {
echo "Connection Success!";
}
//Query Check
$assessorEmail = mysqli_query($connection, "SELECT email_address FROM assessorID WHERE email_address = 'ryan#ablah.com'");
if (mysqli_num_rows($query_identifier) == 0) {
die(UnregisteredAssessor . ". Doesn't Exist");
} else {
// Exists
echo "Exists getting ace id.";
//Get the assessor ID
$result = mysqli_query($connection, "SELECT ace_id FROM assessorID WHERE email_address = 'ryan#blah.com'");
echo $result;
}
/* close connection */
mysqli_close($connection);
?>
Any ideas of the problem? :)
Various mistakes. Fix:
$assessorEmail = mysqli_query($connection, "SELECT ace_id,email_address FROM assessorID WHERE email_address = 'ryan#ablah.com'");
if (mysqli_num_rows($assessorEmail) == 0) {
die(UnregisteredAssessor . ". Doesn't Exist");
} else {
// Exists
echo "Exists getting ace id.";
//Get the assessor ID
$result = mysqli_fetch_assoc($assessorEmail);
echo $result['ace_id'];
}
Your problem is mysqli_num_rows($query_identifier) is accessing an undefined variable instead of $assessorEmail.
Additionally, you only need one query if you just want the ace_id:
$assessorEmail = mysqli_query($connection, "SELECT ace_id FROM assessorID WHERE email_address = 'ryan#ablah.com'");
If mysqli_num_rows($assessorEmail) returns a row, than the email exists and you already have the ace_id
while(mysqli_fetch_assoc($assessorEmail) = $row) {
echo $result['ace_id'];
}
I am trying to do a query in which i can see if username and password can match. If it matches, then I will go to the administrator pages. The problem Im having is that i think that the query is not giving me the right results. The database table is called admin, and it has adminame and passadmin. The user im entering IS in the database. The password is encrypted.
<?php
$f_user = $_POST['f_user'];
$f_pass = $_POST['f_pass'];
$status = authenticate($f_user, $f_pass);
if ($status == 1)
{
include("../connections/config.php");
session_start();
//session_register("SESSION_UNAME");
$_SESSION['SESSION_UNAME'] = $f_user;
$SESSION_UNAME = $f_user;
header("Location: unoadmin.php");
exit();
}
else
{
$mensa= "Información Incorrecta...Inténtelo de Nuevo";
header("Location: register.php?mensa=$mensa");
exit();
}
function authenticate($user, $pass)
{
include("../connections/config.php");
$connection = mysql_connect($mach,$userna,$paso) or die ("Unable to connect!");
$query = "SELECT * from admin WHERE adminame = '$f_user'";
mysql_select_db($db);
$result = mysql_query($query, $connection) or die ("Error in query: $query. " . mysql_error());
$num_results = mysql_num_rows($result);
if ($num_results == 1)
{
for($i=0; $i < $num_results; $i++)
{
$row = mysql_fetch_array($result);
$pas = $row["passadmin"];
}
if(crypt($pass,$pas) == $pas)
{
return 1;
}
else
{
return 0;
}
}
else
{
return 0;
}
}
?>
Can someone tell me what is the error? It is leading me to "Información incorrecta. Intentelo de nuevo" or in english "Wrong information. Try again"
It is a bit of a guess, but your authenticate function returns false (error message)
I am not sure what happens in the include, it suggests inclusion of database settings.
You are using 2 different vars for the username: is:
function authenticate($user, $pass) // <-- you pass $user
{
include("../connections/config.php");
$connection = mysql_connect($mach,$userna,$paso) or die ("Unable to connect!");
$query =
"SELECT * from admin WHERE adminame = '$f_user'"; // <-- you use $f_user
Perhaps not a real answer, but it was to long for a comment.
A simple solution of this question is to put your user name and password in variables and match it with database, If result have greater than 1 value than it will go to admin page. For example
$myusername=addslashes($_POST['username']);
$mypassword=addslashes($_POST['password']);
$sql="SELECT * FROM admin WHERE username='$myusername' and password=md5('$mypassword')";
$query = mysql_query($sql);
$row = mysql_num_rows($query);
if($row>0) {
header("location:administrator.php");
}
else {
echo"Please check username and password";
}
From your code you have either:
no such entry in your DB with the username you provided
the password is wrong
Furthermore you should check your code for SQL injections!
Please take time to read article below,
Best Way to prevent SQL Injection in PHP