My code always return "true" whatever the string is I tried a bunch of thing but they are only return false... I have no idea what I can do to fix this... my code:
public function isBlacklisted($string)
{
$apis = mysql_connect("mysql.hostinger.fr", "mysql user", "testpass") or die(mysql_error());
mysql_select_db("u770656121_api", $apis);
$sql = "SELECT * FROM blacklist";
$result = mysql_query($sql, $apis);
while($row = mysql_fetch_array($result)) {
$username = $row['username'];
if (strpos($string,$username) !== 0) {
return true;
break;
} else {
return false;
break;
}
}
}
strpos returns false is it is not found, and 0 if it is in the first position of the string. It sounds like you want to do:
if (strpos($string,$username) !== false) {
Also, you are looping over the DB results, you should only return if it is found:
while($row = mysql_fetch_array($result)) {
$username = $row['username'];
if (strpos($string,$username) !== false) {
return true;
}
}
return false;
Or, even better:
$sql = "SELECT * FROM blacklist WHERE 'username' LIKE '%$username%'";
$result = mysql_query($sql, $apis);
while($row = mysql_fetch_array($result)) {
if ($row['username']) return true;
}
making sure to escape $username and ideally switching to mysqli or pdo instead of using deprecated mysql statements.
Related
I want to create a function that automatically makes a connection to the database and performs the given queries but I can't get it to work and it gives no errors.
I think I'm not outputting in the correct way my goal is to output a array that stores all the returned values from the queries.
Here is my code so far hope you can help:
public function db_query() {
$ini = parse_ini_file($_SERVER['DOCUMENT_ROOT'] . '/app.ini');
$mysqli = new mysqli($ini['db_location'], $ini['db_user'], $ini['db_password'], $ini['db_name']);
// create string of queries separated by ;
$query = "SELECT name FROM mailbox;";
$query .= "SELECT port FROM mailbox";
// execute query - $result is false if the first query failed
$result = mysqli_multi_query($mysqli, $query);
if ($result) {
do {
// grab the result of the next query
if (($result = mysqli_store_result($mysqli, 0)) === false && mysqli_error($mysqli) != '') {
echo "Query failed: " . mysqli_error($mysqli);
while ($row = $result->fetch_row()) {
echo $row[0];
}
}
} while (mysqli_more_results($mysqli) && mysqli_next_result($mysqli)); // while there are more results
} else {
echo "First query failed..." . mysqli_error($mysqli);
}
}
Note: I did not add the parameter for the query just for testing
purposes.
public function db_query($mysqli) {
$return = [];
$result = mysqli_query($mysqli, "SELECT name FROM mailbox");
while ($row = $result->fetch_row()) {
$return[] = $row[0];
}
$result = mysqli_query($mysqli, "SELECT port FROM mailbox");
while ($row = $result->fetch_row()) {
$return[] = $row[0];
}
return $return;
}
simple, clean, efficient, always works
I have written a piece of code for coupon. whenever I use the function to check if the Coupon Code exists, it returns true and prints the statement. But I can't get the false return and cannot get the statement printed for false case.
function db_connect() {
static $connection;
if (!isset($connection)) {
$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
}
if ($connection === false) {
return mysqli_connect_error();
}
return $connection;
}
function db_query($query) {
$connection = db_connect();
$result = mysqli_query($connection, $query);
return $result;
}
function db_error() {
$connection = db_connect();
return mysqli_error($connection);
}
function db_select($query) {
$rows = array();
$result = db_query($query);
if ($result === false) {
return false;
}
while ($row = mysqli_fetch_assoc($result)) {
$rows[] = $row;
}
return $rows;
}
function db_rows($query) {
$result = db_query($query);
if ($result === false) {
return false;
}
$total_rows = mysqli_num_rows($result);
return $total_rows;
}
function couponExists($cc) {
$results = db_rows("SELECT * from ms_coupons where coupon_code='".$cc."'") or die(db_error());
if ($results > 0) {
return true;
} else {
return false;
}
}
DB table : ms_coupons
coupon_id coupon_code
1 CODE50
check_coupon.php
$coupon = $_REQUEST['coupon_code'];
if (!couponExists($coupon)) {
echo "Does not exist!";
} else {
echo "Coupon exists!";
}
when i supply coupon_code as CODE50 it prints, Coupon exists! but when i supply something different like CODE51 then the pays prints nothing.
Your problem is with this line in your code:
$results = db_rows("SELECT * from ms_coupons where coupon_code='".$cc."'") or die(db_error());
db_rows function returns number of rows, in your case it can be only two values - 1 or 0. If db_rows return 0 your script executes the die(db_error()) part (but there is no mysqli_error).
Remove the or die(db_error()) part, like this:
$results = db_rows("SELECT * from ms_coupons where coupon_code='".$cc."'");
If you want to check for mysqli_errors, move it to your db_query function.
This Is My Database configuration
It's Extension is Mysql. iwant to change its extension to Mysqli. Help me please.Thanks In Advance.I Want to Change This Because MySQL EXTENSION is no longer available in latest php
class CMySQL {
// variables
var $sDbName;
var $sDbUser;
var $sDbPass;
var $vLink;
// constructor
function CMySQL() {
$this->sDbName = 'YOUR_DB_NAME';
$this->sDbUser = 'DB_USER_NAME';
$this->sDbPass = 'DB_USER_PASS';
// create db link
$this->vLink = mysql_connect("localhost", $this->sDbUser, $this->sDbPass);
//select the database
mysql_select_db($this->sDbName, $this->vLink);
mysql_query("SET names UTF8");
}
// return one value result
function getOne($query, $index = 0) {
if (! $query)
return false;
$res = mysql_query($query);
$arr_res = array();
if ($res && mysql_num_rows($res))
$arr_res = mysql_fetch_array($res);
if (count($arr_res))
return $arr_res[$index];
else
return false;
}
// executing sql
function res($query, $error_checking = true) {
if(!$query)
return false;
$res = mysql_query($query, $this->vLink);
if (!$res)
$this->error('Database query error', false, $query);
return $res;
}
// return table of records as result in pairs
function getPairs($query, $sFieldKey, $sFieldValue, $arr_type = MYSQL_ASSOC) {
if (! $query)
return array();
$res = $this->res($query);
$arr_res = array();
if ($res) {
while ($row = mysql_fetch_array($res, MYSQL_ASSOC)) {
$arr_res[$row[$sFieldKey]] = $row[$sFieldValue];
}
mysql_free_result($res);
}
return $arr_res;
}
// return table of records as result
function getAll($query, $arr_type = MYSQL_ASSOC) {
if (! $query)
return array();
if ($arr_type != MYSQL_ASSOC && $arr_type != MYSQL_NUM && $arr_type != MYSQL_BOTH)
$arr_type = MYSQL_ASSOC;
$res = $this->res($query);
$arr_res = array();
if ($res) {
while ($row = mysql_fetch_array($res, $arr_type))
$arr_res[] = $row;
mysql_free_result($res);
}
return $arr_res;
}
// return one row result
function getRow($query, $arr_type = MYSQL_ASSOC) {
if(!$query)
return array();
if($arr_type != MYSQL_ASSOC && $arr_type != MYSQL_NUM && $arr_type != MYSQL_BOTH)
$arr_type = MYSQL_ASSOC;
$res = $this->res ($query);
$arr_res = array();
if($res && mysql_num_rows($res)) {
$arr_res = mysql_fetch_array($res, $arr_type);
mysql_free_result($res);
}
return $arr_res;
}
// escape
function escape($s) {
return mysql_real_escape_string($s);
}
// get last id
function lastId() {
return mysql_insert_id($this->vLink);
}
// display errors
function error($text, $isForceErrorChecking = false, $sSqlQuery = '') {
echo $text; exit;
}
}
$GLOBALS['MySQL'] = new CMySQL();
mysqli has object oriented approach to all the funtions.
for example,
$this->vLink = new mysqli("localhost", $this->sDbUser, $this->sDbPass,$this->sDbName);
But along with the object oriented approach mysqli procedural approach also exists which has just mysqli instead of mysql everywhere. But I personally recommend you to go with the object oriented approach.you can see other important functions along with the old mysql functions here.
My function is always returning false when it should return true, and I can't find why
public function isReselling($key)
{
if ($this->validateKey($key)) {
return false;
}
$apis = mysql_connect("mysql.hostinger.fr", "u770656121_uapi", "testpass") or die(mysql_error());
mysql_select_db("u770656121_api", $apis);
$sql = "
SELECT * FROM api_id
";
$result = mysql_query($sql, $apis);
while($row = mysql_fetch_array($result)) {
$blacklisttho = $row['Banned'];
if ($blacklisttho == 1) {
return true;
}
}
return false;
}
Well, you need to check where exactly the 'return' is beign made, and investigate based on that:
public function isReselling($key)
{
if ($this->validateKey($key)) {
die('validate fails');
return false;
}
$apis = mysql_connect("mysql.hostinger.fr", "u770656121_uapi", "testpass") or die(mysql_error());
mysql_select_db("u770656121_api", $apis);
$sql = "
SELECT * FROM api_id
";
$result = mysql_query($sql, $apis);
while($row = mysql_fetch_array($result)) {
$blacklisttho = $row['Banned'];
if ($blacklisttho == 1) {
return true;
}
}
die('no results.');
return false;
}
and btw, you don't want to have multiple 'returns' around the code, that's bad practice.
I would change your code to something like:
public function isReselling($key)
{
$retValue = false;
if ($this->validateKey($key) === false) {
$apis = mysql_connect("mysql.hostinger.fr", "u770656121_uapi", "testpass") or die(mysql_error());
mysql_select_db("u770656121_api", $apis);
$sql = "SELECT * FROM api_id";
$result = mysql_query($sql, $apis);
while($row = mysql_fetch_array($result)) {
if ($row['Banned'] == 1) {
$retValue = true;
break;
}
}
}
return $retValue;
}
In following code I have upgraded function from MYSQL into MYSQLI, I got some help in my previous posts and they said what should be done.. but now comes the question how to do it..
The thing is to set id before return, otherwise I still will be receiving user ID = 1 no matter on which account I login.
function user_id_from_username($username) {
$username = sanitize($username);
global $db_connect;
$result = $db_connect->query("SELECT(id) FROM members WHERE username = '$username'");
if (false === $result) {
return false;
}
return ($result->num_rows == 1) ? id : false;
I tried to do as in my old MYSQL code, but then it gives error.
My old code:
function user_id_from_username($username){
$username = sanitize ($username);
return mysql_result(mysql_query("SELECT(id) FROM members WHERE username = '$username'"), 0, 'id');
}
I would be grateful for any help!
I didn't try it out but this should work right?
I also put $db_connect as parameter because its safer but it's up to you.
function user_id_from_username($username) {
$username = sanitize($username);
global $db_connect;
$result = $db_connect->query("SELECT id FROM members WHERE username = '".$db_connect->real_escape_string($username)."'");
if (!$result) {
return false;
}
if($result->num_rows == 1){
$row = $result->fetch_assoc();
$output = $row['id'];
}
else{
$output = "Username does not exist in table or is a duplicate.";
}
return $output;
}
Did you try fetch_array or mysqli_fetch_array?
$row = $result->fetch_array(MYSQLI_ASSOC);
// or
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// and returning
return $row['id'] ? $row['id'] : false;
return ($result->num_rows == 1) ? id : false;
should be
if(mysqli_num_rows($result) ===1 ){
$row = mysqli_fetch_assoc($result);
return intval($row['id']);
}
return false;