Hello i am having some trouble getting a script to run, i keep getting an error message saying it expects two parameters and i have no idea how to fix it, heres the script:
<?php
session_start ();
if(isset($_SESSION['user'])){
$username = $_SESSION['username'];
if(isset($_POST['submit'])){
$oldpassword = $_POST['oldpassword'];
$newpassword = $_POST['newpassword'];
$serverName = "server";
$connectionInfo = array("Database"=>"database","UID"=>"id", "PWD"=>"pass");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn === false){
echo "Error in connection.\n";
die( print_r( sqlsrv_errors(), true));
}
$tsql = "SELECT userPass FROM customers WHERE userName='$username'";
$stmt = sqlsrv_query($conn, $tsql, array(), array( "Scrollable" => 'static' ));
if ( !$stmt ){
die( print_r( sqlsrv_errors(), true));
}
$rows = sqlsrv_num_rows($stmt);
if($rows === false){
die( print_r( sqlsrv_errors(), true));
}elseif($rows == 0){
echo "No rows returned.";
exit();
}else{
$querychange = sqlsrv_query("UPDATE customers SET userPass='$newpassword' WHERE userName='$username'");
session_destroy();
die ("Your password has been changed. <a href='index.php'>Return</a> to the main page and login with your new password.");
}
}
}
?>
I keep getting this error
PHP Warning: sqlsrv_query() expects at least 2 parameters, 1 given in file_name.php on line 27
Line 27 is where i update customers. If anyone can spot an error in the script can you let me know, also yes I've not done SQL injection, at this stage I'm simply trying to get it working before I implement that.
Thanks for all the help, it's much appreciated
Try passing connection to sqlsrv_query
something like:
$querychange = sqlsrv_query($conn, "UPDATE customers SET userPass='$newpassword' WHERE userName='$username'");
Related
I want to display all databases in microsoft sql srv for admin panel, but i have problem with get value. I'm try with query:
EXEC sp_databases
This query is executed successfully in sql srv, but when i'm try make this same by PHP, im not see value, no any errors or warnings, return null
My PHP Code:
<?php
$serverName = $_POST['hostname'];
$uid = $_POST['username'];
$pwd = $_POST['password'];
$connectionInfo = array( "UID"=>$uid,
"PWD"=>$pwd);
$connsrv = sqlsrv_connect( $serverName, $connectionInfo);
if($connsrv == TRUE ){
echo "connected";
$tsql = "EXEC sp_databases";
$stmt = sqlsrv_query( $connsrv, $tsql);
while( $row = sqlsrv_fetch_array($stmt)){
echo $row['DATABASE_NAME'];
}
}else{
echo "no connect";
}
?>
I don't know why I not see any result - any suggestions ? :(
One possible explanation for this unexpected behaviour is that CREATE DATABASE or ALTER ANY DATABASE or VIEW ANY DEFINITION permissions are requied to run the sp_databases stored procedure (I can reproduce this with a server login, which has only public role). Set the needed permissions for the connection user, or as another option, try to use the sys.databases system view.
<?php
// Connectuion
$serverName = $_POST['hostname'];
$uid = $_POST['username'];
$pwd = $_POST['password'];
$connectionInfo = array("UID" => $uid, "PWD" => $pwd);
$connsrv = sqlsrv_connect($serverName, $connectionInfo);
if ($connsrv === false){
echo "Not connected";
exit;
}
// sp_databases
echo "Connected. EXEC sp_databases: "."<br>";
$tsql = "EXEC sp_databases";
$stmt = sqlsrv_query( $connsrv, $tsql);
if ($stmt === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
while( $row = sqlsrv_fetch_array($stmt)){
echo $row['DATABASE_NAME']."<br>";
}
sqlsrv_free_stmt($stmt);
// sys.databases
echo "Connected. SELECT * FROM sys.databases: "."<br>";
$tsql = "SELECT * FROM sys.databases";
$stmt = sqlsrv_query( $connsrv, $tsql);
if ($stmt === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
while( $row = sqlsrv_fetch_array($stmt)){
echo $row['name']."<br>";
}
sqlsrv_free_stmt($stmt);
// End
sqlsrv_close($connsrv);
?>
So I keep getting this error when I want to query something to the ms sql server..
The connection is made with the database but the queries seem to fail.
The error log contains this:
PHP Fatal error: Call to undefined function mssql_query()
The code on the php:
session_start();
include_once("connect.php");
if (isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM test WHERE username='".$username."' AND password='".$password."'";
$res = mssql_query ($sql) or die(mssql_error());
if (mssql_num_rows($res) == 1) {
$row = mssql_fetch_assoc($res);
$_SESSION['uid'] = $row['id'];
$_SESSION['username'] = $row['Username'];
$_SESSION['afdeling'] = $row['Afdeling'];
$_SESSION['mail'] = $row['Mail'];
header("Location: test.php");
exit();
} else {
echo "Invalid login information. Please return to the previous page.";
exit(); } } ?>
Does anybody knows what the problem is?
Thanks in advance!
connect.php code:
<?php
$serverName = "MTN-TEST"; //serverName\instanceName
$connectionInfo = array( "Database"=>"PROCES_TEST", "UID"=>"blaaa", "PWD"=>"blooo");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn ) {
echo "<span style='color:green;'>Connection established.</span><br />";
}else{
echo "<span style='color:red;'>Connection could not be established.</span><br />";
die( print_r( sqlsrv_errors(), true));
}
?>
You don't have the MS SQL Drivers installed.
You can check this with phpinfo();
On Linux you need mssql.so or sybase.so
With debian its apt-get install php5-sybase
For windows take a look here:
http://msdn.microsoft.com/en-US/library/cc793139%28v=SQL.90%29.aspx
Drivers need to be configured for PHP to find the function mssql_...
You could also look at PDO DB classes as they can connect to any DBS, you need the drivers installed tho.
If your connect.php code returns "Connection established.", it's mean you installed MS SQL Drivers correctly.
You have to use sqlsrv_queryfunction instead of mssql_query.
The correct form of this command is:
<?php
$serverName = "serverName";
$options = array( "UID" => "sa", "PWD" => "Password", "Database" => "DBname");
$conn = sqlsrv_connect($serverName, $options);
if( $conn ) {
echo "Connection established.<br />";
$query='select * from test';
$result = sqlsrv_query($conn,$query);
}else{
echo "Connection could not be established.<br />";
die( print_r( sqlsrv_errors(), true));
}
?>
you can learn more here:
"PHP Fatal error: Call to undefined function mssql_select_db() in c:\...appscript.php on line 16"
you can use mssql_get_last_message() for mssql errors
I've been programming this server / database in Microsoft Azure. And I've created this PHP to control everything. The main goal is to create a website where you are able to register and log in, for this I need a database and server which handles all these values.
In my code hoewever, the database doesn't seem to be storing anything, everything does what's expected, expect for the connection between database and PHP document. Therefore I turned to you guys, heard u'd be the best haha!
Just FYI, first post, be nice :)
Here's my PHP doc.
<?php
if (isset($_POST['submits']))
{
if (empty($_POST['usernames']))
{
$error = "Fill in all the boxes";
}
elseif (empty($_POST['passwords']))
{
$error = "Fill in all the boxes";
}
elseif (empty($_POST['emails']))
{
$error = "Fill in all the boxes";
}
elseif(strpos($_POST['emails'], "#") === false)
{
$error = "Wrong syntax: example#.com";
}
else
{
$username=$_POST['usernames'];
$password=$_POST['passwords'];
$email=$_POST['emails'];
$connectionInfo = array("UID" => "MY_SERVER_EMAIL", "pwd" => " MY_PASSWORD", "Database" => "MY_DATABASE", "LoginTimeout" => 30, "Encrypt" => 1);
$serverName = "(MY_DATABASE";
$conn = sqlsrv_connect($serverName, $connectionInfo);
$sql = "SELECT username, email FROM dbo.Login";
$stmt = sqlsrv_query( $conn, $sql );
if( $stmt === false) {
die( print_r( sqlsrv_errors(), true) );
}
$usertrue=TRUE;
if($usertrue===TRUE)
{
$error = "Account added";
$hashedpassword = md5(md5(sha1(sha1(md5($password)))));
$query = "INSERT INTO dbo.Login (username, password, email) VALUES ('$username', '$hashedpassword', '$email' )";
$result = sqlsrv_query($conn, $query );
if($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
echo "Connected succesfully";
}
sqlsrv_free_stmt( $stmt);
sqlsrv_close($conn); // Closing Connection
}
}
?>
The form is named POST and the inputs are named usernames, passwords, emails and submits.
Grateful for answers!
Anton
Looking at the code, I am assuming that you have replace the values with some place-holder.
Nevertheless, there might be some typo. There $ServerName has a "(". and I believe the Insert statement is not formatted correctly (i.e., all $username, $password, $email) is not getting evaluated because it is treated as string.
Also, why are you checking for connection error after executing the insert query. It should be checked first and re-connected if it is not connected before executing the insert query.
I would like to insert data from a form using php into mssql 2012.
The above picture shows I installed drivers for php to work with mssql and after testing the connection it was success.
Following is the script written to do the insertion:
$serverName = "SUPERMAN";
$connectionInfo = array('Database'=>'xikwambene', "UID"=>"develop", "PWD"=>"develop");
$conn = sqlsrv_connect($serverName, $connectionInfo);
if($conn) {
echo "Connection established.<br />";
}else {
echo "Connection could not be established.<br />";
die(print_r(sqlsrv_errors(), true));
}
if(empty($_POST) === false && empty($errors)=== true)
{
$id = $_POST['id'];
$name = $_POST['name'];
$query = "INSERT INTO dbo.test (id,name)
VALUES ('$id','$name')GO";
$result = sqlsrv_prepare($conn,$query)or die('Error querying MSSQL database');
sqlsrv_execute($result);
//redirect
header('Location: Address_insert.php');
exit();
}
?>
Now the problem is nothing gets inserted into the database, and it successfully redirects to
Address_insert.php
Please Assist. its my first day working with php and mssql
if(empty($_POST) === false && empty($errors)=== true)
{
$id = $_POST['id'];
$name = $_POST['name'];
print_r($_POST);
$query = "INSERT INTO dbo.test (id,name)
VALUES (?,?)";
$params = array($id, $name);
$stmt = sqlsrv_query( $conn, $query, $params);
if( $stmt === false ) {
die( print_r( sqlsrv_errors(), true));
}
The answer is based on information from: http://www.php.net/manual/en/function.sqlsrv-query.php
After this code:
$id = $_POST['id'];
$name = $_POST['name'];
add this :
$id = $_POST['id'];
$name = $_POST['name'];
print_r($_POST)
to see if the script receive the php variables sent thru $_POST and comment :
//header('Location: Address_insert.php'); so you can see the print.
This method for me always give results.
Best regards!
$query = "INSERT INTO dbo.test (id,name)
VALUES ('$id','$name')GO";
$result = sqlsrv_prepare($conn,$query)or die('Error querying MSSQL database');
Here, $query is not compatible for a prepared statement. You don't assign parameters in queries in prepared statements, you use place holders like ?. If you wish to use prepared statements, you are doing it in a wrong way. If you wish to use regular queries, you would want to remove the sqlsrv_prepare ( ) line of code.
So I keep getting this error when I want to query something to the ms sql server..
The connection is made with the database but the queries seem to fail.
The error log contains this:
PHP Fatal error: Call to undefined function mssql_query()
The code on the php:
session_start();
include_once("connect.php");
if (isset($_POST['username'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM test WHERE username='".$username."' AND password='".$password."'";
$res = mssql_query ($sql) or die(mssql_error());
if (mssql_num_rows($res) == 1) {
$row = mssql_fetch_assoc($res);
$_SESSION['uid'] = $row['id'];
$_SESSION['username'] = $row['Username'];
$_SESSION['afdeling'] = $row['Afdeling'];
$_SESSION['mail'] = $row['Mail'];
header("Location: test.php");
exit();
} else {
echo "Invalid login information. Please return to the previous page.";
exit(); } } ?>
Does anybody knows what the problem is?
Thanks in advance!
connect.php code:
<?php
$serverName = "MTN-TEST"; //serverName\instanceName
$connectionInfo = array( "Database"=>"PROCES_TEST", "UID"=>"blaaa", "PWD"=>"blooo");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn ) {
echo "<span style='color:green;'>Connection established.</span><br />";
}else{
echo "<span style='color:red;'>Connection could not be established.</span><br />";
die( print_r( sqlsrv_errors(), true));
}
?>
You don't have the MS SQL Drivers installed.
You can check this with phpinfo();
On Linux you need mssql.so or sybase.so
With debian its apt-get install php5-sybase
For windows take a look here:
http://msdn.microsoft.com/en-US/library/cc793139%28v=SQL.90%29.aspx
Drivers need to be configured for PHP to find the function mssql_...
You could also look at PDO DB classes as they can connect to any DBS, you need the drivers installed tho.
If your connect.php code returns "Connection established.", it's mean you installed MS SQL Drivers correctly.
You have to use sqlsrv_queryfunction instead of mssql_query.
The correct form of this command is:
<?php
$serverName = "serverName";
$options = array( "UID" => "sa", "PWD" => "Password", "Database" => "DBname");
$conn = sqlsrv_connect($serverName, $options);
if( $conn ) {
echo "Connection established.<br />";
$query='select * from test';
$result = sqlsrv_query($conn,$query);
}else{
echo "Connection could not be established.<br />";
die( print_r( sqlsrv_errors(), true));
}
?>
you can learn more here:
"PHP Fatal error: Call to undefined function mssql_select_db() in c:\...appscript.php on line 16"
you can use mssql_get_last_message() for mssql errors