I have a php script that is supposed to execute several mysql statements, everything works if there are no comments /* */ and no breaklines...
Could you please help me add this functionality, also ignore -- comments
<?
$sqlFileToExecute = 'mysql_dump.sql';
$hostname = 'localhost';
$db_user = 'root';
$db_password = '';
$database_name = 'db_';
$link = mysql_connect($hostname, $db_user, $db_password);
if (!$link) {
die ("error connecting MySQL");
}
mysql_select_db($database_name, $link) or die ("wrong DB");
$f = fopen($sqlFileToExecute,"r+");
$sqlFile = fread($f, filesize($sqlFileToExecute));
$sqlArray = explode(';',$sqlFile);
foreach ($sqlArray as $stmt) {
//THIS SEEMS NOT TO WORK
if (strlen($stmt)>3 && substr(ltrim($stmt),0,2)!='/*') {
$result = mysql_query($stmt);
if (!$result) {
$sqlErrorCode = mysql_errno();
$sqlErrorText = mysql_error();
$sqlStmt = $stmt;
break;
}
}
}
if ($sqlErrorCode == 0) {
echo "SETUP COMPLETED ;)";
} else {
echo "FAIL!<br/>";
echo "Error code: $sqlErrorCode<br/>";
echo "Error text: $sqlErrorText<br/>";
echo "Statement:<br/> $sqlStmt<br/>";
}
?>
Are you sure you need to run it this manner:
You can also use
$mysql -pxxx -u username db_name -vvv < sourcefile.sql >/tmp/outfile.log
Enable verbose mode to check the stats, else you can omit -vvv option
OR
mysql > source "sourcefile.sql"
You can see more options here
Related
<?php
getdata();
function getdata(){
$server="";
$dbHost = "localhost";
$dbDatabase = "h_php";
$dbPasswrod = "";
$dbUser = "root";
$mysqli = new mysqli($dbHost, $dbUser, $dbPasswrod, $dbDatabase);
// Check connection
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
$sql = "SELECT * from items";
$result = mysql_query($query);
if(!$result) die("Oh crap...: " . mysql_error());
$rows = mysql_num_rows($result);
for ($j = 0 ; $j <= $rows; $j++)
{
$row = mysql_fetch_row($result);
$row[1]= $server;
$command = "nslookup ".$server;
exec($command, $result);
$nslookup_result="";
foreach($result as $line){
$nslookup_result.= $line."<br> ";
}
updatenslookup($server,$nslookup_result);
}
$mysqli->close();
}
function updatenslookup($url,$nsresult) {
// Create connection
$dbHost = "localhost";
$dbDatabase = "h_php";
$dbPasswrod = "";
$dbUser = "root";
$mysqli = new mysqli($dbHost, $dbUser, $dbPasswrod, $dbDatabase);
// Check connection
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
$updatesql = "UPDATE `items` SET `description`='".$nsresult."' WHERE `title` ='".$url."'";
if ($mysqli->query($updatesql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $mysqli->error;
}
$mysqli->close();
}
?>
This bit makes no sense to me:
function getdata(){
$server=""; //<---------- set here
$dbHost = "localhost";
$dbDatabase = "h_php";
$dbPasswrod = "";
$dbUser = "root";
$mysqli = new mysqli($dbHost, $dbUser, $dbPasswrod, $dbDatabase);
// Check connection
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
$sql = "SELECT * from items";
$result = mysql_query($query);
if(!$result) die("Oh crap...: " . mysql_error());
$rows = mysql_num_rows($result);
for ($j = 0 ; $j <= $rows; $j++)
{
$row = mysql_fetch_row($result);
$row[1]= $server; //<---- sure you want to do this
//your basically setting $row[1] = '' on every iteration
//so your command below is "nslookup " because $server = ''
$command = "nslookup ".$server;
exec($command, $result);
$nslookup_result="";
foreach($result as $line){
$nslookup_result.= $line."<br> ";
}
updatenslookup($server,$nslookup_result);
}
$mysqli->close();
}
It seems to me this bit $row[1]= $server; is backwards.
But lets not forget the SQLInjection issues here:
function updatenslookup($url,$nsresult) {
// Create connection
$dbHost = "localhost";
$dbDatabase = "h_php";
$dbPasswrod = "";
$dbUser = "root";
$mysqli = new mysqli($dbHost, $dbUser, $dbPasswrod, $dbDatabase);
// Check connection
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
$updatesql = "UPDATE `items` SET `description`='".$nsresult."' WHERE `title` ='".$url."'";
if ($mysqli->query($updatesql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $mysqli->error;
}
$mysqli->close();
}
Specifically this stuff:
function updatenslookup($url,$nsresult) {
// ....
$updatesql = "UPDATE `items` SET `description`='".$nsresult."' WHERE `title` ='".$url."'";
// ....
}
The big issue with it is I can inject whatever I want into this table, then you take that data and shoot it right into
exec("nslookup ".$row[1], $result); //simplified $server = $row[1] + exec("nslookup ".$server)
So in theory I can (or may be able to) inject my own command line calls into exec, at least to some extent. I'm not sure all what someone could do with these issues, what the worst case would be, but I would avoid it in any case.
There is no way for me to know where the data for updatenslookup($url,$nsresult) comes from or if its clean, but it doesn't matter. One reason to prepare the sql is to have the security right where the issue is so you can clearly tell by looking at just the query if its safe or not. And you don't have to worry about missing some piece of data that could sneak in there.
You should use escapeshellarg at the very least, and clean up the SQL vulnerabilities by preparing your queries.
As far as this Call to a member function fetch_assoc() on array, I don't even see a call to fetch_assoc() in your code. Maybe I missed it but all I see is this $row = mysql_fetch_row($result); for reading data, which is procedural where you use the OOP in the other code . which is irritating .. but I get it, which is why I only use PDO now...
Etc..
I always feel bad when I shred up someones hard work, but I would be remiss not to mention such a big security hole.
Cheers.
<?php
$db_host = "127.0.0.1";
$db_user = "root";
$db_passwd = "111111";
$db_name = "proj_manager";
$mysqli = new mysqli($db_host, $db_user, $db_passwd, $db_name);
if($mysqli) {
echo "connect <br/>";
} else {
echo "not connect <br/>";
}
$query = "show databases;";
$result = mysqli_query($mysqli, $query);
if(!$result) {
die('error:' . mysqli_error());
}
echo "database list : <br/>";
while($row = mysqli_fetch_array($result)) {
echo $row[0] . "<br/>";
}
mysqli_close($mysqli);
?>
I making WebSever by PHP, But I have some problem.
I must saved PHP files at htdocs folder, and my Apache port num is 8081.
(MySQL number is 3307)
So I connected at http://localhost:8081/connect.php
But show this error 404 Not found
Not Found
The requested URL /connect.php was not found on this server.
(http://localhost:8081/phpmyadmin/index.php work perfectly)
How do I solve the problem?
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I am getting the following error in my browser when trying to run this script:
Parse error: syntax error, unexpected end of file in C:\wamp\www\server2.php on line 35
Note: Line 35 is the last line in the script. Sorry I am very new to PHP
<?php
// get the command
$command = $_REQUEST['command'];
// determine which command will be run
if($command == "getAnimalList") {
// return a list of animals
echo "bird,dog,cat,cow,sheep";
} else if($command == "getAnimalSound") {
// get the animal parameter and send the right response
$animal = $_REQUEST['cat'];
// fetch the sound of the animal from the database
$username = "root"; $password = ""; $hostname = "localhost";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
//select a database to work with
$selected = mysql_select_db("rosslocalhost1",$dbhandle)
or die("Could not select examples");
//execute the SQL query and try to return a record
$result = mysql_query("SELECT sound FROM animalsounds WHERE name='$animal'");
if (!$result) {
echo 'Dont know' .mysql_error();
exit;
}
$row = mysql_fetch_array($result);
echo $row['sound'];
?>
You've missed the closing bracket in the elseif statement of if($command == "getAnimalList")
<?php
// get the command
$command = $_REQUEST['command'];
// determine which command will be run
if($command == "getAnimalList") {
// return a list of animals
echo "bird,dog,cat,cow,sheep";
} else if($command == "getAnimalSound") {
// get the animal parameter and send the right response
$animal = $_REQUEST['cat'];
// fetch the sound of the animal from the database
$username = "root"; $password = ""; $hostname = "localhost";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
//select a database to work with
$selected = mysql_select_db("rosslocalhost1",$dbhandle)
or die("Could not select examples");
//execute the SQL query and try to return a record
$result = mysql_query("SELECT sound FROM animalsounds WHERE name='$animal'");
if (!$result) {
echo 'Dont know' .mysql_error();
exit;
}
$row = mysql_fetch_array($result);
echo $row['sound'];
}
?>
Here is your code properly indented. You did not properly close else if ($command == "getAnimalSound")
<?php
// get the command
$command = $_REQUEST['command'];
// determine which command will be run
if ($command == "getAnimalList") {
// return a list of animals
echo "bird,dog,cat,cow,sheep";
} else if ($command == "getAnimalSound") {
// get the animal parameter and send the right response
$animal = $_REQUEST['cat'];
}
// fetch the sound of the animal from the database
$username = "root";
$password = "";
$hostname = "localhost";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
echo "Connected to MySQL<br>";
//select a database to work with
$selected = mysql_select_db("rosslocalhost1", $dbhandle) or die("Could not select examples");
//execute the SQL query and try to return a record
$result = mysql_query("SELECT sound FROM animalsounds WHERE name='$animal'");
if (!$result) {
echo 'Dont know' . mysql_error();
exit;
}
$row = mysql_fetch_array($result);
echo $row['sound'];
?>
So I have these specific rows that I'm pulling if a code matches the database but I have no idea on how to echo this to my full html, is there anyway to make this $rows a $_POST or $_get to html?
thanks
<?php
$db_hostname = 'localhost';
$db_database = 'codedb';
$db_username = 'root';
$db_password = '';
$table = 'users';
$field = 'code';
$test = 'first_name';
// Connect to server.
$connection = mysql_connect($db_hostname, $db_username, $db_password) OR DIE ("Unable to
connect to database! Please try again later.");
// Select the database.
mysql_select_db($db_database,$connection)
or die("Unable to select database: " . mysql_error());
$query = "SELECT * FROM $table WHERE $field = '{$_GET["qcode"]}'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0) {
while($row = mysql_fetch_array($result)) {
$name = $row["$field"];
$test = $row["$test"];
echo "Hello: $name $test";
}
} else {
echo "error msg";
}
mysql_close($connection);
?>
You just need to update your while loop
Following code is to create your result Array, by that result array you can use the values in HTML too.
$resArr = array();
while($row = mysql_fetch_array($result)) {
$resArr[] = $row;
}
echo "<pre>";print_R($resArr);exit;
try
$query = "SELECT * FROM '$table' WHERE '$field' = '".$_GET["qcode"]."'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0)
{
while($row = mysql_fetch_assoc($result))
{
$name1 = $row[$field];
$test1 = $row[$test];
echo "Hello:" .$name1. $test1;
}
}
else { echo "error msg"; }
Also use mysql_real_escape_string() to prevent sql injection or better to use mysqli or PDO
You have two alternatives :
i) Use a .php file and write the html part there. This way you run php code with simple, php tags and display stuff where you need.
example :
Create a file called test.php and put this code in it and run.
</head>
<body>
<?php
$db_hostname = 'localhost';
$db_database = 'codedb';
$db_username = 'root';
$db_password = '';
$table = 'users';
$field = 'code';
$test = 'first_name';
// Connect to server.
$connection = mysql_connect($db_hostname, $db_username, $db_password) OR DIE ("Unable to
connect to database! Please try again later.");
// Select the database.
mysql_select_db($db_database,$connection)
or die("Unable to select database: " . mysql_error());
$query = "SELECT * FROM $table WHERE $field = '{$_GET["qcode"]}'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0)
{
while($row = mysql_fetch_array($result)) {
$name = $row["$field"];
$test = $row["$test"];
echo "<p>".$name." ".$test."</p>";
}
}
else { echo "error msg"; }
mysql_close($connection);
?>
</body>
</html>
This example puts the content in a paragraph in the html.
ii) echo the content from php by encoding it JSON and receive it using jquery from your html form. I'll not elaborate on this since it is not in the scope of the question.
And DO REMEMBER TO USE THE mysql_real_escape_string() to keep your code robust and prevent sql injection.
I got my script working for one column of data but I am trying to send it other data to a second column in mysql table. Here's my php code:
<?php
function db_connect()
{
$hostname = '127.0.0.1';
$db_user = 'root';
$db_password = '';
$db_name = 'hit';
mysql_connect ($hostname, $db_user, $db_password) or die (mysql_error());
echo "Success.. Connected to MySQL...<br />";
mysql_select_db($db_name) or die(mysql_error());
echo "Success.. Connected to Database...<br /> ";
}
function insertData($DATA)
{
function insterData($DATA2)
{
db_connect();
$requete = "INSERT INTO data SET col_Data='".$DATA."'";
if(!mysql_query($requete))
echo mysql_error();
else
echo 'data accepted.';
$requete2 = "INSERT INTO data SET col_Data2='".$DATA2."'";
if(!mysql_query($requete2))
echo mysql_error();
else
echo 'data accepted.';
}
if(isset($_GET['DATA']))
if(isset($_GET['DATA2']))
}
insertData($_GET['DATA']);
insertData($_GET['DATA2']);
}
else
{
echo 'Nop';
}
?>
This is how I send the post data
http://localhost/hit.php?DATA=iamwicked&DATA2=iamcool
This then suppose to send DATA=iamwicked goes into database hit table data column col_data
This then suppose to send DATA2=iamcool goes into database hit table data column col_data2
But I get this error,
but there are errors can someone help me debug.
Here is a working script:
<?php
function db_connect()
{
$hostname = '127.0.0.1';
$db_user = 'root';
$db_password = '';
$db_name = 'hit';
mysql_connect ($hostname, $db_user, $db_password) or die (mysql_error());
echo "Success.. Connected to MySQL...<br />";
mysql_select_db($db_name) or die(mysql_error());
echo "Success.. Connected to Database...<br /> ";
}
function insertData($DATA)
{
db_connect();
$requete = "INSERT INTO data SET col_Data='".$DATA."'";
if(!mysql_query($requete))
echo mysql_error();
else
echo 'data accepted.';
}
if(isset($_GET['DATA']))
{
insertData($_GET['DATA']);
}
else
{
echo 'Nop';
}
?>
this is a working script when I use this url to post data
localhost/hit.php?DATA=iamwicked
When I use this it save iamwicked in database hit table data column col_data
so how do I fix my script to send more data to col_data2 and so forth
Return $conn connection resource #id from function
<?php
function db_connect()
{
$hostname = '127.0.0.1';
$db_user = 'root';
$db_password = '';
$db_name = 'hit';
$conn = mysql_connect ($hostname, $db_user, $db_password) or
die (mysql_error());
echo "Success.. Connected to MySQL...<br />";
mysql_select_db($db_name) or die(mysql_error());
echo "Success.. Connected to Database...<br /> ";
return $conn;
}
$conn = db_connect();
To insert single field
function insertData($DATA)
{
$requete = "INSERT INTO data SET col_Data='".$DATA."'";
mysql_query($requete) or die(mysql_error());
}
if(isset($_GET['DATA'])) {
insertData($_GET['DATA']);
}
if(isset($_GET['DATA2'])) {
insertData($_GET['DATA2']);
}
UPDATE
To insert multiple fields
function insertData($DATA, $DATA2)
{
$requete = "INSERT INTO data SET col_Data='".$DATA."', col_Data2='".$DATA2."'";
mysql_query($requete) or die(mysql_error());
}
if(isset($_GET['DATA']) && isset($_GET['DATA2'])) {
insertData($_GET['DATA'], $_GET['DATA2']);
}
?>
I think you have an wrong spelling here:
function insertData($DATA2) instead of function insterData($DATA2);
There are indeed two problems here.
function insertData($DATA)
{
function insterData($DATA2)
{
What are you trying to achieve here? Declaring a function inside another function is totally useless (and generates errors since it's not allowed). If you want to call a function inside another one you must declare them separately and then call them, f.e.
function insertData($DATA)
{
insterData($somevariable);
//Rest of the operations
}
This should be clear enough. There is another error though.
if(isset($_GET['DATA']))
if(isset($_GET['DATA2']))
}
insertData($_GET['DATA']);
insertData($_GET['DATA2']);
}
else
{
echo 'Nop';
}
I suppose there is a typo here, and you meant
if(isset($_GET['DATA2']))
{