I have:
$con = mysql_connect($db_server,$db_username,$db_password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db($db_db, $con);
mysql_query("INSERT INTO failed_logins SET username = 'pachonk', ip_address = INET_ATON('$ip'), attempted = CURRENT_TIMESTAMP");
// mysql_close($con);
echo $ip;
$count = get_attempts(); // Get the Number of Attempts
mysql_close($con);
sleep((2 ^ intval($count)) - 1);
function get_attempts(){
$result = mysql_query("SELECT * FROM failed_logins WHERE ip_address = INET_ATON('$ip')");
if(mysql_num_rows($result) > 0)
{
$num_rows = mysql_num_rows($result);
return $num_rows;
}
else
{
echo NO;
return 0;
}
}
And when I run the second query on my SQL server, it runs just how I want it to, however I get 0 lines when I query via php. If I query for "username = pachonk", It's perfect how I want though as well. What's going on?
If $ip is not empty(in your example $ip is empty) you can try to modify your function get_attempts() in get_attempts($ip);
your insert query should more or less look like this:
mysql_query("INSERT INTO failed_logins values('pachonk', INET_ATON('$ip'), CURRENT_TIMESTAMP");
then your select will give you some result
Related
I'm working on this project and I need help with something. I am trying to check if someone is already in the database upon logging in and if they are not, they will be added. However, my code always adds them to the database...
Login code:
<?php
if(isset($_POST["emaillogin"]) and isset($_POST["passwordlogin"])){
$sql = "SELECT `accnr`
FROM `Account`
WHERE '$emaillogin' = `emailadress`
AND '$passwordlogin' = `password` LIMIT 1";
$result = mysql_query($sql);
if ($result == false){
echo "E-mail or password incorrect! <br>";
}else{
$accnr = mysql_fetch_array($result);
setcookie("accnr", $accnr[0] , time() + (1800), "/");
$accnmr = $accnr[0];
if(check_firstest($accnmr) == false){
$query = "INSERT INTO `VRIENDEN`
(`accnr`,`vriendnr`)
VALUES ('$accnmr','$accnmr')";
$result = mysql_query($query);
}
header("location:home.php");
die();
}
}
?>
The function in functions.php:
function check_firstest($accnr){
$query = mysql_query("SELECT count(*) AS 'num' FROM `VRIENDEN` WHERE `accnr` = '$accnr' AND `vriendnr` = '$accnr'");
if($result > 0){
return true;
}
else{
return false;
}
}
The login on its own works just fine, so thats no problem.
Thank you!
Your first query is somewhat odd and you do not capture the values from $_POST into the variables that you are using in the query either
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
if(isset($_POST["emaillogin"]) and isset($_POST["passwordlogin"])){
$sql = "SELECT `accnr`
FROM `Account`
WHERE `emailadress` = '{$_POST['emaillogin']}'
AND `password` = '{$_POST['passwordlogin']}'
LIMIT 1";
$result = mysql_query($sql);
if ($result == false){
// something went REALLY WRONG, report it
echo mysql_error();
exit;
}
if ( mysql_num_rows($result) == 1 ) {
// found user and password matches
header("location:home.php");
exit;
}else{
// new user, create the account
$accnr = mysql_fetch_array($result);
setcookie("accnr", $accnr[0] , time() + (1800), "/");
$accnmr = $accnr[0];
if(check_firstest($accnmr) == false){
$query = "INSERT INTO `VRIENDEN`
(`accnr`,`vriendnr`)
VALUES ('$accnmr','$accnmr')";
$result = mysql_query($query);
}
// and go to home page
header("location:home.php");
die();
}
}
?>
And of course the fix for the check_firstest() is also required
function check_firstest($accnr){
$result = mysql_query("SELECT count(*) AS 'num'
FROM `VRIENDEN`
WHERE `accnr` = '$accnr'
AND `vriendnr` = '$accnr'");
if(mysql_fetch_field($result, 0) > 0){
return true;
} else{
return false;
}
}
But I have to add
Your script is at risk of SQL Injection Attack
Have a look at what happened to Little Bobby Tables Even
if you are escaping inputs, its not safe!
Use prepared parameterized statements
And
You should not be using the mysql_ database extension, it is deprecated and has been for years and is gone for ever in PHP7.
If you are just learning PHP, spend your energies learning the PDO or mysqli database extensions and prepared statements.
Start here
You have to count the resulting rows:
function check_firstest($accnr){
$result = mysql_query("SELECT count(*) AS 'num'
FROM `VRIENDEN`
WHERE `accnr` = '$accnr'
AND `vriendnr` = '$accnr'");
if(mysql_fetch_field($result, 0) > 0){
return true;
} else{
return false;
}
}
Here the mysql_num_rows() function gives the number of rows in the result set. If it is greater than 0 then it means that there is some data.
So I installed this jackpot script with a layout and everything and within the jackpot script there was a set.php file which I tried to set up, it looked like this:
<?php
$sitename = "csgoxd.net";
$link = #mysql_connect("localhost:3306", "csgoxdne", "thisisasecretpassword");
$db_selected = mysql_select_db('csgoxdne_csgoxddb', $link);
mysql_query("SET NAMES utf8");
function fetchinfo($rowname,$tablename,$finder,$findervalue) {
if($finder == "1") $result = mysql_query("SELECT $rowname FROM $tablename");
else $result = mysql_query("SELECT $rowname FROM $tablename WHERE `$finder`='$findervalue'") or die (mysql_error());
$row = mysql_fetch_assoc($result);
return $row[$rowname];
}
?>
So I'm new when it comes to coding in general (I know some basic stuff but that's it) so basically I'm not sure if I'm supposed to fill out more of this file because I get this error on my website.
"Table 'csgoxdne_csgoxddb.info' doesn't exist"
I'm new to this and I'm trying to learn so help is much appreciated.
You should use MySQLi to make use of its advantages it offers over MySQL. You can see more here.
The script you have isn't all too bad, but it does need some tweaking. It's vulnerable to injection like Marc B said. I'm going to assume that csgoxdne_csgoxddb is your table name.
Try this:
<?php
$mysqli = new mysqli("localhost:3306", "csgoxdne", "thisisasecretpassword");
if (mysqli -> error){ print ("Error connecting! Message: ".$mysqli->error); }
mysqli_set_charset($mysqli, 'utf8');
function fetchinfo($rowname, $tablename, $finder, $findervalue) {
if ($finder == "1") {
$query = "SELECT * FROM $tablename WHERE rowname = '$rowname'";
$result = mysqli_query($mysqli, $query);
} else {
$query = "SELECT * FROM $tablename WHERE `$finder`='$findervalue'";
if (!$query) {
die('Invalid query: ' . $mysqli->error);
}
$result = mysqli_query($mysqli, $query);
}
return $result;
}
?>
Oh and make sure the port number on your localhost is correct.
Also to go through the values of result you can use:
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_array($result)) {
#do things
}
}
I hava weired problem here with mysql database and php.
In the php, it gets the table names and then loops through the tables. Takes the rows and then send the variables to a function. I am using for loops to do this.
The problem is that I have 7 tables. If table 2 and 3 contain rows then it loops through 2 and does everything correctly. and it does not give table does not exists error for table 1. but for table 3-7 it gives all as table not exists.
but if I remove rows in table 2 then it loops through 3 and works correctly, and gives no error for 1 and 2. but for table 4-7 it gives table not exists err.
Basically it only loops through one table with rows and gives errors for all following tables. I don't understand is that a connection problem to mysql or something else.
Below is the snippet of my code:
<?php
$hostname_localhost ="localhost";
$username_localhost ="xxxxxxx";
$password_localhost ="xxxxxxxxx";
$database_xxxxxxxxxx ="xxxxxxxxx";
$database_yyyyyyyyyyy ="yyyyyyyyyy";
$database_zzzzz = "zzzzz";
$localhost = mysql_connect($hostname_localhost,$username_localhost,$password_localhost)
or
trigger_error(mysql_error(),E_USER_ERROR);
$get_all_tables = mysql_query("SHOW TABLES FROM xxxxxxxxx");
$table_names = array();
while($row = mysql_fetch_array($get_all_tables, MYSQL_NUM)) {
array_push($table_names,$row[0]);
}
mysql_select_db($database_xxxxxxx, $localhost);
for ($i=0; $i<sizeof($table_names); $i++){
$table = trim($table_names[$i]);
$get_tag = mysql_query("SELECT * FROM $table");
if ($get_tag){
while($get_tag_infos = mysql_fetch_array($get_tag)){
$similarity = $get_tag_infos['similarity'];
//........... and many other variables
if ($similarity == 20){
get20(many variables);
}
if ($similarity == 40){
get40(many variables);
}
if ($similarity == 60){
get60(many varibales);
}
if ($similarity == 80){
get80(many variables);
}
if ($similarity == 100){
get100(many variables);
}
}
}
else{
echo '</br> error! </br>'.mysql_error().mysql_errno();
}
}
function get20(many variables){
// performs a insert function to mysql
}
function get40(many variables){
// performs a insert function to mysql
}
function get60(many variables){
// performs a insert function to mysql
}
function get80(many variables){
// performs a insert function to mysql
}
function get100(many variables){
// performs a insert function to mysql
}
?>
The problem is connection with database. after first table find your connection with has been changed by inner connection. So use different variables for connections. I am setting a code which is running perfectly. I have tested.
<?php
//conection:
$link = mysqli_connect("localhost","root","pass","test") or die("Error " . mysqli_error($link));
//consultation:
$query = "show tables" or die("Error in the consult.." . mysqli_error($link));
//execute the query.
$result = mysqli_query($link, $query);
//display information:
while($row = mysqli_fetch_array($result)) {
echo $row["Tables_in_test"] . "<br>";
$link2 = mysqli_connect("localhost","root","pass","test") or die("Error " . mysqli_error($link));
$query2 = "select * from ".$row['Tables_in_test'] or die("Error in the consult.." . mysqli_error($link2));
$result2 = mysqli_query($link2, $query2);
while($row2 = mysqli_fetch_array($result2)) {
echo "<pre>";
print_r($row2);
echo "</pre>";
}
}
?>
This is my code:
$roll = rand(100,1000000);
$result = mysql_query("SELECT roll FROM users") or die(mysql_error());
if($row["roll"] == $roll) {
$roll = rand(100,1000000);
}
else
{
mysql_query("INSERT INTO users (roll) VALUES('$roll') ") or die(mysql_error());
}
echo "Data Inserted!";
My question is:
If the regenerated roll number is again equal to a roll number already existing in database, how it should again generate a new roll number and keep on checking it unless it gets a unique number, which i can finally insert in the database? Please help!
You don't have to fetch ALL the rolls each time. It's just a waste of resources. Just check if the roll exists in the database, and if it does, check a new one.
function doesRollExist($roll) {
$sql = "SELECT COUNT(*) FROM users WHERE roll = " . (int)$roll;
$result = mysql_query($sql);
if ($result) {
return ((int)mysql_result($result, 0)) != 0;
}
else {
trigger_error("Query failed: " . mysql_error(), E_USER_ERROR);
}
}
do {
$newRoll = mt_rand(100, 1000000);
}
while (doesRollExist($newRoll));
// Now $newRoll will be a random number that doesn't exist
// in the database.
you can achieve by this way
$flag=1;
while($flag==1)
{
$roll = rand(100,1000000);
$result = mysql_query("SELECT roll FROM users WHERE roll=$roll") or die(mysql_error());
$row = mysql_fetch_row($result);
if($row[0] == $roll)
{
$roll = rand(100,1000000);
}
else
{
$flag=0;
mysql_query("INSERT INTO users values($roll)") or die(mysql_error());
echo "Data Inserted!";
}
}
Try this one:
$count = 1;
while($count > 0) {
$roll = rand(100,1000000);
mysql_query('SELECT COUNT(1) FROM `users` WHERE roll=' . mysql_real_escape($roll)) or die('Can\'t query the DB server.');
$countRow = mysql_fetch_array($result);
$count = $countRow[0];
}
In real-life situations you should probably add better error checking - using trigger_error, or exceptions(that of course have to be caught). I would even recommend to log all the errors.
$roll = rand(100,1000000);
$result = mysql_query("SELECT roll FROM users") or die(mysql_error());
while($row["roll"] == $roll) {
$roll = rand(100,1000000);
}
mysql_query("INSERT INTO users (roll) VALUES('$roll') ") or
die(mysql_error());
echo "Data Inserted!";
I send data too this script from a C# script inside of Unity 3d . What I want to do is get the page to display the result of whatever query i end up running from it , and inside of Unity I get the text of that page and display it .
This is a very jerryridged way of doing this , but i'm just starting with PHP and mysql
Here's the error that unity 3d gives me
"Warning: mysql_result(): supplied argument is not a valid MySQL result resource in WEBSITE.com/newget.php on line 30"
<?php
$db = mysql_connect('host, user, pass') or die('Could not connect: ' . mysql_error());
mysql_select_db('dbname') or die('Could not select database');
$gotString = mysql_real_escape_string($_GET['GetString'], $db);
$hash = $_GET['hash'];
//SELECT * FROM table_name
$real_hash = md5($gotString . $secretKey);
$secretKey = "KeyHERE";
$real_hash = md5($gotString . $secretKey);
$locString = "SELECT A FROM Quiz1 WHERE Question = 1";
if ($real_hash == $hash) {
Compare();
}
function Compare() {
if ($gotString == "1B") {
$result = mysql_query("SELECT B FROM Quiz1 WHERE Question = 1") or die(mysql_error());
} else {
$result = mysql_query("SELECT A FROM Quiz1 WHERE Question = 1") or die(mysql_error());
}
}
print( $result);
?>
Try use
if (!$result) {
die('error: ' . mysql_error());
} else {
$row = mysql_fetch_array($result);
var_dump($row);
}
instead of Print( $result) ; at the end