When I run mysql_real_escape_string , for example like this:
$test = mysql_real_escape_string($_POST['test']);
it's not working on local server, it gives me an error page!
my local server is "AppServ".
my operating systim is "windows XP".
Is this normal ? and just i have to run it on hosted site only !
You have to provide the function an active database connection. I think it's the second argument:
$test = mysql_real_escape_string($_POST['test'], $mysql_database_connection);
That might be your error, because if you don't provide an active connection explicitly, the function looks for the last one which was created. If you run this function before connecting to the database, it'll give you an error.
We'd need to know which error before we could help you any more, but the most common error that I get when using mysql_real_escape_string is when I forget that it takes a second parameter.
This tells the function which character set you need escaping. You just need to pass the database resource ID.
Related
I have an issue with post variables in Codeigniter, for now I fixed it, but I'm not sure if this is fine, in other words, I'd really like to know why I had issue only on hosting server, not on local.
The problem:
I wanted more secure script so I replaced $_POST/$_GET with $this->input->post and $this->input->get, like in this example:
if(!empty($this->input->get('endDate'))){
$data['datepicker'] = $this->input->get('thisDate');
}
this was all working fine on my localhost, but I assume it is wrong way, as when I deployed to the hosting server, I've got ajax parse error from validation engine that I'm using, I couldn't log in the system, getting all the time ajax parse error, and somehow figured out that whenever I checked if empty$this->input->post('var) or the same with get, was wrong.
I have checked the input class from Codeigniter and figured out, that $this->input->post is returning true/false, so I changed the scripts in the format like this:
if(!($this->input->get('endDate'))){
$data['datepicker'] = $this->input->get('thisDate');
}
this worked fine.
I'm still wondering - why the code worked on the localhost, but it didn't on the server or what is the best way to check if the POST/GET variable is empty or not.Seems I really miss something out.
Thank you.
Consider that checking for empty($this->post->get('var')) will always return false, no matter if the POST/GET exists, so it might be for that reason only. - So i'm not sure why you got the error on a different environment, but the first statement is wrong, it's exactly like writing if(true)
Also, I'd check for a strong assertion of false for inputs, You never know when you might need a zero as an input and if you're used to this practice, you might get an accidental false.
I have a website that uses LDAP authentication. I have two active directory servers for redundancy. If the primary server is down, authentication should be handled by the back-up server. I tried using the following to achieve this:
$LDAP_SERVER = "10.100.10.1";
$LDAP_SERVER_BACKUP = "10.100.10.2";
$ldap_mycorp = ldap_connect($LDAP_SERVER);
if(!$ldap_mycorp){
$ldap_mycorp = ldap_connect($LDAP_SERVER_BACKUP);
}
But I noticed that if the connection to the primary server failed, 'ldap_connect($LDAP_SERVER)' returns a resource id instead of false, which means the if statement is never used.
I came up with a workaround for this by adding some additional code later in the script, but there must be a solution to handle the problem within the above context?
The host name parameter can be a space separated list of host names. This means that the LDAP code will talk to a backup server if the main server is not operational. There will be a delay while the code times out trying to talk to the main server but things will still work.
$LDAP_SERVERS = "10.100.10.1 10.100.10.2";
$ldap_mycorp = ldap_connect($LDAP_SERVERS);
Is this what you are looking for?
http://php.net/manual/en/function.ldap-error.php
I have no idea what it returns when there is no error, but it should give you a step in the right direction. With the answer given to connect automatically to multiple servers if the previous failed, you should still check if the connection didn't have any errors ;)
I'm working with a very simple mock-up application to query a DB and display the results on a map. The application sends a GET httprequest to a server which returns a serialized array of value. The basic structure of the httprequest is:
httpRequest.open("GET","handle-query.php?query=" + queryJs)
and, on the other side:
$queryPhp = $_GET["query"];
When the query looks like this...
["SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Centre'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Kara'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Maritime'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Plateaux'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Savanes'"]
...then it is passed to the server properly, and generates a response. However, when the query looks like this...
["SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Sotouboua'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Tchamba'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Tchaoudjo'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Assoli'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Bassar'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Bimah'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Doufelgou'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Keran'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Kozah'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Golfe'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Lacs'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Vo'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Yoto'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Zio'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Amou'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Haho'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Kloto'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Ogou'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Wawa'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Oti'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Tone'"]
...then the server receives an empty string. Both of the strings are generated by the same function, and both work perfectly on my virtual server (WAMP). If anyone has any ideas it would be greatly appreciated.
(P.S. After reading I realize that I should be using a framework with better sanitization, etc., but this is just a demo that will need to live online for maybe 2 hours, and it would be better to fix this small thing than start over. It works perfectly on my localhost.)
To actually answer your question, you're sending a get parameter as query (handle-query.php?query=) and then pulling it off as queryJS (queryJs).
$_GET['query'] // instead of $_GET['queryJs']
should do it.
(And as everyone has pointed out, don't send SQL in the clear or otherwise over the wire, unless you plan on not actually executing the SQL, and you just like to advertise your db structure, maybe it is that pretty.)
This is a bit of an oddity for me. PHP is my forte, and I can normally figure out any issue I encounter.
I have a custom framework that I have been using for years. I have taken it upon myself to rewrite it, and I'm doing everything essentially the same that I was before. The problem lies in the following construct:
function ModPages_GetPage() {
$page = ModPages_GetPageByName($_GET['page_name']);
if($page != false) {
include(TPL_DIR.'pages/pages.view.php');
} else {
ErrorMessage('Invalid Page', 'The selected page could not be found.');
}
}
function ModPages_GetPageByName($page_name = null) {
$db = new Database;
$query = '
SELECT *
FROM pages
WHERE page_name = "'.CleanStr($page_name).'"
AND page_enabled = "yes"
LIMIT 1
';
$page = $db->GetRow($query);
return $page;
}
This code is being called with 'home' for the value of $_GET['page_name']. The call to ModPages_GetPageByName() is working fine, but the value of $page in ModPages_GetPage() isn't getting set. Matter of fact, any debugging statements thrown in after that call are failing to display anything.
I have display_errors set to on, and error_reporting set to E_ALL. I get a couple notices from my Database class, but that's it.
Running the script at a shell fails to produce any errors. When using strace, I do see the process spits out an 'exit_group(255)'.
This one has me quite baffled. I could sure use some direction on this.
I would think it's your query, shouldn't you just return the page name instead of star? as star (*) would return an array which is probably being passed back as the value? just my guess.
$query = '
SELECT *
FROM pages
WHERE page_name = "'.CleanStr($page_name).'"
AND page_enabled = "yes"
LIMIT 1
';
if you do a print_r on the $page return I would think it should be an array
$page = $db->GetRow($query);
echo "Page:<pre>".print_r($page,true)."</pre><br />\n";
Then maybe return something like this
return $page['page_name_field'];
ok before we get to a solution can we first make sure that before setting the $page variable, first just echo $_GET['page_name'] to see if there is a value being received.
PK
Does your script stop right after your database call, or just doesn't display any output?
If the first is true, then it looks like a fatal error. With E_ALL, it should be displayed, are you sure both display_errors and error_reporting are as you say at that point, and that the GetRow function doesn't alter them in any way? If so, maybe there's something in the Apache error log (PHP errors are sometimes logged there).
If the latter is true I'm thinking about an exception being thrown in a method that is being called, and caught in a higher level function. To check this you can put the database call (ie: the point where things go wrong) inside a try/catch block and see if you reach the catch block.
I would try following:
replace $_GET with $_REQUEST (maybe your form is using POST?)
do a print_r to check contents of your variables.
use mysql_error to view any errors, or print your mysql query in your browser, copy/paste it in phpmyadmin, is it returning anything? error.. data?
something similar happend to me once, my framework was encoded in ANSI and my calling php file was UTF8+BOM... I changed everything to UTF8+BOM and it worked.
try also different browser, I know it might not be a browser problem, but it might be that your script is cached somewhere.
are you using some caching? like eaccelerator?
Are those functions in a class? If so, you will need $page = $this->ModPages_GetPageByName().
Also I would echo out the argument and the sql statment in ModPages_GetPageByName(). This way you can verify that it isn't a SQL error.
I can't say for sure why your code isn't working, but I can make some suggestions that might help in locating the error.
The first thing I notice is you don't check that $db actually contains a valid database. I don't know the details of your Database object but I'm assuming there's some mechanism in there for checking if it's actually connected to the database. You should use that to determine if the database is connected before running queries on it.
$db = new Database ();
if ($db -> isConnected ())
{
$query = 'SELECT * (etc etc etc)';
// ...
}
else
{
// Put some kind of DB connection error notification or throw an exception here
}
Just on a stylistic note, you don't need to store the results of your DB lookup before returning it, unless you're planning on doing some processing on the result before returning it. You can just return the lookup directly. Of course that's just a stylistic choice, but it saves a line or two :)
return ($db->GetRow($query));
After you run your getpage function, I'd strongly recommend var_dump()ing the result. Even if your function returned NULL, you'll still see this in the var_dump. If in doubt, dump it out :). I'd also recommend installing xdebug to make the var_dump output more readable.
$page = ModPages_GetPageByName($_GET['page_name']);
var_dump ($page);
I would also strongly recommending var_dumping your query before you execute just to make absolutely sure that you're running the query you think you're running. Copy and paste the outputted query into sqlyog or phpmyadmin or whatever you use for interactive access to your database and make sure it returns what you think it should return.
Other things to check, is the page you're trying to return actually set page_enabled='yes'? Does the page_enabled column actually store the value as 'yes', or is it a bool or an integer or something else? Is magic quotes enabled or disabled? If they're in one state when you think they're in the other they can cause confusion. Are errors actually being reported to the browser? Add a line at the top of your script that's guaranteed to fail just to make sure, like an attempted foreach on an integer. If you don't see an error, then maybe error reporting isn't configured properly. I know those are obvious questions but I also know how easy it is to overlook the obvious if you're not getting what you expect out of a query.
Are you sure $page is not set, or is it just that your debug instructions don't print anything? Try logging to a file or a database instead; maybe your code triggered output buffering or something like that.
Also, you are calling ModPages_GetPageByName before declaring it. That is usually okay, but might not be in special circumstances (e.g. when the code is wrapped in an if block). Try swapping the two.
Also, check your environment and disable opcode caching and other possible error sources. APC for example can call the old version of the script long after you changed the PHP file.
While some of you have put extra effort into responding to this, nobody has been able to see the full picture, even given the details I have provided. I have been unable to trace the issue back to its source, but have moved on to a different project.
I am using CodeCharge Studio to finish a large PHP application. This question isn't really CCS related, but a bit more general. I have a web form that is supposed to allow CRUD capabilities with a certain SQL Server table, but the Inserts keep failing without throwing any errors. What would be the best way to debug this?
When I'm having trouble with dynamically generated SQL queries, I typically echo out the query and try running that query on the console for the DB. Or alternatively, you could write a simple PHP function that writes out strings to a file, and that way you don't have to display the query directly on your page, but instead in a log file.
See what the actually query is and then try doing that query directly on the DB. Then you know whether it's a PHP issue or a DB issue.
Then go from there, depending on the outcome.
If the query looks OK, double check that the user running the query has insert rights to the database.
I've been caught out by that before.
You can monitor all sql queries in mysql as shown in this site, once you enable logging, run the query manually and see why its failing..this should be good starting point.
In addition to what's mentioned before, I can add my recent discovery:
trigger_error(print_r($your_var,1),E_USER_ERROR);
So you can output and debug your variable, even if it's a complex script with redirects, where simple echo would not help.
Dmitri.
You should try using FirePHP and log all the SQL to your Firebug:
An Example would be:
$sql = "SELECT * FROM table"
if (!mysql_query($sql)) {
// In un successfull log to FireBug
FB::error($data, "SQL error: ".mysql_error());
}
You can also implement the FB::error call from your own function, so you can later deactivate this behaviour modifying your function:
function log_error($data, $msg){
//dont forget to deactivate in case the application goes live!
FB::error($data, $msg);
}
if (!mysql_query($sql)) {
// In un successfull log to FireBug
log_error($data, "SQL error: ".mysql_error());
}
Most of the database connection classes in CodeCharge have a 'debug' flag which will automatically write all the page's database commands at the top of the page.
For example, in an old PHP project of mine, 'Common Files' the file 'db_mysql.php' (line 27):
public $Debug = 0; ## Set to 1 for debugging messages.
Change to '1' and publish that file. Load the web page. Change back and re-publish when done.
I've used this in CCS for PHP and ASP projects, and is likely in the other languages (not sure if or where to find in .NET projects).