I just found a code like this in my new project. and i have no idea wht it does.
$q = "SELECT getnewmsg(" . $_GET['messgae'] . " result)";
i searched for getnewmsg in whole file system and i did not get it. Can you please let me know does it actually mean. i have never seen such sql statement.
If you want to know more about the procedure (in case it is a procedure), you may send the following query:
SHOW PROCEDURE STATUS LIKE 'getnewmsg';
For more information, see the MySQL manual for SHOW PROCEDURE STATUS.
"getnewmsg" is not found in a search of the Mysql site, so it is probably a stored procedure that has been added to your particular database. We have no way of telling what it does.
looks like stored function
http://dev.mysql.com/doc/refman/5.0/en/create-procedure.html
Related
I am having an issue when trying to query data from my MySQL database. Here is the PHP that generates the query: $q = "SELECT * FROM tclog" . (isset($id) ? " WHERE tcuid='$id';" : ";");
Here is the query that it generates: SELECT * FROM tclog WHERE tcuid='55609bb380d9a3.92986475';
The peculiar part of this issue is that, from one page, the query runs just fine, yet from another page, the query fails. The only difference between the pages is that one page gets the entire SQL script from a form on itself (with action="" and don't worry, it's password-protected and forces SSL), while another page (the one shown above which doesn't work) generates the script using just the id variable.
Any help would be greatly appreciated.
I discovered the problem. It was actually in the code that calls mysqli_query, not in the query itself. Looks like you all enjoyed laughing at my crappy security anyway.
Enjoy,
MagikM18
I got a website with a lot functions and calculations and it grows every day. Calculation errors are getting harder to solve as my loggs are really big.
The website is used by employees, so there is a lot of traffic between the website and the mysql database. Is it possible in any way to append comments to the queries so they show up in the log-files?
The standart ones (I guess #..#) get lost after the query is parsed from the mysql-server.
Im just trying to get a better overview about my log-files.
For example it could be something like this:
$query = "UPDATE something SET column = 'input' WHERE ... #ticket-calc#";
$result = mysql_query($query, $db) or die(mysql_error());
I would like to show up 'ticket-calc' for this query in the log-files.
Everything I tried hasnt worked. It looks like the server is saving just the raw-command without anything appended.
I also thought about just comparing a string (the comment) with 'true' what shouldnt change the general query.
[query] ... AND 'ticket-calc'= true
I hope there is a more clean way to get it.
Solved this by using /* comment */. Thanks!
I have same approach to log (in MySQL) where are my queryes in database. I use "--" to solve the problem.
$pdo->exec("-- GETTING USERS");
$stmt->execute();
By the way, is better make all logs in your application, inclusive, log over querys. Aka
file_put_contents('TRY TO EXECUTE QUERY: ' . $stmt->queryString);
$stmt->execute();
As no one of the ppl who helped me out in the comments want to post their solutions as an answer, Ill do so to get this topic closed.
Im using /* .. */ to mark my queries.
Thanks for the help #AlexGreg, #davidkonrad and #davidkonrad.
I am creating an install file for a script I created and will also provide the fields to enter the database details. Anyway, before storing those database details in a config.php file, I'd like to see if they work. What would be the best way to see if the provided details are valid? I thought of running a dummy query and if it's successful then store the details in a file. I don't know what the best query would be? I am using PDO for the whole thing. So, I basically need to check if a database connection succeeded in order to continue.
Could you please tell me your ideas how to verify if everything is alright with the user input? Is my dummy query idea a good way to handle this? If yes, what query should I run? If no, what do you suggest?
Thanks.
If you are using sql server somethig like "select 1" will do the job. I guess many other database engines will support this query too.
The best thing to do would be to issue a series of queries/commands that test every thing you need individually.
Can open connection
Database is there/can be created
User can see data/can construct data
etc..
Then as part of the installation you can tell the user if something isn't right and point them directly at the problem for them to solve. You should do this early in the installation so that you don't have to roll back too much.
Think about the installation experience. What would you want when installing a program. Would you like it to just say
"Error. Can't connect",
or
"Error: Cannot connect to DATABASEX the SERVERY with the USERID_W",
or even better
"Error: Can connect to the DATABASEX the SERVERY with the USERID_W, but table X is missing, have you completed step ABC first?"
Do as much work as you can for the user.
First of all, check if PHP connects to the database correctly (returned values, mysql errors). Then You can use something like SHOW VARIABLES LIKE "%version%" to determine the database engine version, so all functions and methods will work as intended. This way You can also inform Your users, that their db version is to old to be used with Your software.
EDIT
Also, a query of SHOW GRANTS FOR 'user'#'host' is a good idea to check permissions for connected user
Well, you can assume the connection is successful if the connection function returns the expected value without generating any errors/exceptions. Aside from that...
SHOW TABLES FROM $database;
Should show that they have at least basic permissions to the database, but won't indicate if they can create tables and insert data.
So, I almost have my delete function working, I have the page loading correctly without any fatal errors but it's still not doing the trick.
Here is the portion of my while loop:
echo "<a href='http://www.###$#%##%#.org/Profile.php?id=".$prof->id."'>";
echo " delete";
echo "</a>";
And here's the portion of my query which is obviously wrong:
$query = "UPDATE `ProfileComments` SET `status` = 'dead' WHERE `id` = '".$prof->id."' LIMIT 1";
So, how do I get this to delete the comment on the page? And mark the status dead in the database?
From your sql it looks like you are doing a soft delete, which is fine. Your select statement needs to exclude comments that have a status of 'dead'
SELECT columns FROM ProfileComments WHERE status != 'dead' AND id = {$prof->id}
Of course that's a guess without seeing how you populate prof->id when you generate the link.
There's a couple of other problems with your post though:
As others have suggested, you should use parameterized queries otherwise you leave yourself open to sql injections
You shouldn't be doing the delete via a get request (using a naked anchor). Either do the delete using AJAX or via a form. Modifying server data via a get is a bad practice.
Just because you're not seeing fatal errors, your code doesn't have to behave like you want it to.
Examine the content of $prof->id by, inside of the loop, putting it through var_dump and then die, this will let you control what the property holds at the moment you want to print it out.
The same thing applies in your query, var_dump to see what it contains.
Not seeing more of your code (and not knowing your experience level), I'm not sure where you actually need help, so forgive me if my question/advice is obvious and too basic for you:
How is $prof->id getting populated in Profile.php? Are you pulling it off of the request (like so: $id = $_REQUEST["id"])?
And as Michael said, do please use parameterized queries. (If you don't care about children, at least think of the kittens!)
Your SQL statement looks fine, and the html code is fine too. To locate the problem
You need to make sure your SQL is getting the right parameter, the id in this case. just echo it out, if the id is missing or wrong you know $prof->id needs fixing.
also check the link dumped by your php, again does it contain the right id?
Make sure you don't have any errors before you execute the SQL, basically make sure that SQL query statement is called. and make sure your db connection is live.
When mysql statement is wrong it won't throw a fatal error, you need to print the error yourself by mysql_error().
I have a column called views in my table A. I want to increment the views column like so:
UPDATE A set views = views + 1 WHERE ID = blabla LIMIT 1;
This seems like the way to do it, at least to me.
Or so I thought.
Seems like when I (from PHP) do:
$views = get_viewcount($id);
$views++:
save_viewcount($id, $views); //here we just update views with the $views variable
This always works. But carries the penalty of an extra roundtrip to the DB with the get_viewcount and then incrementing it in PHP and sending it back. It always works.
The SQL statement above "sometimes" works. I know - I too hate the word "sometimes" in programming - but put another way, I cannot say WHEN but at times it doesn't increment it when I do it in SQL directly in one go.
Suggestions?
You need to isolate the bug in your system. It is very unlikely to be a problem with MySQL.
I would suggest running a ton of tests, and looking at database logs, etc. It is most likely the query is simply not getting executed due to some logic in your system, or due to the request dying/ending before it reaches the query.
You must be doing something wrong.
If you tell mysql:
UPDATE foo SET views = views+1 WHERE id = 1337;
it will increment it.
Try it on the command line.
Whatever code you're using to run the sql is failing, not the sql statement itself.
And what's the point of LIMIT=1 on an UPDATE query?
What I recommend doing is to set PHP to echo out the query it's running, the result it's getting back, etc., etc. Everything you possibly can. Look at SQL logs if applicable to see what queries are being run on what tables. Basically you need to see exactly where the fail point it.
When you state that the SQL statement sometimes works, is that on a basis of being called from your code, or being called via a mysql (assuming that is what you are using) prompt? If it's the prior, have you tried running it in a command prompt to see if you get the same result as your code? If not, then you can rule out the database and start looking specifically at your code.
Good luck!
I would look at where and when you do your BEGIN TRANSACTION / COMMIT processing.
It could be you are not checking the SQL return code and missing a "DEADLOCK" warning.