Mko
-
Posts
56 -
Joined
-
Last visited
Posts posted by Mko
-
-
But now it is another file that trouble me...
Parse error: syntax error, unexpected ',' in /public_html/engine/initEngine.php on line 7
It's an identical issue to the one you fixed previously.
Change:
( "DOMAIN", $config['do".__FILE__] );
to
( "DOMAIN", $config["do".__FILE__] );
From what I can tell, there are quite a handful of silly mistakes in this script. I'd suggest probably finding (or writing) a better version, as who knows how many other bugs and possible exploits/vulnerabilities there could be in this code if the author couldn't even correct a simple issue.
-
Thanks! It turned out I forgot to add this line in after declaring $conn1:
$conn1->select_db("database"); -
Hello all,
I'm currently getting strange errors when trying to execute my code.
First off, here is what I have so far:
class DB extends MySQLi { public function __construct() { $conn = @$this->connect(HOST, USERNAME, PASSWORD); if ($this->connect_errno) { die("<br />Could not connect to MySQLi Database: " . $this->connect_error); } return $conn; } }...and my code:
$conn1 = new DB(); $stmt = $conn1->stmt_init(); $stmt->prepare("UPDATE `user` SET `f1` = 2, `f2` = (?), `f3` = (?) WHERE `w1` = (?)"); $stmt->bind_param('ssi', $p1, $p2, $p3); $stmt->execute(); $stmt->close();The errors I get:
Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: invalid object or resource mysqli_stmt in /home/208/public_html/a1/p.php on line 61 Warning: mysqli_stmt::execute() [mysqli-stmt.execute]: invalid object or resource mysqli_stmt in /home/208/public_html/a1/p.php on line 62 Warning: mysqli_stmt::close() [mysqli-stmt.close]: invalid object or resource mysqli_stmt in /home/208/public_html/a1/p.php on line 63
I'm really confused as to what the issue is. I do know mysqli_stmt is its own class, but I'm not sure if declaring my DB class as mysqli_stmt would fix it, either.
Does anyone know what I'm doing wrong?
Thanks for any and all help,
Mark
-
Hey all,
I've recently encountered a pesky bug I've been unable to really fix.
First off, here's a picture showing roughly how my site is (FTP, blanked out directories that are irrelevant to my issue):
Now, I have another directory in the /essentials/ folder, called /includes/, where I have 2 files, called header.php and footer.php.
Within header.php, I have this code:
<?php chdir("community/"); require_once('./global.php'); ?>Now, I have a file in the /account/ folder called index.php. It contains this code:
include_once($_SERVER['DOCUMENT_ROOT'].'/essentials/includes/header.php'); include_once($_SERVER['DOCUMENT_ROOT'].'/essentials/includes/footer.php');
I've tried using chdir in this file, yet it doesn't work!
Anyways, this should function correctly. Yet, I encounter an odd issue when I execute this code.
Error:
Warning: chdir() [function.chdir]: No such file or directory (errno 2) in /home/208/public_html/essentials/includes/header.php on line 5 Warning: require_once(./global.php) [function.require-once]: failed to open stream: No such file or directory in /home/208/public_html/essentials/includes/header.php on line 6 Fatal error: require_once() [function.require]: Failed opening required './global.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/208/public_html/essentials/includes/header.php on line 6
So, for some reason, I'm having issues. If my code in /account/index.php includes header/footer correctly, I get errors in my header.php file. If it doesn't include the header/footer files, then I get another issue, which says:
Warning: include_once(/home/208/public_html/account/essentials/includes/header.php) [function.include-once]: failed to open stream: No such file or directory in /home/208/public_html/account/index.php on line 3 Warning: include_once() [function.include]: Failed opening '/home/208/public_html/account/essentials/includes/header.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/208/public_html/account/index.php on line 3 Warning: include_once(/home/208/public_html/account/essentials/includes/footer.php) [function.include-once]: failed to open stream: No such file or directory in /home/208/public_html/account/index.php on line 4 Warning: include_once() [function.include]function.include]: Failed opening '/home/208/public_html/account/essentials/includes/footer.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/208/public_html/account/index.php on line 4
So, my question is: What would be the correct way to fix this issue? Would I need to change the contents of the header.php file, the index.php file, or both?
Thanks for all help,
Mark
-
I'd rather use SQL as this is the only bit I'm struggling with and all the rest works okay for this small project! But if there's no real easy way then that may become a problem.
Is your issue that mysql_fetch_field() is depreciated so you're getting a warning or do you have another error?
-
Ah okay then. So would there be no way of doing it in just SQL then?
You can always opt for using MySQL, but it has become depreciated.
-
I've never used mysqli before, and all my current code is in sql or does that not matter ? I tried using
$query=mysql_query('SHOW COLUMNS FROM table ') or die(mysql_error()); while($field=mysql_fetch_object($query)){ $fields[]=$field; }; print_r($fields); foreach($fields as $key=>$field){ echo $field->Field.'</br>';which worked for most of the columns but the first one produced a massive error
You'd need to change up some features of your code.
For connecting, use
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");And for querying, use
$mysqli->query($query);
Most of the MySQL features are the same in MySQLi, but they just include the i in the function name.
Be sure to go to php.net to read up on the functionality of all the MySQLi functions, as not all of them are completely alike.
-
You could always just use mysqli_fetch_field().
Read more: http://php.net/manua...etch-fields.php
-
I don't see anything that would cause an infinite loop but I do see a few things to fix. Can you do some debugging to find out where the problem is?
I can improve upon what I said earlier but now it's probably getting hard to follow me. So I'll just throw the whole thing at you.
I did some debugging with my previous version. From what I could tell, the Regular Expression I had (/^<([a-z]+)([^<]+)*(?:>(.*)<\/\1>|\s+\/>)$/) wasn't functioning properly -- yielding the 30 second execution time warning.
Your example worked!
I can follow everything you posted, except for one hiccup, regarding the Regular Expression. My question is: can you explain to me what the functionality of the # and #i before and after the Regular Expression ('#(</?([a-z]+)[^>]*>)#i') is?Thanks a bunch for your continued help
,Mark
-
The only problem is the cut-off <img> tag? Not the things?
$parts = preg_split('#capture opening *and closing* html tags#', $input, -1, PREG_SPLIT_DELIM_CAPTURE); $cut = true; // first in $parts is regular text $length = 0; // so far $opentags = array(); // stack of tags needing to close $output = ""; // shortened version foreach ($parts as $p) { if ($cut) { // if you need to trim then go ahead, then break out of the loop // otherwise add to $length } else { // look at the captured html tag // if it opens and doesn't self-close then // - add the tag name to $opentags // if it closes then // - optionally check that it agrees with the top of the $opentags stack // - pop off $opentags } $output .= $p; $cut = !$cut; } // now close off the remaining open tags foreach ($opentags as $tag) { $output .= "</{$tag}>"; }The was just an issue with View Source for some reason :s
Anyways, I implemented your code, but for some reason, I get this error when I run my script:
Fatal error: Maximum execution time of 30 seconds exceeded in /home/mko/public_html/home.php on line 189
<?php $conn = new DB(); $query = $conn->query("query here;"); if (mysqli_num_rows($query) > 0) { while ($result = mysqli_fetch_array($query)) { $body = $result['pagetext']; $parser = new vB_BbCodeParser($vbulletin, fetch_tag_list(), true); $parsed_text = $parser->do_parse($body); $parts = preg_split("/^<([a-z]+)([^<]+)*(?:>(.*)<\/\1>|\s+\/>)$/", $parsed_text, -1, PREG_SPLIT_DELIM_CAPTURE); $cut = true; // first in $parts is regular text $length = 0; // so far $opentags = array(); // stack of tags needing to close $output = ""; // shortened version foreach ($parts as $p) { if ($cut) { // if you need to trim then go ahead, then break out of the loop // otherwise add to $length if ($length > 250) { break; } else { $length .= $p; } } else { // look at the captured html tag // if it opens and doesn't self-close then // - add the tag name to $opentags // if it closes then // - optionally check that it agrees with the top of the $opentags stack // - pop off $opentags if ($p.substr($p, 1, 1) != "/") { $opentags .= $p; } else if ($p.substr($p, 1, 1) == "/") { unset($opentags[$p]); } } $output .= $p; $cut = !$cut; } // now close off the remaining open tags foreach ($opentags as $tag) { $output .= "</{$tag}>"; } echo '<div id="a1">'; echo '<div class="b">'; echo $output.'...'; echo '<div class="c"></div>'; echo '<div class="d">[<a href="">Read More...</a>]'; echo '</div>'; echo '<div class="e"></div></div></div>'; } } else { echo 'No news!'; } ?> -
Hello all,
I'm recently writing a script on the homepage that would display certain threads from certain forum categories.
My current SQL query and fetching the contents work well, except I encounter an odd issue when using the substring method on the fetched contents to limit the characters displayed.
Just so you're aware, I'm parsing the contents of the thread's post through vBulletin's BBCodeParser, yet that's not the issue.
Here's a bit of background regarding my code/issue.
Current Code (only included the important stuff):
$parsed_text = $parser->do_parse($body); $message_pre = substr($parsed_text, 0, 500); $message = substr($message_pre, 0, strrpos($message_pre, ' ')); echo '<div id="a1"> echo '<div class="b">'; echo $message.'...'; echo '<div class="c"></div>'; echo '<div class="d">[<a href="">Read More...</a>]'; echo '</div>'; echo '<div class="e"></div></div></div>';
So, that's all fine. However, let's get some example database contents:
[b]bold[/b] [i]italic[/i] [u]underline[/u] [center] center [/center] [left]left [/left] [right]right [/right] [url="http://google.com"]google.com[/url] [url="http://google.com"]url1[/url] [url="http://google.com"]url2[/url] [email="1@2.com"]1@2.com[/email] [email=1@2.com]1@2.com2[/email] [img=http://google.com] [size=4]yo[/size] [size="4"]yo2[/size] [font="Book Antiqua"]test[/font] [font=Book Antiqua]test2[/font] [color="Red"]hey[/color] [color="#0048C0"]hey2[/color] [list] [*]hello [*]world [/list] [list=1] [*]list2 [*]list2_1 [/list]
Now, the BBCodeParser successfully parses the BBCode like it should and spits back some HTML, which I store inside the $parsed_text variable.
However, I have an odd issue with the $message variable. Some of the HTML that is parsed seems to not terminate correctly, thus messing up my style.
Here's an example of the issue in action (HTML output):
<b>bold</b><br /> <i>italic</i><br /> <u>underline</u><br /> <div align="[url=""]center[/url]"> center<br /> </div><div align="[url=""]left[/url]">left<br /> </div><div align="[url=""]right[/url]">right<br /> </div><a href="[url="view-source:http://google.com/"]http://google.com[/url]" target="[url=""]_blank[/url]">google.com</a><br /> <a href="[url="view-source:http://google.com/"]http://google.com[/url]" target="[url=""]_blank[/url]">url1</a><br /> <a href="[url="view-source:http://google.com/"]http://google.com[/url]" target="[url=""]_blank[/url]">url2</a><br /> <a href="[email="mark@mko.com"]mailto:1@2.com[/email]">1@2.com</a><br /> <a href="[email="mark@mko.com"]mailto:1@2.com[/email]">1@2.com2</a><br /> <img...<div class="[url=""]clear[/url]"></div><div class="[url=""]news_bottom[/url]">[<a href="">Read More...</a>]</div>
As you can most likely see, the contents of $message end with <img, because of the space before the src in <img src.
My question is: What would be the correct way to go about limiting the amount of characters displayed AND preventing unclosed HTML tags from being displayed on the last line of the $message variable's content?
Thanks for any and all help,
Mark
-
Alright. I've used what you've said and implemented it successfully (I think).
How does this look?
My file (called test.php, this is NOT the class):
include_once('functions.php'); define("HOST", "localhost"); define("USERNAME", "a"); define("PASSWORD", "b"); $conn_o = new DB(HOST, USERNAME, PASSWORD); $query = $conn_o->udb_query($conn_o, "SELECT * FROM `user` WHERE `userid`='" . (int) $vbulletin->userinfo['userid'] . "';"); $conn_o->close(); $row = mysqli_fetch_array($query);The class (called functions.php):
class DB extends MySQLi { public function udb_query($mysqli, $query){ if (!$this->select_db(USER_DATABASE)){ die('Could not change database!'); } $res = $this->query($query); if (!$res){ die("Error running Query ('" . $pquery . "'): " . mysqli_error($mysqli)); } return $res; } public function promo_query($mysqli, $query){ if (!$this->select_db(PROMO_DATABASE)){ die('Could not change database!'); } $res = $this->query($query); if (!$res){ die("Error running Query ('" . $pquery . "'): " . mysqli_error($mysqli)); } return $res; } }How does it look? Also, would it be better if I made a function inside the class to connect so I'd remove the need to have to define the DB values in the file?
Thanks for your continued help
-
You should be connecting only once. Creating the database connection involves a lot of overhead in setting up the TCP/IP Connection, initializing settings, etc. This is something you want to do only once then run all your queries using the same connection.
You want to only create your connection once and just reference it each time you need to run a query. Have a function to do the connection for you and save the connection to a variable. Have your query functions accept a parameter which is the connection to use for running the query. A nice way to do this is to wrap it all up in a class so you can store the connection variable as a class level variable. MySQLI already supports an OOP style setup which you should be able to just extend to add whatever functionality you may want.
Eg:
class DB extends MySQLi { public function udb_query($query){ if (!$this->select_db(USER_DATABASE)){ die('Could not change database'); } $res = $this->query($query); if (!$res){ die('Error running query'); } return $res; } public function promo_query($query){ if (!$this->select_db(PROMO_DATABASE)){ die('Could not change database'); } $res = $this->query($query); if (!$res){ die('Error running query'); } return $res; } }Thanks for the reply!
One final question: When you say "store the connection variable as a class level variable", I'm a bit confused as to what you mean by that. Could you provide an example of declaring a class level variable, please?
Thanks
-
Hey all,
I've written some relatively straightforward functions designed to simply query a database. However, some of my friends have told me that what I currently have written is 'inefficient'. I'm a bit confused as to what they truly meant and what aspects of my code are inefficient :-\
My code:
function udb_sqli_query($pquery) { $mysqli = new mysqli(HOST, USERNAME, PASSWORD, USER_DATABASE); if (!@$mysqli) { die("Could not connect to MySQLi Database: " . mysqli_error($mysqli)); } $query = @mysqli_query($mysqli, $pquery); if (!@$query) { die("Error running Query ('" . $pquery . "'): " . mysqli_error($mysqli)); } $mysqli->close(); return $query; } function promo_sqli_query($pquery) { $mysqli = new mysqli(HOST, USERNAME, PASSWORD, PROMO_DATABASE); if (!@$mysqli) { die("Could not connect to MySQLi Database: " . mysqli_error($mysqli)); } $query = @mysqli_query($mysqli, $pquery); if (!@$query) { die("Error running Query ('" . $pquery . "'): " . mysqli_error($mysqli)); } $mysqli->close(); return $query; }Essentially, I'm wondering about:
a. What parts in my code could be made more efficient?
b. If connecting to the database every time a query is executed is the wrong way to go about doing this?
c. If I shouldn't be connecting to the database every time a query is executed, what would be a better way so my code is more efficient while yielding the same results?
Thanks for any and all help,
Mark
-
You don't DELETE *, you just DELETE.
Thanks a bunch, fixed!
-
I don't think you should be suppressing the error. Also by assigning the result back to $query you lose your statement for debugging.
Try it like this, so you can see the whole query not just the part that mysql tells you.
function db_query($query) { $result = mysql_query($query) OR die("Error running query(" . $query . "): " . mysql_error()); return $result; }There doesn't seem to be any problem with the query that I see.
Alright thanks!
However, I believe I was looking at the wrong query.
Here is the one I believe is causing the problem:
db_query("DELETE * FROM `loggedin` WHERE `key`='" . sanitize_input($key) . "';");Any ideas?
-
Hey all,
I'm trying to code some login system, but I get a strange error.
Error:
Error running query(): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '* FROM `loggedin` WHERE `key`='8EZ39uSpMIsdywckXKBJ6QbgT'' at line 1
Code:
db_query("SELECT * FROM `loggedin` WHERE `key`='" . sanitize_input($key) . "';"); function db_query($query) { $query = @mysql_query($query) OR die("Error running query(" . $query . "): " . mysql_error()); return $query; }Any help is appreciated!
Thanks,
Mark
-
Hey all,
I have the following code:
$searched = mysqli_real_escape_string($database, $_GET['searched']); echo $_GET['searched'].'<br />'; echo $searched.'<br />'; $personal_un_s = (string) $searched; $query = "SELECT members.id, members.name FROM members WHERE members.name = ". $personal_un_s .""; $userid_query = mysqli_query($database, $query) or print(mysqli_error($database)); if (mysqli_num_rows($userid_query) < 1) { echo 'Error!'; } else { $userid_array = mysqli_fetch_array($userid_query); $userid = $userid_array[0]; }However, when I run this, I get this error:
Unknown column 'Mko' in 'where clause'
The $_GET['searched'] functions correctly, however any value does not seem to be 'valid' for the MySQLi Query.
I'm pretty sure it's some very small problem I have...though, can anyone help me in identifying the issue?
Thanks,
Mark
-
Assuming your data looks like this
+---------+------------+------+------+------+------+
| user_id | user_group | a | b | c | d |
+---------+------------+------+------+------+------+
| 1 | A | 25 | 95 | 47 | 85 |
| 2 | B | 15 | 75 | 78 | 32 |
| 3 | A | 35 | 50 | 15 | 20 |
| 4 | A | 85 | 35 | 27 | 41 |
| 5 | B | 12 | 40 | 95 | 23 |
| 6 | C | 40 | 31 | 47 | 84 |
| 7 | B | 30 | 22 | 63 | 22 |
| 8 | B | 25 | 64 | 18 | 12 |
| 9 | C | 20 | 44 | 10 | 18 |
+---------+------------+------+------+------+------+
then using a subquery to normalize your data (run the subquery on its own to see a better way to hold your data)
$sql = "SELECT x.user_id, x.user_group, x.point_type, x.points FROM ( SELECT 'A' as point_type, user_id, user_group, a as points FROM user_stats UNION SELECT 'B' as point_type, user_id, user_group, b as points FROM user_stats UNION SELECT 'C' as point_type, user_id, user_group, c as points FROM user_stats UNION SELECT 'D' as point_type, user_id, user_group, d as points FROM user_stats ) as x ORDER BY point_type, points DESC"; $res = mysql_query($sql); $user = 5; // target user id $prev = ''; echo "<pre>"; printf ("%-5s %7s %5s\n\n", 'Type', 'Pts', 'Rank'); while (list($uid, $grp, $type, $pts) = mysql_fetch_row($res)) { if ($type != $prev) { $rank = 1; $prev = $type; } if ($uid == $user) { printf ("%-5s %7d %5d\n", $type, $pts, $rank); } $rank++; } echo '</pre>';I get these results for user 5
Type Pts Rank
A 12 9
B 40 6
C 95 1
D 23 5
That helped me resolve my issue, thanks a bunch!
-
What is the significance of the a, b, c, d?
Different point 'values', as in A Points, B Points, C Points, and D Points.
-
If you can explain what you are trying do, maybe we can help. Code that does not work only tells us what you don't want to do.
I'm currently trying to get personal results based on the amount of 'points' a user has on my forum. From these amounts, I want to order all of them in descending order, then find the 'rank' (or the row number using this sort) the user lies in based on this descending sort.
After doing that, I want to echo out the rank. I want this do be done for "a", "b", "c", and "d", preferably in a loop of some sort.
-
One problem is that have a column "group" which is a mysql reserved word so you need backticks around it (`group`)
Two, you shouldn't run queries in loops.
Alright, I'll change group to something else.
As for running queries in loops...what would you suggest doing instead?
You really should handle the MySQL errors from the query, then you'd see what's wrong. It's quite simple, if my suspicions are correct.
Changing "group" to something else should address the issue, correct?
-
Hey all,
I'm currently trying to get personal results based on the amount of 'points' a user has on my forum.
I then want to display their 'rank', or in what position they are in that point field.
Here's what I have tried but haven't succeeded with:
$points = array("a", "b", "c", "d"); $userid = (int) $_GET['userid']; for ($i = 0; $i < count($points); $i++) { $point_query = mysqli_query($database, "SELECT userid, ". $points[$i] .", group FROM user_stats ORDER BY user_stats.". $points[$i] ." DESC, user_stats.group DESC") or print(mysqli_error($database)); $point_array = mysqli_fetch_array($point_query); $point_cnt = mysqli_num_rows($point_query); for ($j = 0; $j < $point_cnt; $j++) { if ($point_array[0] == $userid) { $rank = $j; break; } else { continue; } } echo "<tr><td>"; echo "<img src='pointicon_".$points[$i].".gif'/> <a href='index.php?pageid=leaders&point=".$points[$i]."'>".ucfirst($points[$i])."</a>"; echo ""; echo "</td></tr>"; }My guess is that my SQL query isn't performing correctly and that my loops aren't working as intended.
Could anyone help me fix these issues? I'd greatly appreciate it
Thanks,
Mark
-
Hey all,
I have a quick question regarding MySQLi Prepared Statements.
Say I have the following code:
$stmt = $database->stmt_init(); $salt = '4_X4cC@p\o'eOaqf"-?gPc5'|C~UcL'; $stmt->prepare("UPDATE table SET salt = (?) WHERE id = 1"); $stmt->bind_param('s', $salt); $stmt->execute(); $stmt->close();My question is pretty simple; if I pass the value of $salt (or anything that contains a quote, double quote, or backslash) into a MySQLi Prepared Statement, will it function properly and succeed in executing the query? Or, do I need to perform mysqli_real_escape_string on the variable in order to make it so the query can read it successfully?
Thanks for any help,
Mark
Scanning Table On Login Page
in PHP Coding Help
Posted · Edited by Mko
Are you trying to use a form to process this 'table'?
If so, check out this link for some help.
As to the if statement you posted at the bottom of your post, I'm confused as to what you're trying to do with it. Are you trying to do a comparison or an AND/OR statement?