Jump to content

Allenph

New Members
  • Posts

    8
  • Joined

  • Last visited

Posts posted by Allenph

  1. I have been working on a project for quite a while that I'd like to share with the community. It's no WordPress, and it's full of errors right now, but it's an interesting project that I think would be of great use to a lot of developers.

     

    Specifically, I own a small web development company, and fairly often I needed to create back-ends over and over with slight differentiation. Most of this differentiation was in how the data was transmitted to the front-end.

     

    IgnitionBackend is a compromise between WordPress and something like CakePHP. It is an open-source project which I have provided several pre-made packages for. Some of these packages being a simple CMS, Blog, Newsletter, and others. Ignition runs a package manager that requires very little configuration, and works on shared servers. It creates an basic administrative GUI, and provides API files I call "nodes" for talking with the front-end.

     

    There is very little documentation that I've written for this project so far, and a couple of the packages in the repo are incomplete. As aforementioned, there are quite a few errors, even in the "finished" packages...but I have used a couple of these packages in production with no problems. There are some bad practices, and the GUI isn't very beautiful. 

    I'm looking to establish a community that can help me work on this project. I could use some help working out the kinks in this rough-draft...so far it's almost 15,000 lines of code. A huge problem is that I was being quick and dirty and assumed it would be fine to leave the password-protected administration section suceptible to SQL injection. (All of the stuff that talks to the front-end is pretty safe, but there is a potential for someone with a password to inject, although I'm not sure why they would.)

    I also admit that I used columns as non-relational databases a few times, and there are quite a few other errors. Any contributions, critique, suggestions, etc are appreciated. I would also be thankful if someone was willing to try this out on some other environments, test out compatibility with post PHP 5 versions, etc. As noted on the GitHub page, there are pathing issues when this is used on Windows with WAMP or similar Windows-based servers. 

    Another thing this framework is lacking is documentation for the API files. 

    Looking forward to the responses, and I hope this helps someone out!

     

    https://github.com/TagVar/IgnitionBackend

  2. Hmm. I have confirmed that my version is 5.5.30 with phpversion(). 

    However, when I use this code...

     

          $code_query = $node_connection -> prepare("SELECT * FROM `promo_codes` WHERE `" . $params["reference"] . "` = ?");
          $code_query -> bind_param("s", $individual_code);
          $code_query -> execute();
          $code_result = mysqli_fetch_assoc($code_query -> get_result());
     

    I get this error...

    Fatal error: Call to undefined method mysqli_stmt::get_result()

  3. mysqli_stmt::get_result() yields a MySQLi result set from a prepared statement.

    I also should have mentioned that. 

     

    I'm aware of this function, but it is only available if you have installed <a href="http://php.net/manual/en/book.mysqlnd.php">Mysqlnd</a>. As this is part of a framework, I would like a solution that doesn't entail installing anything other than the framework. 

     

    Is this possible, or am I going to have to find some kind of work around? 

     

    Thanks for all the replies thus far.

  4. I think your missing the most basic of basic coding.

     

    mysqli_fetch_all() Fetches all result rows as an associative array, a numeric array, or both

    mysqli_fetch_array() Fetches a result row as an associative, a numeric array, or both

    mysqli_fetch_assoc() Fetches a result row as an associative array

     

    Thanks for the reply. 

     

    I'm familiar with all of these, and have been using them in my framework. However, it is my understanding that I cannot use these functions of prepared statements. I may be missing something, but could you provide an example of using any of these function on such a statement?

  5. If you hate MySQLi, then why did you choose it in the first place? PDO has a much nicer API, and it can be used with all mainstream database systems, not just MySQL. So if there's a chance to switch to PDO, consider doing that.

     

    Otherwise you'll have to be a lot more specific than “doesn't work”. Both PHP and MySQL provide detailed error messages. Is your PHP error reporting enabled? Where's the code for handling SQL errors?

    I wish I had gone with PDO. In my last job I worked with predefined functions. Most of the DB stuff was predefined. I've just got back, and started with MySQLi as was advised by a Stack Exchange question.

     

    I should have defined what "not working" means. $code_data is simply an array, while $fetch_data is indexed correctly with no values.

     

    I could be using MySQLi completely wrong, I admit. But I found no functions in the docs to return an associative array, and I'm a little lost.Should have been a bit more humble before I denounced the extension I suppose.

     

    The function has input parameters so that the person building the application. I can get away with being suceptable to SQL injection there because end-users will never be touching that parameter. I can't bund column names with MySQLi as far as I understand, so I digress. I'm receiving results, so I don't think that's the issue.

     

    Including $stmt was a mistake. In my code it is indeed $code_query.

     

    How can I achieve the effect of an associative array of values where the keys correlate to column names? Where exactly is the error in my logic, and how can I fix it. Could anyone provide an example of a working version of this? Furthermore, is there an easier way to go about getting the associative array with a prepared statement without converting the entire framework to PDO?

  6. First off, I would like to say that I absolutely hate MySQLi. I have no idea why it is even used. Every single time I go to make a query the process is twice as long as it used to be, and there is a lack of native functions. 

    I'm having some trouble with a prepared statement. This is part of a framework I'm writing, so I have to rely on native PHP and libraries that come pre-packaged with PHP. 
     

    $code_query = $node_connection -> prepare("SELECT `operation`, `condition`, `variable`, `condition-variable`, `has-expiration`, `expiration-date` FROM `promo_codes` WHERE `" . $params["reference"] . "` = ?");
        $code_query -> bind_param("s", $individual_code);
        $code_query -> execute();
        $code_query -> bind_result($fetch_data["operation"], $fetch_data["condition"], $fetch_data["variable"], $fetch_data["condition-variable"], $fetch_data["has-expiration"], $fetch_data["expiration-date"]);
        while ($code_query->fetch()) {
          foreach($fetch_data as $fetch_key -> $fetch_value) {
            $code_data[$fetch_key] = $fetch_value;
          }
        }
        $code_query -> store_result();
        if ($stmt->num_rows > 0) {}

    This isn't working, and the fact that it isn't is mind-numbing. I'm trying to do something quite simple. This is the beginning of a function which validates promo-codes for my framework. The function of this snippet is to retrieve the data associated with the code being validated in a safe manner. (I.E. I want to avoid injection here particularly, because this function might be linked to a user input on the front-end.) 

    I have no idea why this is set up the way it is. There's no native function to create an associative array, and there is no native function to bind the result to an object rather than binding each individual value to a variable. This translates to the fact that I can't get an associative array, and I cannot simply SELECT *. Rather I have to know every column, and assign each column value to an individual variable. Can anyone explain to me why this is a good way to go about things? 

    Anyways, what I'm attempting to do here is create a prepared statement, bind a parameter, execute the query, and bind the results for each column to a key in an array. Then I'm trying to loop through the results array and assign the key and value of the result to an array. In the end, I should have an associative array of column name and value pairs. 

    Unfortunately, this isn't happening, and I'm not sure why. 

    What's the issue here? Is there a better way to do this?

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.