Search the Community

Hi Folks, Firstly I am new, I have read several topics here and learned a lot, I would class myself as 'slightly better than basic', but my knowledge is mostly gained from reading code. I am making a simple POST form for work, the data gets inserted into MySQL, nice and easy, I can make it work if I write out the statement completely, BUT I need to make a new form, it will have HUNDREDS of input fields, I really don't want to write the code, and I figured programmatically is a good way to go anyway as forms change and new forms may be required, so I set about building a function to completely handle my post data, bind it to a statement and insert it into a table, I have scrapped it a half dozen times already because something fundamentally doesn't work, but I am very close! The function can write the statement, but I need to bind the POST values before I can insert, something going wrong here and I would appreciate some help, I have a feeling it's a problem with an array, but anyway I will show you what I have, give you some comments as to my reasoning, and hopefully you can help me with the last bit public function getColumnNames($table){ $sql = "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = :table"; try { $stmt = $this->dbh->prepare($sql); $stmt->bindValue(':table', $table, PDO::PARAM_STR); $stmt->execute(); $output = array(); while($row = $stmt->fetch(PDO::FETCH_ASSOC)){ $output[] = $row['COLUMN_NAME']; } $all = array($output); $a1 = array_slice($output, 1); // I don't want column 1, it contains the ID, its auto incremented. $a2 = array_slice($a1, 0, -3); // I don't want the last 3 columns as they have default values $selected = array($a2); // contains all the columns except those excluded by array_slice, columns now match all of the input fields on the form foreach ($selected as $row){ $fields = "`" . implode('`, `', $row) . "`"; // I'm making `fields` here, $bind = ":" . implode(', :', $row); // And making :values here } return array ( "raw" => $all, "fields" => $fields, "bind" => $bind ); } catch(PDOException $pe) { trigger_error('Could not connect to MySQL database. ' . $pe->getMessage() , E_USER_ERROR); } } public function addRecord(){ $col = array(); $col = $this->getColumnNames("table"); $raw = array($col['raw']); $fields = array($col['fields']); $bind = array($col['bind']); $columnList = implode('`, `', $fields); $paramList = implode(', ', $bind); $sql = "INSERT INTO `{$this->dbtable}` ($columnList) VALUES ($paramList)"; return $sql; // this returns something like: INSERT INTO `table` (`field1`, `field2`, `field3`) VALUES (:field1, :field2, :field3)"; perfect I thought, now I just need to bind the values from $_POST... then I get stuck.

so what im doing is ; im trying to get the rows from database with my following php code , and display them like ; <?php echo $col;?> , but its not working and giving me a blank result , a help would be greate thanks : <?php $stmt = $mysqli->prepare("SELECT * FROM `movies` ORDER BY `date` DESC LIMIT 0, 4"); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if($stmt->num_rows == 1) { $stmt->bind_result($id,$title,$poster,$date); // get variables from result. $stmt -> fetch(); } ?>

$handle = fopen($fullPath, "rb"); $bin=NULL; while(!feof($handle)){ $bin = $bin.fread($handle,sizeof($fullPath));} fclose($handle); //var_dump($bin); $db_lite = initDbLite(); $stmt = mssql_init('dbo.InsertFlagDownloadImage', $handleMS); mssql_bind($stmt, '@PatientNum', $paramArray['PatientID'], SQLINT2, false, false); mssql_bind($stmt, '@DloadLogNum', $DloadLogNum, SQLINT2, false, false); mssql_bind($stmt, '@FileTypeNum', $filetype, SQLINT2, false, false); mssql_bind($stmt, '@FlagDloadBinaryImage', $bin, SQLVARCHAR, false, false); mssql_bind($stmt, '@PassFail', $MsCheckArr['PassFail'], SQLVARCHAR, true, false, 25); mssql_bind($stmt, '@ErrorMsg', $MsCheckArr['ErrorMsg'], SQLVARCHAR, true, false, 101); mssql_execute($stmt); echo mssql_get_last_message(); First time poster so excuse an nuances of the forum I do not know yet. I have been facing this problem at work for the last couple days and even with relentless forum searching I have been unable to answer it. At my company we have an old C/C++ program that processes downloads from a sqlite db to a MSSQL db. My job, as the intern this summer, is to take that outdated (15 y.o.) program and convert it to a php script that does EXACTLY what it does. I had limited knowledge of php or database work up until this point but I was eager to learn. My program executes a series of stored procedures within a MSSQL db to store data. I learned quickly how to make this work and that the best way to do this was using bind because it prevents from being easily hacked (intercepted, is the other term I read over on the web). . My problem : In three of the stored procedures I need to store a BLOB in a MSSQL db stored procedure that accepts an image type. When attempting to use mssql_bind I get an error when inserting my data, regardless of the mssql datatype I use. My attempts at solving this : 1. Re-write the way I acquire my BLOB in an attempt to rule that out as the issue. -- failed 2. Scour the web for a MSSQL datatype that is compatible with the stored procedures image field. -- failed, I was unable to find anything that was IMAGE specific. 3. Increase the data transfer size in the freetds.conf file -- failed 4. Found in a forum on the web instructions to try SQLVARCHAR and SQLTEXT as the MSSQL datatypes -- failed, using SQLVARCHAR results in an error on the bind call and SQLTEXT results in an error on the execute call. Currently, I am at a wall with this project and don't really know where to go from here. Are there other ways of executing stored procedures without the use of bind? How much of the security side of things will not using bind compromise? Also, for what it's worth I found a bug report on the php website from about 5 years ago that describes my problem. The link is : http://grokbase.com/t/php/php-bugs/0644ny6bxe/36961-new-mssql-bind-will-not-bind-an-image-field Thanks for any and all help you all can give, MF

<?php // $goto = $_GET['goto'] ; session_start() ; $useremail = $_POST['emailfield'] ; $passwording = $_POST['pwfield'] ; $salt = "@cmiplpnp##" ; $iterations = 4; $hash = crypt($passwording,$salt); for ($i = 0; $i < $iterations; ++$i) { $hash = crypt($hash . $passwording,$salt); } echo $passwording ; echo '<br>' ; echo $hash ; echo '<br>' ; require ('sqliauth2.php') ; /* create a prepared statement */ if ($stmt = $mysqli->prepare("SELECT * FROM userregistry WHERE email= ? AND password11=? ")) ; { /* bind parameters for markers */ $stmt->bind_param("ss",$email, $hash); /* execute query */ $stmt->execute(); /* bind result variables */ $stmt->bind_result($email,$hash); $stmt->fetch(); $row_cnt = $result->num_rows ; /* close statement */ $stmt->close(); } /* close connection */ $mysqli->close(); echo $row_cnt ; ?> ERRORS :::: Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in D:\xampp\htdocs\bullet2\sqlilogincheck.phpon line 39 Notice: Undefined variable: result in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41 Notice: Trying to get property of non-object in D:\xampp\htdocs\bullet2\sqlilogincheck.php on line 41 Trying to understand why, but no clue HELP !!!