Jump to content


Photo

Starting Big Project or How To Learn PHP In A Hurry


  • Please log in to reply
71 replies to this topic

#61 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,025 posts

Posted 19 September 2006 - 07:18 PM

@Businessman,
It means that somewhere in the SQL code being executed, the string 'Resource id #3' is appearing
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#62 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 19 September 2006 - 07:22 PM

Ok, here's the 'original' query code before I modified it to do the multiple queries. Perhaps there's an out of place " or , or ' or ) that my editor just isn't spotting. The only changes made were to the beginning of the query code to remove the ( ahead of the "INSERT and then removed the corresponding ) from the end of the query string. Then set up the variable $sql =

My hunch is even though my PHP editor shows the proper color coding for the various elements that something is out of alignment.

Here's the original:
// Run query
mysql_query("INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."')", $eg_objConn1);

Here's the revised:

// Run query
$sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1";
mysql_query($sql) or die(mysql_error());
$newid = mysql_insert_id();


#63 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 19 September 2006 - 07:28 PM

By looking at the query I would say you are going about it the wrong way, and it's severely insecure.  Take each varaible, and pass them into a smaller variable, and pass those to the query like
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
ex cetera on all of those, then build a simpler query to help you find the problem.
Like
$sql = "INSERT INTO plateau_pros (username, password, confirmpass, firstname, lastname, email, business, title, address, city, zip, phone, fax, mobile, category, comments, specialties, photo) VALUES ('$username', '$password', '$confirmpass'
and so on, and so forth, if you get resource id area, create a debug script(wildteen taught me that)
like
$debug = "
/n
DEBUG INFORMATION:
echo Contents of user: {$username}
echo Contents of Password: {$password}";
and so forth, then whenever you need to debug, call that variable, and it'll tell you all the contents, of all the variables, you can hunt down the problem that way.


$sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1";
mysql_query($sql) or die(mysql_error());
$newid = mysql_insert_id();

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#64 Ninjakreborn

Ninjakreborn
  • Members
  • PipPipPip
  • Information Technology Specialist
  • 3,922 posts
  • Age:33

Posted 19 September 2006 - 07:33 PM

actually what I Found on google, it returns that id resource, in order to get the information you have to run mysql_fetch_array() to it, after the query that was just something I read on google somewhere just now though

------

Business Website: http://www.infotechnologist.biz

Personal Website: http://www.joyelpuryear.com

Blog Site: http://www.realmofwriting.com
Services: Web development, application development, mobile development, and custom development. All services listed on my website.


#65 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,025 posts

Posted 19 September 2006 - 08:00 PM

If you look at the end of the $sql string, you left in the "$eg_objConn1" which is giving the error.

I was going to give you this lecture later, but Businessman is right, you shouldn't put anything into a query that originates from the user (GET, POST, COOKIE) without checking it first.

I usually use a "clean()" function

<?php
function clean($data) {
         $data = strip_tags($data);
         $data = get_magic_quotes_gpc() ? $data : addslashes($data);
         return $data;
}

foreach ($_POST as $k => $v) {
    $$k = clean($v);
}
?>
So if I have $_POST['xxx'] and $_POST['yyy'] it gives me 2 variables $xxx, $yyy which can be used in my queries.
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#66 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 19 September 2006 - 09:24 PM

Ok, I cleared out all the $_POST references in the query and got it down to the nuts and bolts.

Here's a new development. As an experiment I commented out the $sql2 and $sql3 queries to see if I could isolate the problem. The first query ran fine and inserted the data properly. I uncommented the $sql2 query and it ran fine. When I did the same for $sql3 it produced some weird behaviour. For example. the image upload field should be populated with the name of the image. When the $sql3 is active the temp name/location is stored in that field instead of the image name.  Something is amiss with the 3rd query.

Also, it was creating an error something like 'Number of columns doesn't match line 1'  or similar.



#67 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,025 posts

Posted 19 September 2006 - 09:57 PM

If you get the "Number of columns doesn't match error" it because you have query like

INSERT INTO tablename (a, b, c) VALUES ('$a', '$b')
or
INSERT INTO tablename (a, b, c) VALUES ('$a', '$b', '$c', '$d')

or
INSERT INTO tablename VALUES ('$a', '$b') and you don't provide a value for each column in the table
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#68 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 19 September 2006 - 10:08 PM

That's interesting considering that query number $sql3 wants to insert two items into the 'specialties' table, the $newid and $specialties info. That table has 3 items including the auto-incremented 'id' field. They are

id
memberid
specialties

I don't see where it's any different than the $sql2 query which is inserting two items into the 'members_cat' table which contains:

id
memberid
categoryid



#69 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,025 posts

Posted 19 September 2006 - 10:11 PM

What do you get when you echo $sql (the first query)
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#70 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 19 September 2006 - 10:20 PM

I get this:

INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('yosemite', 'park', 'park', 'yosemite', 'sam', 'yosemite@sam.com', 'WhoopAss', 'Come Get Some', 'here', 'there', '42342', '305-223-6900', '333-333-3333', '333-333-3333', 'Professional Services', 'butt kickin', 'yeehaws', '6620.jpg')
Warning: Cannot modify header information - headers already sent by (output started at /home2/wwwplat/public_html/register-test2.php:91) in /home2/wwwplat/public_html/register-test2.php on line 103


#71 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,025 posts

Posted 19 September 2006 - 10:27 PM

OK there, 18 columns, 18 values. sql2 and sql3 also have matching cols/values

Are you sure the error message isn't coming from another query somewhere in the page?
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#72 simcoweb

simcoweb
  • Members
  • PipPipPip
  • Advanced Member
  • 1,102 posts
  • LocationCA

Posted 19 September 2006 - 10:36 PM

I can't say 100% sure but I do know that if I comment out $sql3 and run the script that I get no errors and the data inserts perfectly. If I un-comment it I get the error message and the data inserted from the first two queries gets goofy as I mentioned previously that the image name doesn't show in the 'photo' field. Instead it displays the 'tmp/blahblah' info.  Now, that's an element of the file upload process above the query. That doesn't break unless I activate $sql3. This is a real stumper. I need to insert that data into the right table to make it all join together.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users