filh Posted October 11, 2015 Share Posted October 11, 2015 mysql_query("INSERT INTO videos VALUES(0, '".mysql_real_escape_string($data['vid'])."', '".mysql_real_escape_string($data['owner'])."', '".mysql_real_escape_string($data['title'])."', '".mysql_real_escape_string($data['description'])."', '".mysql_real_escape_string($src)."', '".mysql_real_escape_string($data['thumbnail_link'])."', '".mysql_real_escape_string($data['length'])."', '', '', NOW(), 0, '')"); Quote Link to comment https://forums.phpfreaks.com/topic/298529-is-this-querry-theorically-substantial/ Share on other sites More sharing options...
Barand Posted October 11, 2015 Share Posted October 11, 2015 you need a value for each column. You seem to have a couple of extra values at the end '".mysql_real_escape_string($data['length'])."', '', '', NOW(), 0, '') | | | | | | filesize mime ?? | | ?? added | is_done Quote Link to comment https://forums.phpfreaks.com/topic/298529-is-this-querry-theorically-substantial/#findComment-1522929 Share on other sites More sharing options...
filh Posted October 11, 2015 Author Share Posted October 11, 2015 (edited) you need a value for each column. You seem to have a couple of extra values at the end '".mysql_real_escape_string($data['length'])."', '', '', NOW(), 0, '') | | | | | | filesize mime ?? | | ?? added | is_done Thank you for your answer. I have a web app that created by a freelancer. I can't reach him now. He had made some bug fixes on DB. He didn't update DB re-install instructions after his bug fixes. I'm creating the DB as first stand. But I've accidentally deleted DB. Retrieved the DB. Didn't run. I'm little to no knowledge about PHP though. Logs don't point an error. The cause of my doubt on this particle the logs fall onto; Adding video XXXXXXXXX Removing duplicate video id XXXXXXXXX Adding video XXXXXXXXX Removing duplicate video id XXXXXXXXX Adding video XXXXXXXXX Removing duplicate video id XXXXXXXXX ... In this scenario while all files are safe DB can be modified (that only leans on my logic not PHP/MySQL information) This app were working perfect 4 days ago. I didn't make any modification on anything. Just retrieve the DB from DB instructions but it's missing. Don't would like to touch PHP part. Would like to do something on DB. This is a little bit bigger part; $this->log("Adding video ".$data['vid']); $src = !empty($data['src_hq']) ? $data['src_hq'] : $data['src']; mysql_query("INSERT INTO videos VALUES(0, '".mysql_real_escape_string($data['vid'])."', '".mysql_real_escape_string($data['owner'])."', '".mysql_real_escape_string($data['title'])."', '".mysql_real_escape_string($data['description'])."', '".mysql_real_escape_string($src)."', '".mysql_real_escape_string($data['thumbnail_link'])."', '".mysql_real_escape_string($data['length'])."', '', '', NOW(), 0, '')"); //remove if duplicate if(mysql_error()){ foreach($this->video_ids as $kk => $dd){ if($dd == $data['vid']){ $this->log("Removing duplicate video id : ".$dd); unset($this->video_ids[$kk]); break; } } } There must be something to do on DB. Edited October 11, 2015 by filh Quote Link to comment https://forums.phpfreaks.com/topic/298529-is-this-querry-theorically-substantial/#findComment-1522934 Share on other sites More sharing options...
benanamen Posted October 11, 2015 Share Posted October 11, 2015 There is definitely something to do in the code. You are using obsolete Mysql code that does not work at all in the latest version of PHP. You need to use PDO with parameterized queries. Quote Link to comment https://forums.phpfreaks.com/topic/298529-is-this-querry-theorically-substantial/#findComment-1522954 Share on other sites More sharing options...
filh Posted October 12, 2015 Author Share Posted October 12, 2015 There is definitely something to do in the code. You are using obsolete Mysql code that does not work at all in the latest version of PHP. You need to use PDO with parameterized queries. I don't want to make unnecesesarry changes on files. Quote Link to comment https://forums.phpfreaks.com/topic/298529-is-this-querry-theorically-substantial/#findComment-1523026 Share on other sites More sharing options...
benanamen Posted October 12, 2015 Share Posted October 12, 2015 I don't want to make unnecesesarry changes on files. Then I guess you will be updating your code because it is very necessary. I thing the "will not work at all" part is enough reason all by itself, let alone the security implications. Quote Link to comment https://forums.phpfreaks.com/topic/298529-is-this-querry-theorically-substantial/#findComment-1523040 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.