Jump to content

MutatedVirus

Members
  • Posts

    13
  • Joined

  • Last visited

About MutatedVirus

  • Birthday 02/13/1995

Profile Information

  • Gender
    Male
  • Location
    UK

MutatedVirus's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. I'm having a problem with PHP and a stored procedure in SQL Server 2005. I haven't really touched stored procedures before and haven't used them with php. I can't retrieve a value from a table that I know is definitely there. I have a simple login table, what I want the stored procedure to do is to take a username as an input and then output that user's password salt. I want the stored procedure to use parameterised values to avoid SQL injection. What happens at the moment is when the php page is run, nothing is returned and the SQL Profiler displays the following error: User Error Message: Incorrect Syntax near '@Username' While this error message should tell me something is wrong, I can't for the life of me see where the incorrect syntax is. Copy of the Php: $user = "usercm"; $password ="cmuserpassword"; try{$conn = new PDO("odbc:DRIVER={SQL Server Native Client 10.0};SERVER=TestingServer;DATABASE=TestingDatebase;",$user,$password);} catch(PDOException $e){echo "oh no";} $username = "sdct"; $prepusp = $conn->prepare("EXEC uspReturnSalt(?,?)"); $prepusp->bindParam(1, $username, PDO::PARAM_STR); $prepusp->bindParam(2, $usersalt, PDO::PARAM_STR, 450); $prepusp->execute(); Copy of the Stored Procedure: ALTER PROCEDURE [dbo].[uspReturnSalt] @Username NVARCHAR(100), @Usersalt NVARCHAR(450) OUTPUT AS BEGIN DECLARE @sqlcmd NVARCHAR(MAX); DECLARE @params NVARCHAR(MAX); SET @sqlcmd = N'SELECT @Usersaltone = salt FROM CMUsers WHERE username = @Usernameone'; SET @params = N'@Usernameone NVARCHAR(100), @Usersaltone NVARCHAR(450) OUTPUT'; EXECUTE sp_executesql @sqlcmd, @params, @Usernameone = @Username, @Usersaltone = @Usersalt OUTPUT; END To clarify, the server this is on runs Windows 2003 so I cannot use the sqlsrv drivers as they require SQL Server Native Client 2012 which is incompatible. It is impossible to upgrade the operating system (server isn't mine) so I can't use any php drivers that require SQL Server Native Client 2012. If anyone could help I would be eternally grateful. Here is the sql profiler messages before and after that error: RPC:Completed | exec [sys].sp_sproc_columns_90 N'uspReturnSalt' ,@ODBCVer=3 RPC:Starting | declare @p1 int set @p1 =NULL exec sp_prepare @p1 output,N'@Username nvarchar(100),@P2 text OUTPUT' ,N'EXEC uspReturnSalt(@Username,@P2 OUTPUT)' ,1 select @p1 Exception | Error: 102, Severity: 15, State: 1 User Error Message | Incorrect syntax near '@Username'. SP:CacheMiss | (@Username nvarchar(100),@P2 text OUTPUT)EXEC uspReturnSalt(@Username,@P2 OUTPUT) Exception | Error: 8180, Severity: 16, State: 1 User Error Message | Statement(s) could not be prepared RPC:Completed | declare @p1 int set @p1=NULL exec sp_prepare @p1 output, N'@Username nvarchar(100),@P2 text OUTPUT' ,N'EXEC uspReturnSalt(@Username,@P2 OUTPUT)',1 select @p1
  2. You can call call from the database (aslong as you define the information for the connection) and sort it ascending by movie name, then for your reservations use it to get the ID and bring that up and you can have it so you call up the movie title from the movies table with a form that is filled out partially by the movies table then submits to reservations table so to reservations you could go by <a hre=reservations.php="<?php echo $rows['id'] ?> Reservations </a> then on reservations.php $_GET['id'] Select from your tables and insert into
  3. It's just an update query linked into a DB class file DB.Inc.php update public function update($data, $table, $where) { foreach ($data as $column => $value) { $sql = "UPDATE $table SET $column = $value WHERE $where"; mysql_query($sql) or die(mysql_error()); } return true; } I dont know if this ill help but it might The php im using to update if(isset($_POST['submit'])) { $Title = $_POST['Title']; $Content = $_POST['Content']; $colour = $_POST['colour']; $Image=($_FILES['Image']['name']); $tags = $_POST['tags']; $target = './news_imgs/'; $target = $target . basename( $_FILES['Image']['name']); $success = true; var_dump($target); if($success) { $data['Title'] = $Title; $data['descrip'] = $Content; $data['Content'] = $Content; $data['colour'] = $colour; $data['Image'] = $Image; $data['tags'] = $tags; $newNews = new News($data); $newNews->save(false); if(move_uploaded_file($_FILES['Image']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; die(); } echo "1 record added"; header("Location: ./news.php"); } if (!mysql_query($update)) { die('Error: ' . mysql_error()); } echo "1 record added"; header("Location: ./news.php"); } ?>
  4. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
  5. Hey all, How would I make it so this code will update the database? In the class(name is News) I have this function: public function save($isNewNews = false) { $db = new DB(); if(!$isNewNews) { $data = array( "Title" => "'$this->Title'", "descrip" => "'$this->descrip'", "Content" => "'$this->Content'", "Image" => "'$this->Image'", "colour" => "'$this->Image'", "tags" => "'$this->tags'" ); $db->update($data, 'news', 'id = '.$this->id); }else { $data = array( "Title" => "'$this->Title'", "descrip" => "'$this->descrip'", "Content" => "'$this->Content'", "colour" => "'$this->colour'", "Image" => "'$this->Image'", "tags" => "'$this->tags'", "date" => "'".date("Y-m-d H:i:s")."'" ); $this->id = $db->insert($data, 'news'); } return true; } To add a new row to the DB i call $foo = new News($data); $foo = save(true); If i try $foo = save(false); It returns a MySql error
  6. How would I go about making it so when an A anchor is clicked to lead to a new page, it will display only one article dependent on the ID? Like index.php Shows a few descriptions of news news.php shows the lot with but description news.php?id=2 shows full cent of news article with the ID 2 Thanks for any help in advanced
  7. It's on the display that im doing the search, since it will have lot's of addresses in Div tags I want to be able to make it so you can search for say "John" and anyone with the first name John shows up rather than all the data on the display
  8. Hey all, I'm trying to make a Address Book out of PHP, Ive got everything I need except search and I want to do it using a BST(to help me learn more on BST and MySQL interaction along with BST's in general) How would I go about this? I've looked around loads but most of the tutorial's are general BST's not BST's with MySQL In my table I've got the rows: Fname Lname Email Phone House_No Street Post_Code DOB Image Code available on request Any help is grateful Thanks
  9. I am learning stuff, It was just that I got stumped on xD But thanks for showing me how it works, it does help me learn more stuff
  10. Nah, it's not homework, it's just little challenges im being set in an apprenticeship im in, basically find ways on how to do it to learn how to code in PHP, but thanks, works like a charm ^^
  11. Hey guys, I was wondering, how would I go about it so I can have a multi-dimensional array where the first value is a string, 2nd value is a minimum amount, 3rd value is a maximum amount. And then once having that being able to randomly select one of the strings (like using $a = rand(0,14); $test =$name[$a]) but in conjunction being able to generate that string a random amount of times within the min and max without hvaing to use switch statements or if statements? If that is possible that is xD And if it is, I know it's not the most efficent way of doing this, it's just a project ive been given to do in this way Many thanks for any help James :3
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.