PHP script help

cd34 · 2005-02-24, 11:40 AM

Not sure exactly what you're running into.

Is it possible that you don't have short tags turned on and need to use <?php

to pass information, there are a number of ways. If it is a form submission, i.e. <form action="2ndpage.php" method="post">

You can do something like:

$result = mysql_query("Select * FROM members where Lastname = '".$_REQUEST['HLName']."' and Firstname = 'HFName' ");

or, if the quotes give you a headache:
$HLName = $_REQUEST['HLName'];
$result = mysql_query("Select * FROM members where Lastname = '$HLName' and Firstname = 'HFName' ");

if it is a mysql error that you are getting, after the result line, try:

print mysql_error(); // this will tell you what the interpreter is returning.

If you are using a header("Location: /2ndpage.php");

You can use sessions and pass the data. If you use sessions, you probably want to turn transsid on. This creates a wacky url with the hash just in case the cookie is not accepted by the surfer. The very first line of each page do:

session_start();

Then, you can set values like:
$_SESSION['HLName'] = 'birdicus';
$_SESSION['FLName'] = 'fasticus';

and read those values on the next page as:
$_SESSION['HLName'];

You can also use $_COOKIE['HLName'] if you set the cookie on the prior page with setcookie.

However, not really enough information to see what is going on based on what you posted. Maybe if you can post the error you are getting or a little more of the script.

Barron · 2005-02-24, 12:35 PM

try this:

assumes:
<form method=POST action=info.php>

EDIT: Shit, I read your question wrong. The below script was changed to get the info you want.

<?
session_start();
$con=mysql_pconnect("localhost", "db_username", "db_password");
if($_POST[firstname] and $_POST[lastname])
{
foreach($HTTP_POST_VARS as $key=>$value)
{
$_POST[$key]=trim($value);
}
$info=mysql_query("SELECT * FROM `members` WHERE `firstname`='$_POST[firstname]' AND `lastname`='$_POST[lastname]' LIMIT 1", $con) or die(mysql_error());
$info_numrows=mysql_num_rows($info);
if($info_numrows > 0)
{
// found info
$info_array=mysql_fetch_array($info);
$_SESSION[firstname]=$_POST[firstname];
$_SESSION[lastname]=$_POST[lastname];
echo "First name: $info_array[firstname]<br>\n";
echo "Last Name: $info_array[lastname]<br>\n";
echo "Address: $info_array[address]<br>\n";
}
else
{
// info not found
echo "you are not in our database<br>\n";
include('get_info.php');
}
}
else
{
// No first or last name provided
include(get_info.php);
}
?>

Halfdeck · 2005-02-24, 12:48 PM

Barron's code looks like it should work.

When php/mysql code craps out, I usually:

1) print out the query using an echo statement, preferrably using mysql_error(); Sometimes what you think you're sending to MYSQL is not what's actually getting sent.

2) If I'm really stuck, I use phpadmin or some other mysql interface and play around with different queries to come up with a query that actually returns what I want. Then its just a matter of putting that query into the php script.

Barron · 2005-02-24, 01:04 PM

He wasnt trying to log anyone in. I changed the code to fetch the info for the user.

Ramster, there isnt any error checking, you must put that in. Malformed input from a webpage can really screw things up : )

codemonkey · 2005-02-24, 01:50 PM

Yup anytime you have a database query that can be changed by the user - when using $_GET $_POST $_REQUEST $_COOKIE etc always check the input..

Use the mysql_real_escape_string function in php to clean the input before you put it into the database. This will help to prevent SQL injection attacks by quoting out special characters.

so when inserting selecting etc always do this..

PHP Code:


			
$query = "SELECT * FROM table WHERE user='". mysql_real_escape_string($user) ."'";

i got fed up of typing that so i made a little function to make less typing - what can i say i'm a lazy coder

PHP Code:


			
//Escape the string for the database and add single quotes



function quote($value){

    $value = "'" .mysql_real_escape_string($value) ."'";

    return $value

}

So your code is now...

PHP Code:


			
$query = "SELECT * FROM table WHERE user=". quote($user);

Hope this helps someone out

2005-02-24, 11:40 AM	#1
cd34 a.k.a. Sparky Join Date: Sep 2004 Location: West Palm Beach, FL, USA Posts: 2,396	Not sure exactly what you're running into. Is it possible that you don't have short tags turned on and need to use <?php to pass information, there are a number of ways. If it is a form submission, i.e. <form action="2ndpage.php" method="post"> You can do something like: $result = mysql_query("Select * FROM members where Lastname = '".$_REQUEST['HLName']."' and Firstname = 'HFName' "); or, if the quotes give you a headache: $HLName = $_REQUEST['HLName']; $result = mysql_query("Select * FROM members where Lastname = '$HLName' and Firstname = 'HFName' "); if it is a mysql error that you are getting, after the result line, try: print mysql_error(); // this will tell you what the interpreter is returning. If you are using a header("Location: /2ndpage.php"); You can use sessions and pass the data. If you use sessions, you probably want to turn transsid on. This creates a wacky url with the hash just in case the cookie is not accepted by the surfer. The very first line of each page do: session_start(); Then, you can set values like: $_SESSION['HLName'] = 'birdicus'; $_SESSION['FLName'] = 'fasticus'; and read those values on the next page as: $_SESSION['HLName']; You can also use $_COOKIE['HLName'] if you set the cookie on the prior page with setcookie. However, not really enough information to see what is going on based on what you posted. Maybe if you can post the error you are getting or a little more of the script. __________________ SnapReplay.com a different way to share photos - iPhone & Android

2005-02-24, 12:35 PM	#2
Barron You tried your best and you failed miserably. The lesson is 'never try' Join Date: Oct 2004 Posts: 166	try this: assumes: <form method=POST action=info.php> EDIT: Shit, I read your question wrong. The below script was changed to get the info you want. <? session_start(); $con=mysql_pconnect("localhost", "db_username", "db_password"); if($_POST[firstname] and $_POST[lastname]) { foreach($HTTP_POST_VARS as $key=>$value) { $_POST[$key]=trim($value); } $info=mysql_query("SELECT * FROM `members` WHERE `firstname`='$_POST[firstname]' AND `lastname`='$_POST[lastname]' LIMIT 1", $con) or die(mysql_error()); $info_numrows=mysql_num_rows($info); if($info_numrows > 0) { // found info $info_array=mysql_fetch_array($info); $_SESSION[firstname]=$_POST[firstname]; $_SESSION[lastname]=$_POST[lastname]; echo "First name: $info_array[firstname]<br>\n"; echo "Last Name: $info_array[lastname]<br>\n"; echo "Address: $info_array[address]<br>\n"; } else { // info not found echo "you are not in our database<br>\n"; include('get_info.php'); } } else { // No first or last name provided include(get_info.php); } ?> Last edited by Barron; 2005-02-24 at 01:19 PM..

2005-02-24, 01:50 PM	#5
codemonkey WHO IS FONZY!?! Don't they teach you anything at school? Join Date: Oct 2004 Posts: 44	Yup anytime you have a database query that can be changed by the user - when using $_GET $_POST $_REQUEST $_COOKIE etc always check the input.. Use the mysql_real_escape_string function in php to clean the input before you put it into the database. This will help to prevent SQL injection attacks by quoting out special characters. so when inserting selecting etc always do this.. PHP Code: `$query = "SELECT * FROM table WHERE user='". mysql_real_escape_string($user) ."'";` i got fed up of typing that so i made a little function to make less typing - what can i say i'm a lazy coder PHP Code: `//Escape the string for the database and add single quotes function quote($value){ $value = "'" .mysql_real_escape_string($value) ."'"; return $value }` So your code is now... PHP Code: `$query = "SELECT * FROM table WHERE user=". quote($user);` Hope this helps someone out __________________ BBW modelling competitions

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode	Rate This Thread:

2005-02-24, 12:48 PM	#3
Halfdeck You can now put whatever you want in this space :) Join Date: Oct 2004 Location: New Haven, CT Posts: 985	Barron's code looks like it should work. When php/mysql code craps out, I usually: 1) print out the query using an echo statement, preferrably using mysql_error(); Sometimes what you think you're sending to MYSQL is not what's actually getting sent. 2) If I'm really stuck, I use phpadmin or some other mysql interface and play around with different queries to come up with a query that actually returns what I want. Then its just a matter of putting that query into the php script.

2005-02-24, 01:04 PM	#4
Barron You tried your best and you failed miserably. The lesson is 'never try' Join Date: Oct 2004 Posts: 166	He wasnt trying to log anyone in. I changed the code to fetch the info for the user. Ramster, there isnt any error checking, you must put that in. Malformed input from a webpage can really screw things up : )