Simple PHP/MySQL - Fresh Eyes Needed - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: Simple PHP/MySQL - Fresh Eyes Needed

  1. #11
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255

    Re: Simple PHP/MySQL - Fresh Eyes Needed

    Corrected versions as I see 'em below:
    Code:
    <?PHP // Always use <?PHP to open tags, there's a reason PEAR compliance requires it.
    $user = "XXXXX";
    $pass = "XXXXX";
    $db  = "XXXXXX";
    $myserver = "XXXXX";
    
    $connect = mysql_connect($myserver, $user, $pass) or die("Connect");
    $select_db = mysql_select_db($db) or die("DB Selection");
    ?>
    Code:
    <?PHP
    session_start();
    include "inc/connect.php";
    if ( !empty($_POST['username']) && !empty($_POST['password']) ) 
    {
    	$username = $_POST['username'];
    	$password = md5($_POST['password'];
    	$username = htmlspecialchars($username);
    	$username = stripslashes($username);
    	$query = "SELECT * FROM tblUsers WHERE userName = '".$username."' AND userPassword = '".$password."'";
    	$result = mysql_query($query);
    	$numResult = mysql_num_rows($result);
    	if ( $numResult == 1) 
            {
    		$userInfo = mysql_fetch_array($result);
    		$_SESSION['sessionID'] = $userInfo['userID'];
    		header("Location: http://www.xxx.ca/next.php");
                    exit;
    	}
    }
    else 
    {
            header("Location: http://www.xxx.ca/index.php");
            exit;
    }
    ?>
    If you can read this, PHP is not being parsed correctly.
    Personally, I've long been a fan of PEAR::DB both for portability across backends, as well as its error handling. There are other steps I would personally take here to ensure that the data is being sanitized, but I've covered that here before. :)
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  2. #12
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    Originally posted here by HTRegz
    You've never heard of mysql_connect of Die... It's kind of like the Earl of Grey... :P

    Thanks.. but alas... that wasn't the problem.

    Peace,
    HT
    HT heard of die same as exit() but it's been so long I though you needed 'or' not 'of'. Anyway sorry I couldn't help...

    everything I do now days is VB.

    dino
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  3. #13
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by dinowuff
    HT heard of die same as exit() but it's been so long I though you needed 'or' not 'of'. Anyway sorry I couldn't help...

    everything I do now days is VB.

    dino
    Hey Hey,

    You do need or.... I was making a pathetic attempt at a joke... Anyways... I'd greenie but I gotta spread first

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #14
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    So this morning when I came in, I took chsh's posted code and just pasted it directly in.... Still just got the white screen... It was driving me nuts, so I took it over to one of my personal services and ran it.... Success... I got an error message displayed. The missing ) that catch had pointed out was still missing in chsh's repost and it gave me a parse error.... I fixed it and it worked...

    Thanks all..

    Here's a follow up:

    Php haas built in error instances. YOu have to specify that in the code you wrte to turn on error messages.
    I got that response from tech support when I asked about having error messages enabled.. Anyone ever dealt with a setup like this before?


    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #15
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    Originally posted here by HTRegz
    Hey Hey,

    You do need or.... I was making a pathetic attempt at a joke... Anyways... I'd greenie but I gotta spread first

    Peace,
    HT
    OK I get it. And don't worry about the ap's still trying to greenie you for your help with the WP Doc password. And to something even more funny - I spent a few HOURS this morning trying to figure out how to use 'of die'

    Sometimes we have to laugh at ourselves.
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  6. #16
    Member omin's Avatar
    Join Date
    Feb 2002
    Posts
    60
    This link may help. It contains lots of info on error handling within PHP.

    PHP internally uses eight error types to classify errors that can occur during the execution of a script. PHP also provides three extra error types that can be used by the user to produce user-defined error messages. To begin, you'll look at the eight standard error types, and then the last three custom error types and how they can be used to deal with errors generated within your scripts.


    Sometimes we have to laugh at ourselves.
    I do this. Sometimes it's either that or cry.


    omin

  7. #17
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by HTRegz
    Hey Hey,

    So this morning when I came in, I took chsh's posted code and just pasted it directly in.... Still just got the white screen... It was driving me nuts, so I took it over to one of my personal services and ran it.... Success... I got an error message displayed. The missing ) that catch had pointed out was still missing in chsh's repost and it gave me a parse error.... I fixed it and it worked...
    Not using code highlighters for the lose. :P At any rate, if it's not working on the host, make a simple script that contains:
    Code:
    &lt;?php
        echo phpinfo(); 
    ?&gt;
    If it doesn't output, then PHP is not working, and it's something related to the host. Additionally, you might get some good information about the host version and such.

    Once you know what version, you might want to try adding a line that reads:
    Code:
    ini_set('display_errors', 1);
    to the top of your existing code (first line before even the include). If it's working, that should cause PHP to throw errors up on the output. You can set a few directives at runtime, the list is at:
    http://ca3.php.net/manual/en/ini.php#ini.list
    Normally you want it disabled for enumeration prevention reasons.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  8. #18
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by chsh
    Not using code highlighters for the lose. :P At any rate, if it's not working on the host, make a simple script that contains:
    Code:
    &lt;?php
        echo phpinfo(); 
    ?&gt;
    If it doesn't output, then PHP is not working, and it's something related to the host. Additionally, you might get some good information about the host version and such.

    Once you know what version, you might want to try adding a line that reads:
    Code:
    ini_set('display_errors', 1);
    to the top of your existing code (first line before even the include). If it's working, that should cause PHP to throw errors up on the output. You can set a few directives at runtime, the list is at:
    http://ca3.php.net/manual/en/ini.php#ini.list
    Normally you want it disabled for enumeration prevention reasons.
    Hey Hey,

    Yeah phpinfo() worked just fine when I tested it... and now the original login code is working too Thanks a lot.... I'll try out that ini_set when I go to work this afternoon coding the search engine...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  9. #19
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    Ok... so I'm an idiot

    Alrighty,

    I need some debugging help again...

    chsh's ini_set line worked beautifully to display error codes... made it much easier to fix the problem... However now I'm getting blank pages even with that line in the config.

    I'm not sure what's going on... I usually spend a lot of time in php and have done a number of sites, but this one is kicking my ass... I think I've successfully santized the code.... Everything else was due to that parse error from the missing ), however this one displays no parse errors..

    Plus I want to take advantage of the syntax highlighting.... Anyone know of good software for Windows.... PHP-Edit is too expensive... TextPad doesn't formally support PHP... Anyways on with the show.

    PHP Code:
    &lt;?php
    ini_set
    ('display_errors'1);
    session_start();

    if ( isset( 
    $_SESSION['sessionID'] ) ) {
        if ( 
    $_SESSION['userIsAdmin'] == ) {
    ?&
    gt;
    &
    lt;html&gt;
        &
    lt;head&gt;
            &
    lt;title&gt;XXXXX Image CD Library :: Administrative Functions&lt;/title&gt;
            &
    lt;style type="text/css"&gt;
                @
    import "inc/stylesheet.css";
            &
    lt;/style&gt;
        &
    lt;/head&gt;
        &
    lt;body&gt;
            &
    lt;div align="left"&gt;
                &
    lt;img src="../images/xxxlogo.jpg" width="450px" height="125px"&gt;
            &
    lt;/div&gt;
            &
    lt;br /&gt;
            &
    lt;br /&gt;
            &
    lt;table bgcolor="#000000" width="300px" border="0" cellpadding="0" cellspacing="0" align="center" valign="middle"&gt;
                        &
    lt;tr&gt;
                            &
    lt;td bgcolor="#000000" height="1px"&gt;&lt;/td&gt;
                        &
    lt;/tr&gt;
                        &
    lt;tr&gt;
                            &
    lt;td bgcolor="#000000" width="1px"&gt;&lt;/td&gt;
                            &
    lt;td&gt;
                                &
    lt;table border="0" width="100%" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" align="center" valign="middle"&gt;
                                    &
    lt;tr&gt;
                                        &
    lt;td valign="top"&gt;&lt;img src="../images/tl.gif" width="20px" height="20px"&gt;&lt;/td&gt;
                                        &
    lt;td valign="top" width="100%"&gt;&lt;/td&gt;
                                        &
    lt;td valign=top&gt;&lt;img src="../images/tr.gif" width="20px" height="20px"&gt;&lt;/td&gt;
                                    &
    lt;/tr&gt;
                                    &
    lt;tr&gt;
                                        &
    lt;td align="center" colspan="3"&gt;
                                        &
    lt;table cellpadding="0" cellspacing="0"&gt;
                                            &
    lt;tr&gt;
                                                &
    lt;td valign="middle"&gt;
                                                &
    lt;ul&gt;
                                                &
    lt;?php
                                                      
    include "../inc/connect.php";
                                                    
    $query "SELECT * from tblUsers";
                                                    
    $result mysql_query($query);
                                                    while (
    $user mysql_fetch_array($result)) {
                                                        echo 
    '&lt;li&gt;&lt;a href="mailto:' $user['userEmail'] . '"&gt;' $user['userName'] . '&lt;/a&gt; | &lt;a href="delUser.php?uid=' $user['userID'] . '"&gt;Delete User&lt;/a&gt; | &lt;a href="chPass.php?user=' $user['userID']  '"&gt;Change Password&lt;/a&gt;&lt;/li&gt;'
                                                    
    }
                                                ?&
    gt;
                                                &
    lt;/ul&gt;
                                                &
    lt;/td&gt;
                                            &
    lt;/tr&gt;
                                    &
    lt;/table&gt;
                                &
    lt;/td&gt;
                            &
    lt;/tr&gt;
                            &
    lt;tr&gt;
                                &
    lt;td valign="bottom"&gt;&lt;img src="../images/bl.gif" width="20px" height="20px"&gt;&lt;/td&gt;
                                &
    lt;td valign="top" width="100%"&gt;&lt;/td&gt;
                                &
    lt;td valign="bottom"&gt;&lt;img src="../images/br.gif" width="20px" height="20px"&gt;&lt;/td&gt;
                            &
    lt;/tr&gt;
                        &
    lt;/table&gt;
                    &
    lt;/td&gt;
                    &
    lt;td bgcolor="#000000" width="1px"&gt;&lt;/td&gt;
                &
    lt;/tr&gt;
                &
    lt;tr&gt;
                    &
    lt;td bgcolor="#000000" height="1px"&gt;&lt;/td&gt;
                &
    lt;/tr&gt;
            &
    lt;/table&gt;
        &
    lt;/body&gt;
    &
    lt;/html&gt;
    &
    lt;?php
    }
    else {
        
    header ("Location: [url]http://www.XXXXX.ca/index.php[/url]");
        exit;
        }
    }
    else {
        
    header ("Location: [url]http://www.XXXXX.ca/index.php[/url]");
        exit;
        }
    ?&
    gt
    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  10. #20
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •