-
December 8th, 2005, 05:50 AM
#11
Re: Simple PHP/MySQL - Fresh Eyes Needed
Corrected versions as I see 'em below:
Code:
<?PHP // Always use <?PHP to open tags, there's a reason PEAR compliance requires it.
$user = "XXXXX";
$pass = "XXXXX";
$db = "XXXXXX";
$myserver = "XXXXX";
$connect = mysql_connect($myserver, $user, $pass) or die("Connect");
$select_db = mysql_select_db($db) or die("DB Selection");
?>
Code:
<?PHP
session_start();
include "inc/connect.php";
if ( !empty($_POST['username']) && !empty($_POST['password']) )
{
$username = $_POST['username'];
$password = md5($_POST['password'];
$username = htmlspecialchars($username);
$username = stripslashes($username);
$query = "SELECT * FROM tblUsers WHERE userName = '".$username."' AND userPassword = '".$password."'";
$result = mysql_query($query);
$numResult = mysql_num_rows($result);
if ( $numResult == 1)
{
$userInfo = mysql_fetch_array($result);
$_SESSION['sessionID'] = $userInfo['userID'];
header("Location: http://www.xxx.ca/next.php");
exit;
}
}
else
{
header("Location: http://www.xxx.ca/index.php");
exit;
}
?>
If you can read this, PHP is not being parsed correctly.
Personally, I've long been a fan of PEAR::DB both for portability across backends, as well as its error handling. There are other steps I would personally take here to ensure that the data is being sanitized, but I've covered that here before. :)
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
December 8th, 2005, 01:24 PM
#12
Originally posted here by HTRegz
You've never heard of mysql_connect of Die... It's kind of like the Earl of Grey... :P
Thanks.. but alas... that wasn't the problem.
Peace,
HT
HT heard of die same as exit() but it's been so long I though you needed 'or' not 'of'. Anyway sorry I couldn't help...
everything I do now days is VB.
dino
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
December 8th, 2005, 03:32 PM
#13
Originally posted here by dinowuff
HT heard of die same as exit() but it's been so long I though you needed 'or' not 'of'. Anyway sorry I couldn't help...
everything I do now days is VB.
dino
Hey Hey,
You do need or.... I was making a pathetic attempt at a joke... Anyways... I'd greenie but I gotta spread first
Peace,
HT
-
December 8th, 2005, 04:07 PM
#14
Hey Hey,
So this morning when I came in, I took chsh's posted code and just pasted it directly in.... Still just got the white screen... It was driving me nuts, so I took it over to one of my personal services and ran it.... Success... I got an error message displayed. The missing ) that catch had pointed out was still missing in chsh's repost and it gave me a parse error.... I fixed it and it worked...
Thanks all..
Here's a follow up:
Php haas built in error instances. YOu have to specify that in the code you wrte to turn on error messages.
I got that response from tech support when I asked about having error messages enabled.. Anyone ever dealt with a setup like this before?
Peace,
HT
-
December 8th, 2005, 04:34 PM
#15
Originally posted here by HTRegz
Hey Hey,
You do need or.... I was making a pathetic attempt at a joke... Anyways... I'd greenie but I gotta spread first
Peace,
HT
OK I get it. And don't worry about the ap's still trying to greenie you for your help with the WP Doc password. And to something even more funny - I spent a few HOURS this morning trying to figure out how to use 'of die'
Sometimes we have to laugh at ourselves.
09:F9:11:02:9D:74:E3:5B 8:41:56:C5:63:56:88:C0
-
December 8th, 2005, 04:41 PM
#16
This link may help. It contains lots of info on error handling within PHP.
PHP internally uses eight error types to classify errors that can occur during the execution of a script. PHP also provides three extra error types that can be used by the user to produce user-defined error messages. To begin, you'll look at the eight standard error types, and then the last three custom error types and how they can be used to deal with errors generated within your scripts.
Sometimes we have to laugh at ourselves.
I do this. Sometimes it's either that or cry.
omin
-
December 8th, 2005, 05:25 PM
#17
Originally posted here by HTRegz
Hey Hey,
So this morning when I came in, I took chsh's posted code and just pasted it directly in.... Still just got the white screen... It was driving me nuts, so I took it over to one of my personal services and ran it.... Success... I got an error message displayed. The missing ) that catch had pointed out was still missing in chsh's repost and it gave me a parse error.... I fixed it and it worked...
Not using code highlighters for the lose. :P At any rate, if it's not working on the host, make a simple script that contains:
Code:
<?php
echo phpinfo();
?>
If it doesn't output, then PHP is not working, and it's something related to the host. Additionally, you might get some good information about the host version and such.
Once you know what version, you might want to try adding a line that reads:
Code:
ini_set('display_errors', 1);
to the top of your existing code (first line before even the include). If it's working, that should cause PHP to throw errors up on the output. You can set a few directives at runtime, the list is at:
http://ca3.php.net/manual/en/ini.php#ini.list
Normally you want it disabled for enumeration prevention reasons.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
December 8th, 2005, 06:18 PM
#18
Originally posted here by chsh
Not using code highlighters for the lose. :P At any rate, if it's not working on the host, make a simple script that contains:
Code:
<?php
echo phpinfo();
?>
If it doesn't output, then PHP is not working, and it's something related to the host. Additionally, you might get some good information about the host version and such.
Once you know what version, you might want to try adding a line that reads:
Code:
ini_set('display_errors', 1);
to the top of your existing code (first line before even the include). If it's working, that should cause PHP to throw errors up on the output. You can set a few directives at runtime, the list is at:
http://ca3.php.net/manual/en/ini.php#ini.list
Normally you want it disabled for enumeration prevention reasons.
Hey Hey,
Yeah phpinfo() worked just fine when I tested it... and now the original login code is working too Thanks a lot.... I'll try out that ini_set when I go to work this afternoon coding the search engine...
Peace,
HT
-
December 9th, 2005, 06:57 PM
#19
Ok... so I'm an idiot
Alrighty,
I need some debugging help again...
chsh's ini_set line worked beautifully to display error codes... made it much easier to fix the problem... However now I'm getting blank pages even with that line in the config.
I'm not sure what's going on... I usually spend a lot of time in php and have done a number of sites, but this one is kicking my ass... I think I've successfully santized the code.... Everything else was due to that parse error from the missing ), however this one displays no parse errors..
Plus I want to take advantage of the syntax highlighting.... Anyone know of good software for Windows.... PHP-Edit is too expensive... TextPad doesn't formally support PHP... Anyways on with the show.
PHP Code:
<?php
ini_set('display_errors', 1);
session_start();
if ( isset( $_SESSION['sessionID'] ) ) {
if ( $_SESSION['userIsAdmin'] == 1 ) {
?>
<html>
<head>
<title>XXXXX Image & CD Library :: Administrative Functions</title>
<style type="text/css">
@import "inc/stylesheet.css";
</style>
</head>
<body>
<div align="left">
<img src="../images/xxxlogo.jpg" width="450px" height="125px">
</div>
<br />
<br />
<table bgcolor="#000000" width="300px" border="0" cellpadding="0" cellspacing="0" align="center" valign="middle">
<tr>
<td bgcolor="#000000" height="1px"></td>
</tr>
<tr>
<td bgcolor="#000000" width="1px"></td>
<td>
<table border="0" width="100%" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" align="center" valign="middle">
<tr>
<td valign="top"><img src="../images/tl.gif" width="20px" height="20px"></td>
<td valign="top" width="100%"></td>
<td valign=top><img src="../images/tr.gif" width="20px" height="20px"></td>
</tr>
<tr>
<td align="center" colspan="3">
<table cellpadding="0" cellspacing="0">
<tr>
<td valign="middle">
<ul>
<?php
include "../inc/connect.php";
$query = "SELECT * from tblUsers";
$result = mysql_query($query);
while ($user = mysql_fetch_array($result)) {
echo '<li><a href="mailto:' . $user['userEmail'] . '">' . $user['userName'] . '</a> | <a href="delUser.php?uid=' . $user['userID'] . '">Delete User</a> | <a href="chPass.php?user=' . $user['userID'] '">Change Password</a></li>'
}
?>
</ul>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td valign="bottom"><img src="../images/bl.gif" width="20px" height="20px"></td>
<td valign="top" width="100%"></td>
<td valign="bottom"><img src="../images/br.gif" width="20px" height="20px"></td>
</tr>
</table>
</td>
<td bgcolor="#000000" width="1px"></td>
</tr>
<tr>
<td bgcolor="#000000" height="1px"></td>
</tr>
</table>
</body>
</html>
<?php
}
else {
header ("Location: [url]http://www.XXXXX.ca/index.php[/url]");
exit;
}
}
else {
header ("Location: [url]http://www.XXXXX.ca/index.php[/url]");
exit;
}
?>
Peace,
HT
-
December 9th, 2005, 07:11 PM
#20
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|