I just wanted to run my login script by you guys to see if there are other security measures that i should take. I know that i need to move my DB constants to a config file but aside from that and some error handling, what other checks to i need to add to make sure this script is secure? <?php ob_start(); session_start(); ...
I am running following query by using mysqli->query but despite of showing affected rows removing correct records,MYSQL is not removing the records. The same query runs perfect on command line. DELETE m,s FROM t1 m LEFT JOIN t2 s ON t1.sbid = t2.sb_message_id WHERE m.sbuid = 11 mysqli->affected_rows gives correct count but its weird t...
I'm a bit not understanding - on update, insert, delete queries result_metadata returns false? Because: $meta = $stmt->result_metadata(); if($meta === false){ throw new Exception(...)); } throws the exception when i try to run update, insert or delete query. But it should be false only on error. (from php manual) ...
So I was wondering is this enough to be safe that user won't do any SQL injections and the number will be only and always integer? The $id in getArticle function is binded to SQL query. <?php $id = (isset($_GET['id']) && is_int((int)$_GET['id'])) ? (int)$_GET['id'] : false ?> <?php $news = $class->getArticle($id) ?> As far I tested it...
Hi, I have programmed one hand and tossed it on my host's server but get the error here Fatal error: Allowed memory size of 536870912 byte exhausted (tried to allocate 4294967296 bytes) This is my code <?php require 'opsatning/top.php'; ?> <!--[if IE]> <style> .arrow { top: 100%; }; </style> <![endif]--> <div id="content_indhold"> <?...
I have an insert statement I am querying to the DB. $notes_sql = 'INSERT into notes SET order_id = "'.$_GET['order_id'].'", date_added = "'.$date_added.'", note_message = "'.$_SESSION['note_message'].'"'; $notes_result = $conn->query($notes_sql) or die(mysqli_error($conn)); I know the sql sta...
I used to use PEAR MDB2 and one of the things I loved was the autoExecute() It really cut down on code. But's it's a pain having to get MDB2 enabled on some hosted servers. I'd like to use either PDO or just include some class file. It looks like adodb has autoExecute too http://phplens.com/lens/adodb/docs-adodb.htm#autoexecute Is th...
I have 4 tables each with different columns but they all have one column in common. This is an integer identifier column. So I will have some integer x, and I want all the rows from all 4 tables that have this one id column equal to x. Ive tried something similar to: SELECT table1.col1, table2.col2 FROM table1 LEFT JOIN table2 ON table...
Hi, I need to count the number of persons with the same status from a table for a specific user.. I want to use prepared statements so I did something like this (not working): $sql = 'SELECT status, COUNT(personID) FROM user_persons GROUP BY status WHERE userID = ?'; if ($stmt->prepare($sql)) { $stmt->bind_param('i', $userID); ...
Hello, the full error is "Zend_Db_Statement_Mysqli_Exception: Mysqli statement execute error : Prepared statement needs to be re-prepared" It occurs only on our unit tests server, but not on all run (it run tests every hour), and not on all test wich use database. We only have 111 PHPunit tests. The test server is a Linux Centos5 with...
I am trying to set up a MySQL connection in a main script, and then call various functions depending on what I want to do. I am having trouble passing the connection information to the function. I have a class "queries" which contains various functions, all which return an array. This is what the code looks like in my main script (calli...
Not working: $link = mysqli_connect("localhost", "********", "*******", "*******"); if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } $cmp = 126; if (($stmt = mysqli_prepare($link, "SELECT datalock FROM sys_tenancy WHERE id=?"))) { echo mysqli_stmt_bind_param($stmt, "i", $cmp) ?...
As far as I've done my searchings over Google and everything, it looks like this is a pretty common issue, but I cannot seem to fix it. Plus, I think that I have a little different usage of the function as others out there. And, after about 3 hours of no luck, I'm posting here! function free_result(){ ...
I have a long running php script which is basically an infinite loop listening for events (its an xmpp bot), I start the script with nohup php bot.php &. The raw structure of the script is like $mysqli = mysqli_connect(...); while(1) { if(event1) { // do database action } else if(event2) { // non database action ...
Hi there i've been having some trouble using an IN in a where clause using MySQLi this is my query: SELECT * FROM core_tags WHERE tag_id IN (1,2,3,4,5) GROUP BY tag_id ORDER BY tag_popularity ASC If I run this in PHP My Admin then I get 5 results as I would expect. However if I run it in PHP with the following code I only get one res...
Hello all, my WHERE do so my page dont work and i dont know how i do so then a user create a comment then a number in my thread will grow +1. i wanna do this because then i user create a new comment the users who follow that thread can see "oh there is a new comment to the topic o follow" here is my code if(isset($_POST['opret_kom...
Hello all, i have a forum and in that forum people can create a thread in a category they chose, but i wanna check if the category exists but i dont know how to, because know if i type another category number in the URL i still see the page. here is my code $kategoriID = $_GET['kategoriID']; if(!isset($overskrift) || !isset($ind...
Hello i got this error its the $birthDay = date("d", $alder); $birthYear = date("Y", $alder); i dont know what it is here is my code //Dag $maxDays = 31; $birthDay = date("d", $alder); echo '<select name="day">'; echo '<option value="">Dag</option>'; for($i=1; $i<=...
I have 2 tables items and item_relations items has 4 columns row_id(primary key), story_id, field1 and field2 item_relation stores the relation between each rows in items table it has 2 columns parent_story_id and child_story_id. Both columns store story_id's of rows from items. A parent item can have many child items and a Child can ...
Hi, Is it correct to use one view file with say 2 functions inside it. For example I have project table in my database and I have 2 functions inside the view file for this specific MySQL query. Each query returns a specific view so say function 1 = num_rows function 2 = data inside the rows Would this be correct or should I do s...