php-general Digest 25 May 2011 14:38:59 -0000 Issue 7328

2011-05-25 Thread php-general-digest-help 

php-general Digest 25 May 2011 14:38:59 - Issue 7328

Topics (messages 313137 through 313152):

simple question abt convert to integer
313137 by: Negin Nickparsa
313138 by: Bálint Horváth
313139 by: Negin Nickparsa
313140 by: Negin Nickparsa
313141 by: Negin Nickparsa
313142 by: Bálint Horváth
313143 by: Negin Nickparsa
313144 by: Paul M Foster
313145 by: Bálint Horváth
313146 by: Vitalii Demianets
313147 by: Bálint Horváth
313148 by: Ashley Sheridan
313149 by: Andre Polykanine
313152 by: Negin Nickparsa

Re: WHERE field = a range of values (value
313150 by: Paul S

How can a UTF-8 string can be converted to  an array of Bytes?
313151 by: Eli Orr (Office)

Administrivia:

To subscribe to the digest, e-mail:
php-general-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
php-general-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
php-gene...@lists.php.net


--
---BeginMessage---
my code is this:
$query1=select * from patient where id=.$_POST['txt'];
it works but
i think because i have error in next line:
*Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
given

$num2=Mysql_num_rows($result1);

i echoed $ query1 and the result was this=select * from patient where id=1
maybe  it can't convert $_POST['txt'] from String to integer and then it
can't get my $num
it is int in my mysql
how can i correct $query1?
---End Message---
---BeginMessage---
Hi,
I've a simply idea...
If you have integer in your mysql, don't use  at that field in the query...
Try this:
$query=select * from patient where id=.$id.;
There isn't apostrofy in the mysql query...

Bálint Horváth
On 25 May 2011 06:06, Negin Nickparsa nickpa...@gmail.com wrote:
 my code is this:
 $query1=select * from patient where id=.$_POST['txt'];
 it works but
 i think because i have error in next line:
 *Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
 given

 $num2=Mysql_num_rows($result1);

 i echoed $ query1 and the result was this=select * from patient where
id=1
 maybe it can't convert $_POST['txt'] from String to integer and then it
 can't get my $num
 it is int in my mysql
 how can i correct $query1?
---End Message---
---BeginMessage---
$id=(int)$_POST['txt'];
$query1=select * from patient where id=.$id.;
echo $query1;
$result1=mysql_query($query1);

echo $result1;
$num2=Mysql_num_rows($result1);
$num3=Mysql_num_fields($result1);

still it has previous error

Here is my output:select * from patient where id=1
*Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
given in

*Warning*: mysql_num_fields() expects parameter 1 to be resource, boolean
given in **
---End Message---
---BeginMessage---
Bálint Horváth,
the second post of me is using your idea
your idea is working but why i have error still?
---End Message---
---BeginMessage---
$result1=mysql_query($query1);

echo $result1;

it can't echo $result1
i don't know why?
---End Message---
---BeginMessage---
If the query is incorrect u get boolean: false, if its correct u get a
resource id...

Bálint Horváth
On 25 May 2011 06:28, Negin Nickparsa nickpa...@gmail.com wrote:
---End Message---
---BeginMessage---
i recieve nothing not a resource id and nore false
---End Message---
---BeginMessage---
On Wed, May 25, 2011 at 08:57:18AM +0430, Negin Nickparsa wrote:

 $id=(int)$_POST['txt'];
 $query1=select * from patient where id=.$id.;

You're not *thinking* about what you're doing. The above is silly. Think
about it: you're sending a string to MySQL. If $_POST['txt'] returns a
string which looks like the number 1, then

$query1 = select * from patient where id = $_POST[txt];

should suffice. If you like, test $_POST['txt'] first by echoing it.


 echo $query1;
 $result1=mysql_query($query1);

Ideally, you should be calling this function with an added connection
parameter. Like this:

$link = mysql_connect($connection_stuff);
$result1 = mysql_query($query1, $link);

It's not *necessary*, but advisable.

mysql_query() returns a resource object, unless there is a problem. If
there is a problem, then it returns FALSE. You can check what it returns
this way:

if (is_resource($result1))
print It's a resource!;
elseif ($result1 === FALSE)
print It's false!;
else
print I don't know what the heck it is!;

 
 echo $result1;

I don't know what you'll get from this echo if $result1 truly is a
resource. But if it's false, you won't get much. $result1 should be a
resource object, which means it's opaque. You can't know what's in it
unless you use a helper function like mysql_num_rows(), etc.

 $num2=Mysql_num_rows($result1);
 $num3=Mysql_num_fields($result1);
 
 still it has previous error
 
 Here is my output:select * from patient where id=1
 *Warning*: mysql_num_rows() expects

Re: [PHP] simple question abt convert to integer

2011-05-25 Thread Vitalii Demianets 
On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
 my code is this:
 $query1=select * from patient where id=.$_POST['txt'];
 it works but

Holy Jesus!
Can't wait to send to your server POST request with txt=1;DROP DATABASE; --

Of course, if you'll  switch to prepare statement instead of string embedding 
there will be no much fun.

-- 
Vitalii

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] simple question abt convert to integer

2011-05-25 Thread Bálint Horváth 
Of course have to use filters and etc...

Bálint Horváth
On 25 May 2011 09:53, Vitalii Demianets vi...@nppfactor.kiev.ua wrote:
 On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
 my code is this:
 $query1=select * from patient where id=.$_POST['txt'];
 it works but

 Holy Jesus!
 Can't wait to send to your server POST request with txt=1;DROP DATABASE;
--

 Of course, if you'll switch to prepare statement instead of string
embedding
 there will be no much fun.

 --
 Vitalii

 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] simple question abt convert to integer

2011-05-25 Thread Ashley Sheridan 
Vitalii Demianets vi...@nppfactor.kiev.ua wrote:

On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote:
 my code is this:
 $query1=select * from patient where id=.$_POST['txt'];
 it works but

Holy Jesus!
Can't wait to send to your server POST request with txt=1;DROP
DATABASE; --

Of course, if you'll  switch to prepare statement instead of string
embedding
there will be no much fun.

--
Vitalii

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Prepared statements aren't the only solution, a decent bit of filtering would 
work too. In the OPs example he only needed an int, so something like:

$val = intval($_POST['txt']);

Would do the trick. It just means that the value is safe (or at least in an 
expected range) for use elsewhere in the code, it may not necessarily only be 
restricted to a DB query.


Thanks
Ash
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] simple question abt convert to integer

2011-05-25 Thread Andre Polykanine 
Hello Negin,
$query1=select * from patient where id=.$_POST['txt'];
$result1=mysql_query($query1);
$rows=mysql_num_rows($result1);
Note: you *didn't* execute the query by calling mysql_query on it.

-- 
With best regards from Ukraine,
Andre
Skype: Francophile
My blog: http://oire.org/menelion (mostly in Russian)
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion

 Original message 
From: Negin Nickparsa nickpa...@gmail.com
To: php-general@lists.php.net
Date created: , 7:05:18 AM
Subject: [PHP] simple question abt convert to integer


  my code is this:
$query1=select * from patient where id=.$_POST['txt'];
it works but
i think because i have error in next line:
*Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
given

$num2=Mysql_num_rows($result1);

i echoed $ query1 and the result was this=select * from patient where id=1
maybe  it can't convert $_POST['txt'] from String to integer and then it
can't get my $num
it is int in my mysql
how can i correct $query1?


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] WHERE field = a range of values (value

2011-05-25 Thread Paul S 

On Tue, 24 May 2011 23:47:47 +0700, Paul S pau...@roadrunner.com wrote:

On Tue, 24 May 2011 21:09:34 +0700, Richard S. Crawford  
rscrawf...@mossroot.com wrote:



On Tue, May 24, 2011 at 6:51 AM, Paul S pau...@roadrunner.com wrote:

I'd like to check a table to retrieve rows for which one field equals  
one

of a set of values


#get products(fields) in category list
   while ($row = $db_connect-fetch_array($productsincategory_list)) {
  $product = $row ['selection'];
  $fields = $fields .  $product,;
   }
   $fields = substr($fields,'',-1);

## echo $fieldsbrbr;
## $fields = Prod1, ProD2, Prod3

This ...

$db_connect-fetch_array($sql_result);

$store_result = $db_connect-query(select * from $sql_usertable WHERE
(($sql_usertable.product1 = '($fields)')||( $sql_usertable.product2 =
'($fields)')||($sql_usertable.product3 = '($fields)')) order by id desc
limit $entry, $entries_per_page);

doesn't work. It selects nothing (obviously because no single field  
equals

' (Prod1, Prod2, Prod3) '). But it's the idea. Can I change the:

= '($fields)'

syntax I'm trying?

The actual select checks more fields for this or that and gets more
complicated so I'd like to keep this as simple
as possible. I would like to do this without UNIONS (in one pass) if
possible (my
dbsql.php doesn't seem to go beyond regular query).



Try in:

where productx in (Prod1, Prod2, Prod3)





THANKS. You saved me another day of frustration trying UNION! :-)

In addition your answer also got me here:
http://dev.mysql.com/doc/refman/4.1/en/comparison-operators.html



Except when $fields = '' (blank)  MySql error. Can put in if but leaves  
an undefined resource (warning). Any way to initialize a resourse?  
($store_result = $db_connect-query)?

--
Using Opera's revolutionary email client: http://www.opera.com/mail/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How can a UTF-8 string can be converted to an array of Bytes?

2011-05-25 Thread Eli Orr (Office) 

Hi,

Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes  UTF-8 
encoded character a single character


How can it be break into the REAL bytes array that represent the UTF-8 
string

 and how  can we reassembled the bytes array  back to UTF-8?

--
Best Regards,

*Eli Orr*
CTO  Founder
*LogoDial Ltd.*

__

Re: [PHP] simple question abt convert to integer

2011-05-25 Thread Negin Nickparsa 
Tnx to all:D
Paul you are absolutly right:D
it was a bad mistake from me
there was no need 2 convert it
Balint helped me n with mysql_error i found that
my code hasn't any mistake
i just forgot the BIG thing!
selecting db:D
i totally forgot it because i had array keys with if statement n in there i
selected it
but in the last one of them i forgot 2 set the selection of DB
Ashley what is OP? and filtering i didn't understand
Andre why u r telling me
Note: you *didn't* execute the query by calling mysql_query on it.
if it doesn't execute the query then what's it doing?
Reply
Vitalli believe me that i tried it n i can send the string without  error i
tried it:
$query1=select * from patient where id=.$_POST['txt'];
it works! after i found my error i tried it 2 n it was right!!!

Re: [PHP] How can a UTF-8 string can be converted to an array of Bytes?

2011-05-25 Thread Eric Butera 
On Wed, May 25, 2011 at 8:15 AM, Eli Orr (Office) eli@logodial.com wrote:
 Hi,

 Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes  UTF-8
 encoded character a single character

 How can it be break into the REAL bytes array that represent the UTF-8
 string
  and how  can we reassembled the bytes array  back to UTF-8?

 --
 Best Regards,

 *Eli Orr*
 CTO  Founder
 *LogoDial Ltd.*

 __


You can use mb_substr [1] with a UTF-8 encoding to get the single characters.

http://us.php.net/mb_substr

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] simple question abt convert to integer

2011-05-25 Thread Bálint Horváth 
The problem is that if you set the post directly to the query it's available
to be an attach code in the field... (eg. DROP DATABASE;) it's called to
SQL injection...

what I mean on filtering:
always check the values in query eg.: $id = $_POST['id'];
if(is_numeric($id)){...}else{bad post}
and at other fields u can use eg. strstr() etc...

On Wed, May 25, 2011 at 4:38 PM, Negin Nickparsa nickpa...@gmail.comwrote:

 Tnx to all:D
 Paul you are absolutly right:D
 it was a bad mistake from me
 there was no need 2 convert it
 Balint helped me n with mysql_error i found that
 my code hasn't any mistake
 i just forgot the BIG thing!
 selecting db:D
 i totally forgot it because i had array keys with if statement n in there i
 selected it
 but in the last one of them i forgot 2 set the selection of DB
 Ashley what is OP? and filtering i didn't understand
 Andre why u r telling me
 Note: you *didn't* execute the query by calling mysql_query on it.
 if it doesn't execute the query then what's it doing?
 Reply
 Vitalli believe me that i tried it n i can send the string without  error i
 tried it:
 $query1=select * from patient where id=.$_POST['txt'];
 it works! after i found my error i tried it 2 n it was right!!!

Re: [PHP] simple question abt convert to integer

2011-05-25 Thread Negin Nickparsa 
i got it tnx Balint