php-general Digest 25 May 2011 14:38:59 -0000 Issue 7328
php-general Digest 25 May 2011 14:38:59 - Issue 7328 Topics (messages 313137 through 313152): simple question abt convert to integer 313137 by: Negin Nickparsa 313138 by: Bálint Horváth 313139 by: Negin Nickparsa 313140 by: Negin Nickparsa 313141 by: Negin Nickparsa 313142 by: Bálint Horváth 313143 by: Negin Nickparsa 313144 by: Paul M Foster 313145 by: Bálint Horváth 313146 by: Vitalii Demianets 313147 by: Bálint Horváth 313148 by: Ashley Sheridan 313149 by: Andre Polykanine 313152 by: Negin Nickparsa Re: WHERE field = a range of values (value 313150 by: Paul S How can a UTF-8 string can be converted to an array of Bytes? 313151 by: Eli Orr (Office) Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- my code is this: $query1=select * from patient where id=.$_POST['txt']; it works but i think because i have error in next line: *Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean given $num2=Mysql_num_rows($result1); i echoed $ query1 and the result was this=select * from patient where id=1 maybe it can't convert $_POST['txt'] from String to integer and then it can't get my $num it is int in my mysql how can i correct $query1? ---End Message--- ---BeginMessage--- Hi, I've a simply idea... If you have integer in your mysql, don't use at that field in the query... Try this: $query=select * from patient where id=.$id.; There isn't apostrofy in the mysql query... Bálint Horváth On 25 May 2011 06:06, Negin Nickparsa nickpa...@gmail.com wrote: my code is this: $query1=select * from patient where id=.$_POST['txt']; it works but i think because i have error in next line: *Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean given $num2=Mysql_num_rows($result1); i echoed $ query1 and the result was this=select * from patient where id=1 maybe it can't convert $_POST['txt'] from String to integer and then it can't get my $num it is int in my mysql how can i correct $query1? ---End Message--- ---BeginMessage--- $id=(int)$_POST['txt']; $query1=select * from patient where id=.$id.; echo $query1; $result1=mysql_query($query1); echo $result1; $num2=Mysql_num_rows($result1); $num3=Mysql_num_fields($result1); still it has previous error Here is my output:select * from patient where id=1 *Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean given in *Warning*: mysql_num_fields() expects parameter 1 to be resource, boolean given in ** ---End Message--- ---BeginMessage--- Bálint Horváth, the second post of me is using your idea your idea is working but why i have error still? ---End Message--- ---BeginMessage--- $result1=mysql_query($query1); echo $result1; it can't echo $result1 i don't know why? ---End Message--- ---BeginMessage--- If the query is incorrect u get boolean: false, if its correct u get a resource id... Bálint Horváth On 25 May 2011 06:28, Negin Nickparsa nickpa...@gmail.com wrote: ---End Message--- ---BeginMessage--- i recieve nothing not a resource id and nore false ---End Message--- ---BeginMessage--- On Wed, May 25, 2011 at 08:57:18AM +0430, Negin Nickparsa wrote: $id=(int)$_POST['txt']; $query1=select * from patient where id=.$id.; You're not *thinking* about what you're doing. The above is silly. Think about it: you're sending a string to MySQL. If $_POST['txt'] returns a string which looks like the number 1, then $query1 = select * from patient where id = $_POST[txt]; should suffice. If you like, test $_POST['txt'] first by echoing it. echo $query1; $result1=mysql_query($query1); Ideally, you should be calling this function with an added connection parameter. Like this: $link = mysql_connect($connection_stuff); $result1 = mysql_query($query1, $link); It's not *necessary*, but advisable. mysql_query() returns a resource object, unless there is a problem. If there is a problem, then it returns FALSE. You can check what it returns this way: if (is_resource($result1)) print It's a resource!; elseif ($result1 === FALSE) print It's false!; else print I don't know what the heck it is!; echo $result1; I don't know what you'll get from this echo if $result1 truly is a resource. But if it's false, you won't get much. $result1 should be a resource object, which means it's opaque. You can't know what's in it unless you use a helper function like mysql_num_rows(), etc. $num2=Mysql_num_rows($result1); $num3=Mysql_num_fields($result1); still it has previous error Here is my output:select * from patient where id=1 *Warning*: mysql_num_rows() expects
Re: [PHP] simple question abt convert to integer
On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote: my code is this: $query1=select * from patient where id=.$_POST['txt']; it works but Holy Jesus! Can't wait to send to your server POST request with txt=1;DROP DATABASE; -- Of course, if you'll switch to prepare statement instead of string embedding there will be no much fun. -- Vitalii -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simple question abt convert to integer
Of course have to use filters and etc... Bálint Horváth On 25 May 2011 09:53, Vitalii Demianets vi...@nppfactor.kiev.ua wrote: On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote: my code is this: $query1=select * from patient where id=.$_POST['txt']; it works but Holy Jesus! Can't wait to send to your server POST request with txt=1;DROP DATABASE; -- Of course, if you'll switch to prepare statement instead of string embedding there will be no much fun. -- Vitalii -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simple question abt convert to integer
Vitalii Demianets vi...@nppfactor.kiev.ua wrote: On Wednesday 25 May 2011 07:05:18 Negin Nickparsa wrote: my code is this: $query1=select * from patient where id=.$_POST['txt']; it works but Holy Jesus! Can't wait to send to your server POST request with txt=1;DROP DATABASE; -- Of course, if you'll switch to prepare statement instead of string embedding there will be no much fun. -- Vitalii -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Prepared statements aren't the only solution, a decent bit of filtering would work too. In the OPs example he only needed an int, so something like: $val = intval($_POST['txt']); Would do the trick. It just means that the value is safe (or at least in an expected range) for use elsewhere in the code, it may not necessarily only be restricted to a DB query. Thanks Ash -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simple question abt convert to integer
Hello Negin, $query1=select * from patient where id=.$_POST['txt']; $result1=mysql_query($query1); $rows=mysql_num_rows($result1); Note: you *didn't* execute the query by calling mysql_query on it. -- With best regards from Ukraine, Andre Skype: Francophile My blog: http://oire.org/menelion (mostly in Russian) Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion Original message From: Negin Nickparsa nickpa...@gmail.com To: php-general@lists.php.net Date created: , 7:05:18 AM Subject: [PHP] simple question abt convert to integer my code is this: $query1=select * from patient where id=.$_POST['txt']; it works but i think because i have error in next line: *Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean given $num2=Mysql_num_rows($result1); i echoed $ query1 and the result was this=select * from patient where id=1 maybe it can't convert $_POST['txt'] from String to integer and then it can't get my $num it is int in my mysql how can i correct $query1? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] WHERE field = a range of values (value
On Tue, 24 May 2011 23:47:47 +0700, Paul S pau...@roadrunner.com wrote: On Tue, 24 May 2011 21:09:34 +0700, Richard S. Crawford rscrawf...@mossroot.com wrote: On Tue, May 24, 2011 at 6:51 AM, Paul S pau...@roadrunner.com wrote: I'd like to check a table to retrieve rows for which one field equals one of a set of values #get products(fields) in category list while ($row = $db_connect-fetch_array($productsincategory_list)) { $product = $row ['selection']; $fields = $fields . $product,; } $fields = substr($fields,'',-1); ## echo $fieldsbrbr; ## $fields = Prod1, ProD2, Prod3 This ... $db_connect-fetch_array($sql_result); $store_result = $db_connect-query(select * from $sql_usertable WHERE (($sql_usertable.product1 = '($fields)')||( $sql_usertable.product2 = '($fields)')||($sql_usertable.product3 = '($fields)')) order by id desc limit $entry, $entries_per_page); doesn't work. It selects nothing (obviously because no single field equals ' (Prod1, Prod2, Prod3) '). But it's the idea. Can I change the: = '($fields)' syntax I'm trying? The actual select checks more fields for this or that and gets more complicated so I'd like to keep this as simple as possible. I would like to do this without UNIONS (in one pass) if possible (my dbsql.php doesn't seem to go beyond regular query). Try in: where productx in (Prod1, Prod2, Prod3) THANKS. You saved me another day of frustration trying UNION! :-) In addition your answer also got me here: http://dev.mysql.com/doc/refman/4.1/en/comparison-operators.html Except when $fields = '' (blank) MySql error. Can put in if but leaves an undefined resource (warning). Any way to initialize a resourse? ($store_result = $db_connect-query)? -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How can a UTF-8 string can be converted to an array of Bytes?
Hi, Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes UTF-8 encoded character a single character How can it be break into the REAL bytes array that represent the UTF-8 string and how can we reassembled the bytes array back to UTF-8? -- Best Regards, *Eli Orr* CTO Founder *LogoDial Ltd.* __
Re: [PHP] simple question abt convert to integer
Tnx to all:D Paul you are absolutly right:D it was a bad mistake from me there was no need 2 convert it Balint helped me n with mysql_error i found that my code hasn't any mistake i just forgot the BIG thing! selecting db:D i totally forgot it because i had array keys with if statement n in there i selected it but in the last one of them i forgot 2 set the selection of DB Ashley what is OP? and filtering i didn't understand Andre why u r telling me Note: you *didn't* execute the query by calling mysql_query on it. if it doesn't execute the query then what's it doing? Reply Vitalli believe me that i tried it n i can send the string without error i tried it: $query1=select * from patient where id=.$_POST['txt']; it works! after i found my error i tried it 2 n it was right!!!
Re: [PHP] How can a UTF-8 string can be converted to an array of Bytes?
On Wed, May 25, 2011 at 8:15 AM, Eli Orr (Office) eli@logodial.com wrote: Hi, Since a UTF-8 is a multi-bytes mechanism I get for 2 or 3 bytes UTF-8 encoded character a single character How can it be break into the REAL bytes array that represent the UTF-8 string and how can we reassembled the bytes array back to UTF-8? -- Best Regards, *Eli Orr* CTO Founder *LogoDial Ltd.* __ You can use mb_substr [1] with a UTF-8 encoding to get the single characters. http://us.php.net/mb_substr -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] simple question abt convert to integer
The problem is that if you set the post directly to the query it's available to be an attach code in the field... (eg. DROP DATABASE;) it's called to SQL injection... what I mean on filtering: always check the values in query eg.: $id = $_POST['id']; if(is_numeric($id)){...}else{bad post} and at other fields u can use eg. strstr() etc... On Wed, May 25, 2011 at 4:38 PM, Negin Nickparsa nickpa...@gmail.comwrote: Tnx to all:D Paul you are absolutly right:D it was a bad mistake from me there was no need 2 convert it Balint helped me n with mysql_error i found that my code hasn't any mistake i just forgot the BIG thing! selecting db:D i totally forgot it because i had array keys with if statement n in there i selected it but in the last one of them i forgot 2 set the selection of DB Ashley what is OP? and filtering i didn't understand Andre why u r telling me Note: you *didn't* execute the query by calling mysql_query on it. if it doesn't execute the query then what's it doing? Reply Vitalli believe me that i tried it n i can send the string without error i tried it: $query1=select * from patient where id=.$_POST['txt']; it works! after i found my error i tried it 2 n it was right!!!
Re: [PHP] simple question abt convert to integer
i got it tnx Balint