[PHP-DB] Prepared Statement not working (mysql 5)

2005-07-14 Thread Marco Bascietto 
Hello list,

The following example script uses prepared statements to bind input and
output parameters It works flowlessy using php 5  mysqli on a client
machine and MySQL 5.0.7 beta on the server (192.168.0.2):

1: ?php 
2: $m = new mysqli('192.168.0.2', 'xxx', 'xxx');
3: $m-select_db('xxx');
4: 
5: $sql = SELECT des FROM comune WHERE descrizione LIKE ?;
6: $param='tre%';
7: 
8: $stmt = $m-stmt_init();
9:
10: if ($stmt-prepare($sql)) {
11:
12: $stmt-bind_param('s', $param);
13: $stmt-execute();
14: $stmt-bind_result($col1);
15: 
16: echo p;
17: while ($stmt-fetch()) {
18: echo $col1br/;
19: }
20: echo /p;
21: 
22: $stmt-close();
23: }
24: 
25: $m-close();
26: 
27: ?

Now, upon moving the script on to the server and replacing line 2 with 
2: $m = new mysqli('localhost', 'xxx', 'xxx');
it stops working (ie no output at all on screen). 

Removing the bound output parameter (line 14) results in a mock too
many parameters to bind_param error on line 12.
Replacing the PS with a simple query makes the script work again.
The PS at the mysql command interface level is working as expected.

It looks like there is a problem with mysqli PS when the client and the
server share the same machine. 
Does anyone have a clue on what is going on or point me to some tests I
can do?

Thank you all,
marco

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] User authentication and redirect

2005-07-14 Thread Ahmed Saad 
hi Vinny,

On 7/13/05, Vinny Lape [EMAIL PROTECTED] wrote:
 If user validates then look at db entry location then redirect to
 mydomain.com/location/index.php

i don't think it's a good idea. what if the user bookmarked or took
down a notice with the URL to your secured page
(mydomain.com/location/index.php)? then he would just type the url
heading directly for the bypassing your login page! i think u might
want to put the user authorization code in your index php or even
better put it in a file and require() that file at the top of of any
page u want to protect. you can either use sessions or plain HTTP
authentication  (which is not a very good idea).

-ahmed

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] User authentication and redirect

2005-07-14 Thread Thomas Dodson 

Ahmed Saad wrote:


hi Vinny,

On 7/13/05, Vinny Lape [EMAIL PROTECTED] wrote:
 


If user validates then look at db entry location then redirect to
mydomain.com/location/index.php
   



i don't think it's a good idea. what if the user bookmarked or took
down a notice with the URL to your secured page
(mydomain.com/location/index.php)? then he would just type the url
heading directly for the bypassing your login page! i think u might
want to put the user authorization code in your index php or even
better put it in a file and require() that file at the top of of any
page u want to protect. you can either use sessions or plain HTTP
authentication  (which is not a very good idea).

-ahmed

 


perhaps if i had read the original message more carefully...
here are some functions for session based authentication that i use for 
one of my projects...they probably aren't as secure as they could be, im 
relatively new to scripting languages.


?php
   #this file should be in the include directory (include_path from 
php.ini), or the same directory as the functions which include it.

   #be sure to check file permissions if it doesnt work correctly!
   #This script assumes a database named DATABASE, and that user data 
is stored in a table called users, with (at least) fields user, 
password, and email. The password column must be char(32) type to accept 
the encrypted pwd

   #Thomas Dodson   [EMAIL PROTECTED]   24 May 2005

   function db_connect()
   {
   #connect to MySQL
   $link = mysql_connect('HOST', 'USER','PWD') or die('Could not 
connect: ' . mysql_error());

   #select database
   mysql_select_db('DATABASE') or die('Could not select database');

   return $link;
   }

   function encrypt($string) #hash then encrypt a string. the password 
column in the db must be CHAR(32) type

   {
   $crypted = crypt(md5($string), md5($string));
   return $crypted;
   }

   function login($user, $password) #this logs in the user by checking 
the name and pwd against the database. it returns true and writes the
   { #proper session variables if the 
user/pwd combo matches, otherwise it returns false. do NOT use this script
#to check the session variables for 
authorization, i wrote login_check() to do that.

   $auth = false;

   $link = db_connect();
   $result = mysql_query(SELECT password FROM users WHERE user = 
'$user', $link);

   $row = mysql_fetch_array($result, MYSQL_ASSOC);
   $pass = $row['password'];
   mysql_free_result($result);
   mysql_close($link);

   if ($pass === (Encrypt($password)))
   {
   session_start();
   $_SESSION['userid'] = $user;
   $_SESSION['pwd'] = $pass;
   $auth = true;
   }
   return $auth;
   }

   function login_check($user, $password) #this checks to make sure a 
user is logged in. if the user/pwd combo in the session var matches
   {   #the table entry, it returns 
true, otherwise it returns false. it does NOT write any session variables,
  #so use this script and NOT 
login() to check authorization

   $auth = false;
  
   if(!$user || !$password)

   {
   return $auth;
   }

   $link = db_connect();
   $result = mysql_query(SELECT password FROM users WHERE user = 
'$user', $link);

   $row = mysql_fetch_array($result, MYSQL_ASSOC);
   $pass = $row[password];
   mysql_free_result($result);
   mysql_close($link);

   if ($pass === $password)
   {
   $auth = true;
   }
   return $auth;
   }

   function write_log($string) #adds a datestamp and writes to logfile 
in /var/log. the owner of the file SL.log must be the same as the
   {#the user running the apache process 
(usually www-data)

   $string = ' ' . $string . \n;
   $filehandle = fopen('/var/log/SL.log', 'a');
   fwrite($filehandle, date('d M H:i:s')); #write date in format: 
01 Jun 23:01:01

   fwrite($filehandle, $string); #write log entry
   fclose($filehandle);
   }

   function calcElapsedTime($time) #returns elapsed time in seconds
   {

   $diff = time()-$time;
   $daysDiff = 0;
   $hrsDiff = 0;
   $minsDiff = 0;
   $secsDiff = 0;
  
   $sec_in_a_day = 60*60*24;


   while($diff = $sec_in_a_day)
   {
   $daysDiff++; $diff -= $sec_in_a_day;
   }
   $sec_in_an_hour = 60*60;
  
   while($diff = $sec_in_an_hour)

   {
   $hrsDiff++;
   $diff -= $sec_in_an_hour;
   }

   $sec_in_a_min = 60;

   while($diff = $sec_in_a_min)
   {
   $minsDiff++;
   $diff -= $sec_in_a_min;
   }

   $secsDiff = $diff;

   return ($minsDiff.' minute'.(($minsDiff  1) ? s : ).', 
'.$secsDiff.' second'.(($secsDiff  1) ? s : ));


   /*
   #this code