[PHP-DB] mysqli_stmt_bind_param question
Hi Everyone, I have a MySQL database that I am accessing from PHP. The table in question has a auto increment field on it and I don't want to include that in my add/edit/update query's to the database... But I can't seem to figure out how to ignore it? Everything I have done seems to fail.. I am using prepared statements so Im not sure it that is it, but I would like to keep using them since it reduces the security issues a little... Here is the code from one of my prepared statements: //Create the statement mysqli_stmt_prepare($stmt, INSERT INTO legionCurrent VALUES ( ?,?,?,?,?,?,?,?)); mysqli_stmt_bind_param($stmt, '', $FName, $LName, $Add1, $Add2, $City, $State, $Zip, $XCode)or die(mysqli_error($addlink)); //Add the record mysqli_stmt_execute($stmt) or die(mysqli_error($addlink)); Here is the error I get in my logs: [Fri Apr 4 09:35:32 2008] [error] PHP Warning: mysqli_stmt_bind_param() [a href='function.mysqli-stmt-bind- param'function.mysqli-stmt-bind-param/a]: invalid object or resource mysqli_stmt\n in /Volumes/RAIDer/webserver/Documents/dev/ OLDBv2/add.php on line 91 Line 91 is the mysqli_stmt_bind_param() line above My database structure looks like this: | FName | LName | Add1| Add2| City | State | Zip | XCode | Reason | Record I know there is away to do it, but all my searching and reading hasn't told me anything... I've looked in the php manual, and mysql, plus various websites... and I just can't figure this one out... RTFM's are appreciated, as long as M is defined! :) Thanks for taking the time to look! -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424-9337 www.raoset.com [EMAIL PROTECTED]
[PHP-DB] Re: UPPER(AES_DECRYPT(...)) bug?
Philip Thompson wrote:
Hi all.
Here's my disclaimer: this question is solely MySQL-related - I just
happen to be programming in PHP.
I have found some functionality which *appears* to be a bug, but I
didn't want to report it before asking some intelligent people. I have
this simple query:
SELECT UPPER('just a lower case string') AS `UPPER_STRING`,
UPPER(AES_DECRYPT(AES_ENCRYPT('Bob Frapples', '1234ABCD'), '1234ABCD'))
AS `UPPER_NAME`;
Expected result:
UPPER_STRING UPPER_NAME
JUST A LOWER CASE STRING BOB FRAPPLES
Real result:
UPPER_STRING UPPER_NAME
JUST A LOWER CASE STRING Bob Frapples
There is a similar bug report http://bugs.mysql.com/bug.php?id=28072
that uses LCASE instead of UPPER. But, they have the same *lack of
desired functionality*. MySQL people say it's not a bug due to how
binary blah blah blah. Whatever - I don't buy that. It's not working *as
it should*. On top of that, the docs for this encrypt stuff is quite
minimal.
My questions to you: do you think this is a bug? And... is there an
alternative to searching on fields that are encrypted using the LIKE
operator?
The bug report is correct. This is not a bug. The docs clearly state at
the top of the page:
The encryption and compression functions return binary strings.
If you need a normal string, try the cast() or convert() function to
convert your binary string before comparing or using it in a function.
-Roberto
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] php + mysql + copy file
Hi,
try this,
$carpeta = $_SERVER['DOCUMENT_ROOT']./subidos; // nombre de la carpeta ya
creada. chmool 777 (todos los permisos)
copy($_FILES['file']['tmp_name'] , $carpeta . $_FILE['file']['name']);
Regards,
Tacio Vilela
2008/4/2 Chris [EMAIL PROTECTED]:
$carpeta = subidos; // nombre de la carpeta ya creada. chmool
777
(todos los permisos)
copy($_FILES['file']['tmp_name'] , $carpeta . '/' . $_FILE
['file']['name']);
It's $_FILES not $_FILE (an 's' on the end).
It's always worth using error_reporting(E_ALL) and
ini_set('display_errors', true) when doing development, this would have
triggered a notice or warning (can't remember which).
--
Postgresql php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
/***
*** ***
*** Tácio Vilela ***
*** MSN: [EMAIL PROTECTED] ***
*** SKYPE: taciovilela ***
*** ***
***/
Re: [PHP-DB] mysqli_stmt_bind_param question
Hi! First of all you must connect to the server and then perform an init to get a statement. Maybe you dropped that code out here... Please have a look at the manual page: http://www.php.net/manual/en/function.mysqli-stmt-prepare.php In order to get the result you also need to bind the result to a variable and then fetch the data. I'll guess that your error comes from an unsuccessful initialization of your prepared statement. If you don't want to include your primary key column that is autogenerated you just ignore it. That means to write a proper query like: INSERT INTO legioCurrent (column_1, column_2, ...) VALUES (?,?,...) I would also like to propose for you to use the object oriented style, since it's more readable and easier to get an overview of. You also don't need to mess around with so many parameters. Greetings, Krister Karlström, Helsinki, Finland Jason Pruim wrote: Hi Everyone, I have a MySQL database that I am accessing from PHP. The table in question has a auto increment field on it and I don't want to include that in my add/edit/update query's to the database... But I can't seem to figure out how to ignore it? Everything I have done seems to fail.. I am using prepared statements so Im not sure it that is it, but I would like to keep using them since it reduces the security issues a little... Here is the code from one of my prepared statements: //Create the statement mysqli_stmt_prepare($stmt, INSERT INTO legionCurrent VALUES ( ?,?,?,?,?,?,?,?)); mysqli_stmt_bind_param($stmt, '', $FName, $LName, $Add1, $Add2, $City, $State, $Zip, $XCode)or die(mysqli_error($addlink)); //Add the record mysqli_stmt_execute($stmt) or die(mysqli_error($addlink)); Here is the error I get in my logs: [Fri Apr 4 09:35:32 2008] [error] PHP Warning: mysqli_stmt_bind_param() [a href='function.mysqli-stmt-bind-param'function.mysqli-stmt-bind-param/a]: invalid object or resource mysqli_stmt\n in /Volumes/RAIDer/webserver/Documents/dev/OLDBv2/add.php on line 91 Line 91 is the mysqli_stmt_bind_param() line above My database structure looks like this: | FName | LName | Add1| Add2| City | State | Zip | XCode | Reason | Record I know there is away to do it, but all my searching and reading hasn't told me anything... I've looked in the php manual, and mysql, plus various websites... and I just can't figure this one out... RTFM's are appreciated, as long as M is defined! :) Thanks for taking the time to look! -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424-9337 www.raoset.com [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysqli_stmt_bind_param question
Hi Krister, On Apr 4, 2008, at 2:35 PM, Krister Karlström wrote: Hi! First of all you must connect to the server and then perform an init to get a statement. Maybe you dropped that code out here... Please have a look at the manual page: http://www.php.net/manual/en/function.mysqli-stmt-prepare.php In order to get the result you also need to bind the result to a variable and then fetch the data. I'll guess that your error comes from an unsuccessful initialization of your prepared statement. If you don't want to include your primary key column that is autogenerated you just ignore it. That means to write a proper query like: INSERT INTO legioCurrent (column_1, column_2, ...) VALUES (?,?,...) I was not aware with prepared statements you could do it that way... Thank you! Once I added that it worked like a charm! Not quite sure how I missed that on the manuel page though... I would also like to propose for you to use the object oriented style, since it's more readable and easier to get an overview of. I have never been able to understand OO code... For me the procedural code is much easier to read. You also don't need to mess around with so many parameters. What do you mean by this? -- Jason Pruim Raoset Inc. Technology Manager MQC Specialist 3251 132nd ave Holland, MI, 49424-9337 www.raoset.com [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] mysqli_stmt_bind_param question
Hi again Jason! Jason Pruim wrote: On Apr 4, 2008, at 2:35 PM, Krister Karlström wrote: You also don't need to mess around with so many parameters. What do you mean by this? Since you're working in object context you mostly just refer to your variable with the name of the object and the calls the method with the arrow - operator. But anyway, if you're not familiar with object orientation then I think it's no point for me to go into this discussion right now... :-) On the manual page, to which I posted a link to you in my previous post, there's the same code in both procedural style and in object oriented style. I think you'll get the point by comparing those two examples. Greetings, Krister Karlström, Helsinki, Finland -- * Ing. Krister Karlström, Zend Certified Engineer * * Systemutvecklare, IT-Centralen * * Arcada - Nylands Svenska Yrkeshögskola * * Jan-Magnus Janssons plats 1, 00550 Helsingfors, Finland * * Tel: +358(20)7699699 GSM: +358(50)5328390 * * E-mail: [EMAIL PROTECTED] * -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
