Home | Community | Message Board

MagicBag Grow Bags
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   North Spore Injection Grain Bag   Left Coast Kratom Kratom Powder For Sale   Kraken Kratom Red Vein Kratom

Jump to first unread post Pages: 1
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
PHP Ghetto...
    #27045304 - 11/18/20 10:40 AM (3 years, 2 months ago)

Ythan and anyonbe else, please help. I am trying to re code my SQL PHP code into a "prepared statement".

This is my original code

Quote:


DEFINE ('DB_USER', 'root');
DEFINE ('DB_PASSWORD', '');
DEFINE ('DB_HOST', 'localhost');
DEFINE ('DB_NAME', 'bbs');


$dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) OR die ('Couldnt connect' . mysqli_connect_error() );
mysqli_set_charset($dbc, 'utf8');

$sql= (" SELECT * FROM ftg ORDER BY post_id ASC LIMIT 500 ");
$result = mysqli_query($dbc, $sql);

while ($resultarr = mysqli_fetch_assoc($result)){
     
  $r1 = $resultarr["message"];
  echo $r1;
}





And this is my attempt at making a prepared statment:

Quote:

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "bbs";

$conn = new mysqli($servername, $username, $password, $dbname);

$sql = " SELECT * FROM ftg WHERE post_id=?";
$stmt = $conn->prepare($sql);

$stmt->bind_param("i", $post_id);
$stmt->execute();

$result = $stmt->get_result();

while ($row = $result->fetch_assoc())
{

echo "<textarea name=\"message\" cols=\"70\" rows=\"12\" maxlength=\"7500\" wrap=\"soft\" class=\"message\" style=\"background-color: '#A7A7A7' \">";
 
  echo $row['message'];
 
  echo "</textarea>";
 
}




Does not work.

My table name is "ftg" with 3 columns: post_id, messsage and date.

Now i had no problems at creating prepared statments with INSERT queieries:

Quote:

$stmt = $conn->prepare("INSERT INTO ftg (message) VALUES (?)");
$stmt->bind_param("s", $message);

$message = $_REQUEST['message'];
$stmt->execute();




That works , but SELECT and echo is more difficult :stoned:


--------------------





Edited by Gypsy Boy (11/18/20 11:02 AM)


Extras: Filter Print Post Top
OfflineYthanA
ᕕ( ᐛ )ᕗ
Male User Gallery

Registered: 08/08/97
Posts: 18,774
Loc: NY/MA/VT Borderlands Flag
Last seen: 38 minutes, 56 seconds
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045461 - 11/18/20 12:20 PM (3 years, 2 months ago)

That code looks to me like it should work. Is there anything in your error logs?


Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Ythan]
    #27045504 - 11/18/20 12:51 PM (3 years, 2 months ago)

Empty screen bro
Perhaps we need to rephrase

$sql = "SELECT * FROM ftg WHERE post_id=?";
into
$sql = "SELECT * FROM ftg";
or just this
$sql = "SELECT message FROM ftg";

Theres only 3 collumns: post_id, message, time.

The code supposed tt show one box with message after another like i explained in the first post , but for some reaosn it proves rather difficult :sad:


--------------------





Edited by Gypsy Boy (11/18/20 12:58 PM)


Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045507 - 11/18/20 12:54 PM (3 years, 2 months ago)

Quote:

$sql = "SELECT * FROM ftg";
$stmt = $conn->prepare($sql);
$stmt->bind_param("", '');
$stmt->execute();




This bih what im not sure off


Do yoou even need parameters (?) in a SLECT MySQL queiry?


--------------------





Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045508 - 11/18/20 12:58 PM (3 years, 2 months ago)

Quote:

$sql = "SELECT message FROM ftg";
$stmt = $conn->prepare($sql);
$stmt->bind_param("", '');
$stmt->execute();




See there are no ? parameters, so how do i fill
$stmt->bind_param("", '');
line?

Like i asked do i evn need to prep statments for a SELECT quiery? Is it ijsetion prone


--------------------





Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Ythan]
    #27045513 - 11/18/20 01:01 PM (3 years, 2 months ago)

Quote:

Ythan said:
Is there anything in your error logs?





Fatal error: Uncaught Error: Cannot pass parameter 2 by reference in C:\wamp64\www\FF\list.php on line 31

Line 31

$stmt->bind_param("", '');


But there other errors


--------------------





Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045522 - 11/18/20 01:07 PM (3 years, 2 months ago)

It fucking SUCKS studying from home without a tutor/mentor/teacher


--------------------





Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045527 - 11/18/20 01:12 PM (3 years, 2 months ago)

Wait a second. I am wokring on a page that LIST database message entries, how would i be vulnerable to injection attack if theres no form to submit???


--------------------





Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045530 - 11/18/20 01:17 PM (3 years, 2 months ago)

Here:

Quote:

$sql = "SELECT message FROM ftg WHERE post_id=?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $post_id);
$stmt->execute();
$result = $stmt->get_result();
$message = $result->fetch_assoc();

echo "$message";




Perfectly legit code, yet screem is blank, no print out or anything


--------------------





Extras: Filter Print Post Top
OfflineYthanA
ᕕ( ᐛ )ᕗ
Male User Gallery

Registered: 08/08/97
Posts: 18,774
Loc: NY/MA/VT Borderlands Flag
Last seen: 38 minutes, 56 seconds
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045540 - 11/18/20 01:27 PM (3 years, 2 months ago)

The new code should work, I think you probably aren't setting a value for $post_id before you try to bind it as a parameter. Do you have PHP configured to echo errors on screen? What if you add this at the top of your script:

Code:
ini_set('display_errors', 1);



But If your intention is to retrieve all records and not just a single record matching $post_id, then your original code was fine. You don't need to use a prepared statement because you don't have any parameters. If you want to use that syntax to be consistent, you'd just remove the WHERE clause in the query, and the line where you bind the param.

[...]
Code:
$sql = "SELECT * FROM ftg";
$stmt = $conn->prepare($sql);
$stmt->execute();

[...]


Extras: Filter Print Post Top
OfflineYthanA
ᕕ( ᐛ )ᕗ
Male User Gallery

Registered: 08/08/97
Posts: 18,774
Loc: NY/MA/VT Borderlands Flag
Last seen: 38 minutes, 56 seconds
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045559 - 11/18/20 01:40 PM (3 years, 2 months ago)

Quote:

Gypsy Boy said:
Wait a second. I am wokring on a page that LIST database message entries, how would i be vulnerable to injection attack if theres no form to submit???



You responded while I had my reply window open but it looks like you were already on your way to figuring it out. :thumbup:


Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045788 - 11/18/20 03:44 PM (3 years, 2 months ago)

...Well i been told it is not neccesary to use prep statemnet when there is no user input

:doublefacepalm:


posted this as u were submitting your reply!


--------------------





Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045793 - 11/18/20 03:45 PM (3 years, 2 months ago)

Quote:

If your intention is to retrieve all records and not just a single record matching $post_id, then your original code was fine. You don't need to use a prepared statement because you don't have any parameters




:datass:

Gonna feed my cat now, shes been starving while i was coding :stoned:


--------------------





Extras: Filter Print Post Top
OfflineGypsy Boy
Redeemer
Male


Registered: 03/17/17
Posts: 4,501
Loc: Deep in the discoteka
Last seen: 2 months, 24 days
Re: PHP Ghetto... [Re: Gypsy Boy]
    #27045799 - 11/18/20 03:50 PM (3 years, 2 months ago)

Ohh and thanx Ythan dude, much appreciate your help!


--------------------





Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   North Spore Injection Grain Bag   Left Coast Kratom Kratom Powder For Sale   Kraken Kratom Red Vein Kratom


Similar ThreadsPosterViewsRepliesLast post
* webmasters HELP ( php ) ChromeCrow 713 3 09/08/03 07:47 AM
by Seuss
* php easter egg Mycomancer 5,143 7 05/02/06 03:15 AM
by Le_Canard
* PHP Problem st0nedphucker 1,305 7 03/07/07 03:38 AM
by Seuss
* PHP vs. Cold Fusion Evolving 1,126 7 03/15/03 06:08 AM
by Lana
* Want to learn PHP: Book recommendations? Gr8fulJ420 961 6 03/09/06 09:39 AM
by Shdwstr
* PHP, MySQL Programmer (job offer in craigslist chicago!) ZippoZM 578 0 07/11/06 02:20 PM
by ZippoZ
* PHP NUKE RIPPING Genius 603 3 11/06/04 05:11 PM
by Ythan
* PHP coders wanted ThePredator 898 10 09/28/05 04:46 PM
by automan

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
513 topic views. 0 members, 0 guests and 3 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.024 seconds spending 0.007 seconds on 14 queries.