Things I've been wondering about - Page 2

SOCK · 12-06-2007, 01:47 AM

I agree with Wildhoney, sounds like your MySQLi module is not enabled or compiled in.

As to your script, I'm looking at this section:

PHP Code:


			
// Variables
$user = $_POST['user'];
$pass = $_POST['pass'];
$dir = $_POST['dir'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$email = $_POST['email'];

// -----

if (!get_magic_quotes_gpc())

{
    $user = stripslashes($user);
    $pass = stripslashes($pass);
    $dir = stripslashes($dir);
    $address = stripslashes($address);
    $phone = stripslashes($phone);
    $email = stripslashes($email);
}

The first portion is unnecessary; reassigning values is a waste of time and resources. The difference is likely unnoticeable but in the long run good practices should be observed. What if you have 100 separate variables to sort out? You don't want 100 lines of code simply reassigning values to new vars. Anything you need to do with that data can be done by accessing the $_POST index, which makes it extremely handy because any array function can also be applied to $_POST, giving you the ability to create shortcuts.

The second portion of code where you're checking for magic_quotes is still incorrect. You're checking to see if magic_quotes doesn't exist, and then you use stripslashes on the data. If magic_quotes is 'off', stripslashes isn't necessary. In other words, it's the other way around.

YBH · 12-06-2007, 01:47 AM

Alright MySQLi issue was fixed. Now I get a new error

PHP Code:


			
Fatal error: Call to a member function bind_param() on a non-object in /home/ybh305/domains/domain.com/public_html/php/clients/admin/new.php on line 45

I tried to look up the "non-object" in php.net but found zero results.

@ Sock

I just did a quick

PHP Code:


			
<?php phpinfo() ?>

It shows that magic_quotes is 'On'. So magic_quotes do exist, and I need to take care of it, no? I'm a little clouded as to the portion of the array "_map", its confusing me really. For the example you gave me

PHP Code:


			
// check for magic quotes
if ( get_magic_quotes_gpc() ) {
    // if so, escape slashes already present
    $_POST= array_map('stripslashes', $_POST);
}

Also, if I'm checking from the begining for magic_quotes that means I really dont need that whole chunk of code because its checking for it and if its true it automatically adds stripslashes?

PHP Code:


			
if (!get_magic_quotes_gpc())

{
    $user = stripslashes($user);
    $pass = stripslashes($pass);
    $dir = stripslashes($dir);
    $address = stripslashes($address);
    $phone = stripslashes($phone);
    $email = stripslashes($email);
}

Correct? That would save a lot of time and resources?

Wildhoney · 12-06-2007, 02:11 AM

The array_map segment simply throws each item within the $_POST array through the stripslashes function and returns them back to their respective places within the array.

As for your other issue, I'm not too sure to be honest as I've never used MySQLi before.

YBH · 12-06-2007, 02:48 AM

Hmm well it seems If I remove the original code

PHP Code:


			
// Variables
$user = $_POST['user'];
$pass = $_POST['pass'];
$dir = $_POST['dir'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$email = $_POST['email'];

And replace it with the array_map method; when it checks If I have entered everything, it gives me my error

PHP Code:


			
echo 'You have not entered all the required fields.';

SOCK · 12-06-2007, 02:51 AM

Ok, let's take a look at your code, I'm assuming line 45 is the line with the call to bind_param().

PHP Code:


			
// Preparing to add customer

$stmt = $db->prepare("INSERT INTO clients(user,pass,dir,address,phone,email) VALUES(?,?,?,?,?,?)");



// Let mysqli handle all escaping

$stmt->bind_param("sss", $user, $pass, $dir, $address, $phone, $email);



// Execute the statement

$stmt->execute();

The error states "call to a member function on a non-object". This is telling you that $stmt (which the script expects to be an object that you're using the method bind_param() on) is not an object. In other words, the call to prepare() failed for some reason. Note that prepare() returns a statement object or FALSE. You can troubleshoot with something like this:

PHP Code:


			
if ( ( $stmt= $db->prepare('SQL STATEMENT') ) !== FALSE ) {

    // assumes a good SQL statement

    // carry on with the bind_param() statement



} else {

    // returned FALSE for some reason, troubleshoot

    echo $db->error();

}

Check your SQL statement carefully. Are there typos? Anything else incorrect?

It's also odd that you only have three strings identified in the call to bind_param()... shouldn't that be 'ssssss'?

SOCK · 12-06-2007, 02:58 AM

Quote:

Originally Posted by YBH

Hmm well it seems If I remove the original code

...

And replace it with the array_map method; when it checks If I have entered everything, it gives me my error

PHP Code:


			
echo 'You have not entered all the required fields.';

Well, sure it does. You are depending on those variables in your if() statement. You either need to keep the reassignments in or alter your if() statement that checks for empty data.

I'm sorry if I confused you with the array_map() code and recommending not performing the reassignments. I'm only trying to show a more efficient method to do the same task.

YBH · 12-06-2007, 03:22 AM

No, confusion is part of learning and I appreciate your help.

I've rechecked my code and everything is right. No typos or anything.

SOCK · 12-06-2007, 04:19 AM

Backtracking a bit. I didn't notice this before, but it seems fairly obvious.

PHP Code:


			
// Connect to db

$db = new mysqli ('localhost', 'user', 'pass', 'dir', 'address', 'phone', 'email');



// Cant connect to db

if (mysqli_connect_errno())



{

    echo 'Error: Could not connect to database.';



    exit;

}

What's with your connect statement?

Now an interesting question comes up. Why, if the connect statement looks so strange it doesn't exit the script when it hits the conditional block with the call to mysqli_connect_errno()? Well, one possible reason might be that it throws anything but a '1' or TRUE and so the conditional is skipped over. A better way to perform that would be something like this:

PHP Code:


			
// check to see if it throws ANYTHING but zero

if ( mysqli_connect_errno() !=0 ) {

    // an error occurred, exit

}

See the difference? Your conditional actually tests for TRUE. The function doesn't return TRUE. It returns 0 (if it's a good connection) or an error code.

d4v1d · 12-06-2007, 08:52 AM

Instead of posting a new thread, I thought I might as well post here, considering one of the main issues was magic quotes...

Is there a way of temporarily turning magic quotes and register globals off using ini_set?

I've read that you can use the following:

PHP Code:


			
ini_set('register_globals', '0');

ini_set('magic_quotes_gpc', '0');

ini_set('magic_quotes_runtime', '0');

But, I've also read elsewhere that the above method won't work, and it has to be set in the .htaccess file.

Karl · 12-06-2007, 02:12 PM

Quote:

Originally Posted by d4v1d

I've also read elsewhere that the above method won't work, and it has to be set in the .htaccess file.

Unfortunately that is quite true, you can set "magic_quotes_runtime" using ini_set, but the other two must be set in the php.ini or a .htaccess file. For a list of values and where you can set them, see here.

Wildhoney · 12-06-2007, 02:37 PM

Unfortunately though the ini_set will not work if the server is in safe mode, I believe. Although I've just consulted the php.net website and it mentions nothing of the sorts. I can't imagine that a setting disabled in the php.ini file, with the server in safe mode, will allow the re-enabling of it at runtime.

YBH · 12-06-2007, 05:21 PM

Quote:

Originally Posted by SOCK

Backtracking a bit. I didn't notice this before, but it seems fairly obvious.

PHP Code:


			
// Connect to db

$db = new mysqli ('localhost', 'user', 'pass', 'dir', 'address', 'phone', 'email');



// Cant connect to db

if (mysqli_connect_errno())



{

    echo 'Error: Could not connect to database.';



    exit;

}

What's with your connect statement?

Now an interesting question comes up. Why, if the connect statement looks so strange it doesn't exit the script when it hits the conditional block with the call to mysqli_connect_errno()? Well, one possible reason might be that it throws anything but a '1' or TRUE and so the conditional is skipped over. A better way to perform that would be something like this:

PHP Code:


			
// check to see if it throws ANYTHING but zero

if ( mysqli_connect_errno() !=0 ) {

    // an error occurred, exit

}

See the difference? Your conditional actually tests for TRUE. The function doesn't return TRUE. It returns 0 (if it's a good connection) or an error code.

I see what you're saying. I've gone ahead and made the change, but I still get the same error. I was reading that this might actually be a bug? I don't know how reliable the web site was though(Can't remember the url any more).

Someone mentioned that the max of values was 6 so I took one out just to test it out and it still gave me the same error. I also went ahead and gave the INSERT INTO table a different name and strangely enough I got the same error

PHP Code:


			
// Preparing to add customer

$stmt = $db->prepare("INSERT INTO ybh305_clients(user,pass,dir,address,phone,email) VALUES(?,?,?,?,?,?)");

In phpMyAdmin, the table is called ybh305_clients, at least thats what it shows from the drop down menu. I have tried, clients and ybh305_clients and it still gives me the same error.

SOCK · 12-06-2007, 09:05 PM

If the table is named `ybh305_clients`, then that's what you need to refer to.

The best thing I can recommend is to detach yourself from this script. Create a new script that does nothing but connect to and run a simple SQL statement using the MySQLi extension object. Put conditionals at every point, use is_object() and other tools to determine if it's working.

I know alot of people rely on phpMyAdmin, and I use it occasionally. I would recommend, however, to take the MySQL Tutorial and really get to know how MySQL works, how to fashion proper SQL statements, etc. phpMyAdmin is really a crutch in the long run and can lead to some odd results when trying to interact with your PHP scripts.

YBH · 12-07-2007, 04:06 AM

Alright I'll get started on your suggestion. Should I be using MySQLi? Or should I just do the normal MySQL ?

Thats an awesome link to MySQL, I actually have a cheat sheet and once I have enough I print it out and store it in my 3 ring binder. Would you recommend me using MySQL Query UI ? I saw someone using it, and it looked very good except when I tried to connect to my host, it wouldn't.

SOCK · 12-07-2007, 04:24 AM

You have to start somewhere, you may as well start with the MySQLi extension. Speaking of which, what version of MySQL are you working with?

I use the mysql command line and sometimes phpMyAdmin, I can't recommend anything else.

YBH · 12-07-2007, 05:05 AM

MySQL 5.0.41

Actually Sock, I think I found the problem. You might actually be laughing soon....

PHP Code:


			
$db = new mysqli ('localhost', 'user', 'pass', 'dir', 'address', 'phone', 'email');

I think thats the problem. Shouldn't that be 'localhost', 'ybh305_clients', 'my_password', 'clients'

localhost->db name->db password->which table ?

I've redone the code to mysql instead, it seems easier to my eyes to read it and understand it better.

PHP Code:


			
<?php
// Variables
$user = $_POST['user'];
$pass = $_POST['pass'];
$dir = $_POST['dir'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$email = $_POST['email'];

// Connect to db
$db = mysql_connect(localhost, ybh305_clients, mypassword) or die(mysql_error());
      mysql_select_db(ybh305_clients, $db);

//Insert info
$sql = "INSERT INTO clients(user, pass, dir, address, phone, email)";
$sql .= "values('$user, $pass, $dir, $address, $phone, $email')";

//Run it
$rq = mysql_query($sql, $db) or die(mysql_error());

//Show O.K. message
if ($rq){
    echo 'Client has been added to your data base';
}

?>

I'm getting a MySQL error when I run it

PHP Code:


			
Column count doesn't match value count at row 1

I'm not sure what that means. My rows are as follows in my table:

user
pass
dir
address
phone
email

SOCK · 12-07-2007, 03:30 PM

Quote:

Originally Posted by YBH

MySQL 5.0.41

Actually Sock, I think I found the problem. You might actually be laughing soon....

PHP Code:


			
$db = new mysqli ('localhost', 'user', 'pass', 'dir', 'address', 'phone', 'email');

I think thats the problem. Shouldn't that be 'localhost', 'ybh305_clients', 'my_password', 'clients'

localhost->db name->db password->which table ?

Err, I posted that two days ago. Scroll up.

Quote:

PHP Code:


			
//Insert info

$sql = "INSERT INTO clients(user, pass, dir, address, phone, email)";

$sql .= "values('$user, $pass, $dir, $address, $phone, $email')";

I'm getting a MySQL error when I run it

PHP Code:


			
Column count doesn't match value count at row 1

I'm not sure what that means. My rows are as follows in my table:

user
pass
dir
address
phone
email

Look at your SQL statement:

PHP Code:


			
$sql .= "values('$user, $pass, $dir, $address, $phone, $email')";

See anything wrong with that?

YBH · 12-07-2007, 03:59 PM

I shouldn't have that period there? I removed it and I get the following:

PHP Code:


			
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'values('jl4100, ginger, http://www.domain.com/clients/, 8231 nw 8st, 3054' at line 1

The values are the ones I entered, and they are in the correct format, user, pw, dir, address, phone, email.

bdm · 12-07-2007, 04:03 PM

I believe what SOCK was aiming at is how you actually pass your values. Each string, MySQL values in your case, is supposed to be passed between single quotes.

Take another look at how you pass your values.

YBH · 12-07-2007, 04:10 PM

Oh ok I guess I missed that point.

That did it though, seems to have worked(I got the echo for OK). I'm gonna log into my data base to see if its actually there.

Edit:

OMG! It works now! I'm so excited! :D

Thanks for the help!