Techious
http://www.techious.com/forums/

SQL being retarded? WHERE SQL = 'HARRY'
http://www.techious.com/forums/viewtopic.php?f=38&t=7461
Page 1 of 1

Author:  Harry [ Thu Jun 21, 2012 1:26 am ]
Post subject:  SQL being retarded? WHERE SQL = 'HARRY'

So I've this code right;
Spoiler for Code here!!:
Code:
<?php

    $mysql_host = "mysql10.000webhost.com";
    $mysql_database = "a1693608_points";
    $mysql_user = "a1693608_harry";
    $mysql_password = "lolnope";

    $conn =  mysql_connect($mysql_host, $mysql_user, $mysql_password)or die("Couldn't connect to DB" . mysql_error());
    mysql_select_db($mysql_database, $conn);


    $email = $_GET[email];
    $sql='select * from users where email=\'$email\'';

    $result=mysql_query($sql,$conn) or die(mysql_error());

    if (mysql_num_rows($result) == "1") {
       $user = mysql_fetch_array( $result );
       $password = $user["id"];
         $result = array("code" => "125", "account_id" => $user[id]);

    } else {
       $result = array("code" => "126");
    }

   $JSON_Result = json_encode($result);
    echo $JSON_Result;
?>


Then I go to the page; [email protected]
Why does it tell me this:
Code:
Access denied for user 'a1693608_harry'@'10.1.1.33' to database 'select * from users where email='[email protected]''

I set the database on line 8, to connect to the points database. So why is it taking my query as the database name?

Author:  Harry [ Thu Jun 21, 2012 1:27 am ]
Post subject:  Re: SQL being retarded? WHERE SQL = 'HARRY'

Side note: Yes I know that I can get penetrated like an Internet Explorer browser in XP sp0, without firewall.

Author:  azcn2503 [ Thu Jun 21, 2012 8:48 am ]
Post subject:  Re: SQL being retarded? WHERE SQL = 'HARRY'

Hey Harry :D

Just make sure that user 'a1693608_harry'@'10.1.1.33' has SELECT permission on database "a1693608_points" and it should be fine.

You can probably do this by looking at CP.

Author:  Harry [ Thu Jun 21, 2012 1:10 pm ]
Post subject:  Re: SQL being retarded? WHERE SQL = 'HARRY'

Well this works for some reason?!?

Spoiler for Cowd:
Code:
<?php

    $mysql_host = "mysql10.000webhost.com";
    $mysql_database = "a1693608_points";
    $mysql_user = "a1693608_harry";
    $mysql_password = "olyeah?";

    $conn =  mysql_connect($mysql_host, $mysql_user, $mysql_password)or die("a . " . mysql_error());
    mysql_select_db($mysql_database, $conn);


    $sql="select * from manPoints";
    $result=mysql_query($sql,$conn) or die(mysql_error());

    $myJSonArray = array();
    while($row = mysql_fetch_array($result)) {
       
        //print_r ($row['Title']);
        $emptyArrayItem = array();

        for ($i=0; $i<9; $i++) {
            array_push($emptyArrayItem, $row[$i]);
        }

        array_push($myJSonArray, $emptyArrayItem);

    }

    $encoded_array = json_encode($myJSonArray);
    echo $encoded_array;
?>

Author:  Harry [ Thu Jun 21, 2012 4:07 pm ]
Post subject:  Re: SQL being retarded? WHERE SQL = 'HARRY'

Figured it out. The query needed the variable to be outside of the string for some reason, usually having 'our string value is $result' works :/

'select * from users where email=\'' . $email . '\'';

Author:  Si [ Thu Jun 21, 2012 6:56 pm ]
Post subject:  Re: SQL being retarded? WHERE SQL = 'HARRY'

In PHP, using double quotes allows variable substitiution, whereas single quotes don't.

e.g.
<?php $a='ohhai'; echo "$a"; echo '$a'; ?>
will print
ohhai$a

Author:  Harry [ Thu Jun 21, 2012 6:59 pm ]
Post subject:  Re: SQL being retarded? WHERE SQL = 'HARRY'

Is this a feature or a bug? Or a bug that turned into a feature.

I was trying previously using double quotes with a whole variable, and it wasn't working, but it might have been another error that I had fixed along the way..

Author:  Si [ Thu Jun 21, 2012 7:01 pm ]
Post subject:  Re: SQL being retarded? WHERE SQL = 'HARRY'

It's a feature, its for those who don't want argument substitution but want to write dollahs

Page 1 of 1 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/