2007. 03. 20, kedd keltezéssel 15.09-kor Pavel Kaznarskiy ezt írta:
> Hello !
> I have problem with access in mysql
>
> it is my code:
> <html>
> <head><title>SQL Query Sender</title></head>
> <body>
> <?php
> $host="";
> $user="";
> $password="";
> /* Section that executes query */
> if(@$_GET['form'] == "yes")
what do you want with that '@' here?
that operator can be used to suppress error messages when calling
functions but not when using a variable
> {
> mysql_connect($host,$user,$password);
> mysql_select_db($_POST['database']);
> $query = stripSlashes($_POST['query']);
you should take care of sql injection, check those $_POST values first!
> $result = mysql_query($query);
> echo "Database Selected: <b>{$_POST['database']}</b><br>
> Query: <b>$query</b><h3>Results</h3><hr>";
> if($result == 0)
if you want to check for errors, you should use
if ($result === FALSE)
> echo "<b>Error ".mysql_errno().": ".mysql_error().
> "</b>";
> elseif (@mysql_num_rows($result) == 0)
> echo("<b>Query completed. No results returned.
> </b><br>");
> else
> {
> echo "<table border='1'>
> <thead>
> <tr>";
> for($i = 0;$i < mysql_num_fields($result);$i++)
> {
> echo "<th>".mysql_field_name($result,$i).
> "</th>";
> }
> echo " </tr>
> </thead>
> <tbody>";
> for ($i = 0; $i < mysql_num_rows($result); $i++)
> {
> echo "<tr>";
> $row = mysql_fetch_row($result);
> for($j = 0;$j<mysql_num_fields($result);$j++)
> {
> echo("<td>" . $row[$j] . "</td>");
> }
> echo "</tr>";
> }
> echo "</tbody>
> </table>";
> } //end else
> echo "
> <hr><br>
> <form action=\"{$_SERVER['PHP_SELF']}\" method=\"POST\">
putting $_SERVER['PHP_SELF'] here might also be a security risk
read this:
http://blog.phpdoc.info/archives/13-XSS-Woes.html
> <input type='hidden' name='query' value='$query'>
> <input type='hidden' name='database'
> value={$_POST['database']}>
> <input type='submit' name=\"queryButton\"
> value=\"New Query\">
> <input type='submit' name=\"queryButton\"
> value=\"Edit Query\">
> </form>";
> unset($form);
> exit();
> } // endif form=yes
> /* Section that requests user input of query */
> @$query=stripSlashes($_POST['query']);
> if (@$_POST['queryButton'] != "Edit Query")
> {
> $query = " ";
> }
> ?>
> <form action="<?php echo $_SERVER['PHP_SELF'] ?>?form=yes"
> method="POST">
> <table>
> <tr>
> <td align=right><b>Type in database name</b></td>
> <td><input type="text" name="database"
> value=<?php echo @$_POST['database'] ?> ></td>
> </tr>
> <tr>
> <td align="right" valign="top">
> <b>Type in SQL query</b></td>
> <td><textarea name="query" cols="60"
> rows="10"><?php echo $query ?></textarea>
> </td>
> </tr>
> <tr>
> <td colspan="2" align="center"><input type="submit"
> value="Submit Query"></td>
> </tr>
> </table>
> </form>
> </body></html>
>
> when i'm trying to execute it. such message appears:
> "Warning: mysql_connect(): Access denied for user 'ODBC'@'localhost' (using password: NO) in z:\home\localhost\www\2.php on line 11
>
> Warning: mysql_select_db(): Access denied for user 'ODBC'@'localhost' (using password: NO) in z:\home\localhost\www\2.php on line 12
>
> Warning: mysql_select_db(): A link to the server could not be established in z:\home\localhost\www\2.php on line 12
>
> Warning: mysql_query(): Access denied for user 'ODBC'@'localhost' (using password: NO) in z:\home\localhost\www\2.php on line 14
>
> Warning: mysql_query(): A link to the server could not be established in z:\home\localhost\www\2.php on line 14
> Database Selected: i"
>
> what does it' mean?
these errors mean that your mysql user 'ODBC' has no password, while you
are providing a password when connecting.
it is not recommended to have a user without password, so you should
first give him a password with the mysql command "SET PASSWORD" or
something
greets
Zoltán Németh
>
> --
> Best regards,
> Pavel mailto:Kerwant@xxxxxxxxx
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
