yes, but i'm not understanding this error ... there's something wrong with query ?Everah wrote:Notice the SQL error reports up there?
PHP Fatal error
Moderator: General Moderators
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Have you tried mysql_real_escape_string()?
i have rewrited my function to this one, but the $pwd appears with the same restricted charactersEverah wrote:Have you tried mysql_real_escape_string()?
Code: Select all
function verificaLogin($usr, $pwd) {
$query = sprintf("SELECT * FROM clients WHERE username='%s' AND password='%s' AND activo=1 AND revenda=1",
mysql_real_escape_string($usr),
mysql_real_escape_string($pwd));
$res = $this->cDb->abreCursor($query);
return $res;
}- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
My next recommendation is to var_dump() both the $usr variable and the $pwd variable before sending them to the function. In fact, var_dump() them as soon as they are posted, then var_dump() them after each use of them before they get to the function. You might be messing with them without knowing it at this point.
mysql_real_escape_string needs a mysql link to work properly. It uses the last connection by default, so this is probably ok for you right now - with only one active database connection. Nevertheless it should be a method of your database class so that you can pass the link identifier, something like
Please replace the lineso we can see the actual query causing the error.
Code: Select all
function prepare_string($s) {
// + lots of error handling
$ps = mysql_real_escape_string($s, $this->mysqlconn);
return $ps;
}Please replace the line
in abreCursor byecho '<p>' . $this->varerrordesc . ' is the mysql error description<br />';
Code: Select all
echo "<p>Debug: \n",
'query: ', htmlentities($query), "<br />\n",
'error: ', $this->varerrordesc,
"</p>\n";sorry, i've tested it with a expired password that's why i couldnt run the query
, it's everything working fine inside abreCursor(), now the problem is inside verificaLogin() $res inside this function is empty maybe something wrong in this line ....
both, $this->cDb and $res are empty, and i continue to have that sintax error in the query, but i have the correct result of the query inside abreCursor()
Code: Select all
$res = $this->cDb->abreCursor($query);
echo '<pre>'; var_dump($this->cDb); echo '</pre>';
echo '<pre>'; var_dump($res); echo '</pre>';Please (always) post the real output of your debug code. And it's usually better to have some unconditional output so that you know wether the script really reached the echo/var_dumpbouncer wrote:both, $this->cDb and $res are empty
Please post the output of
Code: Select all
echo '<pre>this->cDb: '; var_dump($this->cDb); echo '</pre>';
echo '<pre>res: '; var_dump($res); echo '</pre>';i have detected the problem, array_pop($this->result); after this line the $this->result is empty, how can i solve this problem ?
Code: Select all
function abreCursor ($query) {
// This should be to null as a class var
$this->result = "";
echo '<h2>Testing inside of abreCursor</h2>';
// Call the query and handle errors
if (($this->query = mysql_query($query)) === false) {
$this->varerrorid = 1;
$this->varerrordesc = mysql_error();
echo '<p>' . $this->varerrordesc . ' is the mysql error description<br />';
} else {
$this->varerrorid = 0;
$this->numberrows;
if (($this->numberrows = mysql_num_rows($this->query)) > 0) {
$this->result = array();
while ($row = mysql_fetch_assoc($this->query)) {
$this->result[] = $row;
}
echo '<pre>'; var_dump($this->result); echo '</pre>';
array_pop($this->result); <- problem
echo '<pre>'; var_dump($this->result); echo '</pre>';
}
echo '<pre>'; var_dump($this->result); echo '</pre>';
return $this->result;
}
}- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Try not using array_pop().