Page 4 of 5

Posted: Tue Apr 10, 2007 10:33 am
by bouncer
Everah wrote:Notice the SQL error reports up there?
yes, but i'm not understanding this error ... there's something wrong with query ?

Posted: Tue Apr 10, 2007 11:15 am
by RobertGonzalez
Yes, you have a syntax error. The third echo in that report shows the query that the database is seeing. Notice anything peculiar about it?

Posted: Tue Apr 10, 2007 12:07 pm
by bouncer
the problem is the $pwd var, because it contains restricted characters .... how can i solve that using a escape_string function ?

Posted: Tue Apr 10, 2007 12:38 pm
by RobertGonzalez

Posted: Tue Apr 10, 2007 12:55 pm
by bouncer
Everah wrote:Have you tried mysql_real_escape_string()?
i have rewrited my function to this one, but the $pwd appears with the same restricted characters :? , maybe i'm doing something wrong ... (i'm following the example on php.net page)

Code: Select all

function verificaLogin($usr, $pwd) {
     $query = sprintf("SELECT * FROM clients WHERE username='%s' AND password='%s' AND activo=1 AND revenda=1",
                        mysql_real_escape_string($usr),
                        mysql_real_escape_string($pwd));
     $res = $this->cDb->abreCursor($query);
     return $res;
}

Posted: Tue Apr 10, 2007 1:15 pm
by RobertGonzalez
I wonder if your character encoding is causing this. Do you happen to know what charset you are using?

Posted: Wed Apr 11, 2007 8:33 am
by bouncer
i'm not understanding ... sorry :(

Posted: Wed Apr 11, 2007 9:30 am
by bouncer
do you want to see my encrypt function ?

Posted: Wed Apr 11, 2007 10:09 am
by bouncer
Everah wrote:I wonder if your character encoding is causing this. Do you happen to know what charset you are using?
The current character set is: latin1

Posted: Wed Apr 11, 2007 10:34 am
by RobertGonzalez
My next recommendation is to var_dump() both the $usr variable and the $pwd variable before sending them to the function. In fact, var_dump() them as soon as they are posted, then var_dump() them after each use of them before they get to the function. You might be messing with them without knowing it at this point.

Posted: Wed Apr 11, 2007 10:36 am
by volka
mysql_real_escape_string needs a mysql link to work properly. It uses the last connection by default, so this is probably ok for you right now - with only one active database connection. Nevertheless it should be a method of your database class so that you can pass the link identifier, something like

Code: Select all

function prepare_string($s) {
  // + lots of error handling
  $ps = mysql_real_escape_string($s, $this->mysqlconn);
  return $ps;
}


Please replace the line
echo '<p>' . $this->varerrordesc . ' is the mysql error description<br />';
in abreCursor by

Code: Select all

echo "<p>Debug: \n",
  'query: ', htmlentities($query), "<br />\n",
  'error: ', $this->varerrordesc, 
  "</p>\n";
so we can see the actual query causing the error.

Posted: Wed Apr 11, 2007 10:54 am
by bouncer
sorry, i've tested it with a expired password that's why i couldnt run the query :lol: , it's everything working fine inside abreCursor(), now the problem is inside verificaLogin() $res inside this function is empty maybe something wrong in this line ....

Code: Select all

$res = $this->cDb->abreCursor($query); 

echo '<pre>'; var_dump($this->cDb); echo '</pre>'; 
echo '<pre>'; var_dump($res); echo '</pre>';
both, $this->cDb and $res are empty, and i continue to have that sintax error in the query, but i have the correct result of the query inside abreCursor()

Posted: Wed Apr 11, 2007 11:03 am
by volka
bouncer wrote:both, $this->cDb and $res are empty
Please (always) post the real output of your debug code. And it's usually better to have some unconditional output so that you know wether the script really reached the echo/var_dump
Please post the output of

Code: Select all

echo '<pre>this->cDb: '; var_dump($this->cDb); echo '</pre>';
echo '<pre>res: '; var_dump($res); echo '</pre>';

Posted: Wed Apr 11, 2007 11:52 am
by bouncer
i have detected the problem, array_pop($this->result); after this line the $this->result is empty, how can i solve this problem ?

Code: Select all

function abreCursor ($query) { 
     // This should be to null as a class var 
     $this->result = ""; 
     echo '<h2>Testing inside of abreCursor</h2>'; 
     // Call the query and handle errors 
     if (($this->query = mysql_query($query)) === false) { 
         $this->varerrorid = 1; 
         $this->varerrordesc = mysql_error(); 
         echo '<p>' . $this->varerrordesc . ' is the mysql error description<br />'; 
     } else { 
              $this->varerrorid = 0; 
              $this->numberrows; 
              if (($this->numberrows = mysql_num_rows($this->query)) > 0) { 
                   $this->result = array(); 
                   while ($row = mysql_fetch_assoc($this->query)) { 
                        $this->result[] = $row; 
              	   } 
	   echo '<pre>'; var_dump($this->result); echo '</pre>'; 
	   
                   array_pop($this->result);                                                <- problem
       	   echo '<pre>'; var_dump($this->result); echo '</pre>'; 

              } 
              echo '<pre>'; var_dump($this->result); echo '</pre>'; 
              return $this->result; 
     } 
}

Posted: Wed Apr 11, 2007 11:58 am
by RobertGonzalez
Try not using array_pop().