Page 2 of 5
Re: Upload a file
Posted: Mon Nov 10, 2008 7:56 am
by mmj
Code: Select all
mysql_connect("host", "username", "pass") or die(mysql_error());
mysql_select_db("aoe3clan_division1") or die(mysql_error());
$result = mysql_query("SELECT COUNT(*) AS count FROM games WHERE gameid='$gameid'") or die(mysql_error());
<snip>
mysql_close($result);
That is probably your problem.
Re: Upload a file
Posted: Mon Nov 10, 2008 8:27 am
by VladSun
infolock wrote:Only users who can access your directory with FTP or SSH can harm your server, and if they can do that you're screwed anyways.
What about
chroot?
infolock wrote:As it was so perfectly explained to me back in the day, setting 777 and worrying about it is like keeping the doors __INSIDE__ your house unlocked.
That's not true if you have "co-tenant"

Re: Upload a file
Posted: Mon Nov 10, 2008 5:25 pm
by Aravinthan
mmj, what do you mean by <snip>?
Re: Upload a file
Posted: Mon Nov 10, 2008 5:26 pm
by Syntac
<snip> means he excluded the code that wasn't relevant to his point.
Re: Upload a file
Posted: Mon Nov 10, 2008 6:14 pm
by Aravinthan
Oh ok,
And the error is that I say mysql_close?
If its that, I have to close my current connection, so that I can open up another connection to another db no?
Re: Upload a file
Posted: Mon Nov 10, 2008 6:17 pm
by Syntac
Your code is a bit screwy. mysql_connect() actually returns a database resource. This resource is the variable that must be passed to mysql_close(), not the result of mysql_query().
Re: Upload a file
Posted: Mon Nov 10, 2008 6:23 pm
by Aravinthan
WEll can someone of you help me re-write it? please?
Re: Upload a file
Posted: Mon Nov 10, 2008 6:48 pm
by Syntac
Hey, it's your code. It greatly helps your skills if you fix it yourself.
Re: Upload a file
Posted: Tue Nov 11, 2008 5:04 am
by mmj
Syntac wrote:Hey, it's your code. It greatly helps your skills if you fix it yourself.
@OP:
Look at the mysql_close function on the manual and see what the first argument is supposed to be.
Re: Upload a file
Posted: Tue Nov 11, 2008 1:06 pm
by infolock
VladSun wrote:infolock wrote:Only users who can access your directory with FTP or SSH can harm your server, and if they can do that you're screwed anyways.
What about
chroot?
infolock wrote:As it was so perfectly explained to me back in the day, setting 777 and worrying about it is like keeping the doors __INSIDE__ your house unlocked.
That's not true if you have "co-tenant"

if the admin never setup a "chroot jail" to capture this, then again it's the server admin's fault, not 777's

Your server is only as secure as you make it, and if you make dumb mistakes by giving people crowbars instead of toothpicks, well you're asking for trouble anyways.
As for co-tenant, that's why you keep cameras setup inside your house that you can monitor while at work

Re: Upload a file
Posted: Tue Nov 11, 2008 1:10 pm
by infolock
Syntac wrote:Your code is a bit screwy. mysql_connect() actually returns a database resource. This resource is the variable that must be passed to mysql_close(), not the result of mysql_query().
actually, it's only true if he is opening multiple connections to the server, as mysql_close by itself will close the last opened connection (in this case, since there is only one, it is the one connection he has opened). This means that if there is only one connection, it is
not required for a resource identifier to be passed in this case.
The thing that mmj was pointing out is mysql_close($result);
You don't need $result inside of mysql_close as it is not a valid identifier. take it out and leave it blank so that you just have mysql_close();
To go further though, you don' t even need mysql_close unless you are using persistent connections as php closes the connection for you. If you are using persistent connections, then yes you will need to close the connection manually.
Re: Upload a file
Posted: Tue Nov 11, 2008 1:20 pm
by Syntac
infolock wrote:The thing that mmj was pointing out is mysql_close($result);
You don't need $result inside of mysql_close as it is not a valid identifier. take it out and leave it blank so that you just have mysql_close();
That's the point I was trying to make.
Re: Upload a file
Posted: Tue Nov 11, 2008 2:16 pm
by VladSun
infolock wrote:VladSun wrote:infolock wrote:Only users who can access your directory with FTP or SSH can harm your server, and if they can do that you're screwed anyways.
What about
chroot?
infolock wrote:As it was so perfectly explained to me back in the day, setting 777 and worrying about it is like keeping the doors __INSIDE__ your house unlocked.
That's not true if you have "co-tenant"

if the admin never setup a "chroot jail" to capture this, then again it's the server admin's fault, not 777's

Your server is only as secure as you make it, and if you make dumb mistakes by giving people crowbars instead of toothpicks, well you're asking for trouble anyways.
As for co-tenant, that's why you keep cameras setup inside your house that you can monitor while at work

I did answer your post - you answer in this post is very, very different, although there are still a few things I can't agree with. But it's not the place to discuss'em - it's too off topic.
Re: Upload a file
Posted: Tue Nov 11, 2008 2:52 pm
by infolock
? I sent you a PM so we can discuss this further if something I said has been stated incorrectly.
Re: Upload a file
Posted: Tue Nov 11, 2008 6:30 pm
by Aravinthan
OK now its now working at all, I took away the upload code but it doesnt work:
Code: Select all
<?php
ini_set("display_errors", 1);
$gameid = $_POST['gameid'];
$player1 = $_POST['player1'];
$player2 = $_POST['player2'];
$winner = $_POST['winner'];
$link = mysql_connect ("localhost", "aoe3clan_ara", "gohabsgo") or die(mysql_error());
mysql_select_db("aoe3clan_division1") or die(mysql_error());
$result = mysql_query("SELECT COUNT(*) AS count FROM games WHERE gameid='$gameid'") or die(mysql_error());
$row=mysql_fetch_assoc($result);
if ($row['count']>0){
echo "There is already a game with this id. <a href='www.aoe3clan.com'>Home</a>";
}else {
mysql_query("INSERT INTO games (gameid, player1, player2, winner, map) VALUES ('$gameid', '$player1', '$player2', '$winner', '$map')") or die(mysql_error());
print "Game $gameid has been successfully inserted into the database. Details:</br>GameId: $gameid</br> Player1: $player1</br> Player2: $player2</br> Winner:$winner</br> Map:$map</br>";
mysql_close();
if ($winner == $player1) {
$result = mysql_query("SELECT * FROM player_stats WHERE name='$player1'") or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
$oldp1 = $row['points'];
$newp1 = '3';
$point = $oldp1 + $newp1;
$oldgp1 = $row['gp'];
$newgp1 = '1';
$gp = $oldgp1 + $newgp1;
$oldwins1 = $row['wins'];
$newwins1 = '1';
$wins1 = $oldwins1 + $newwins1;
mysql_query("UPDATE player_stats SET points='$point', gp='$gp', wins='$wins1' WHERE name='$player1'") or die(mysql_error());
print "$player1 has successfully received $newp1 points.";
}
$result = mysql_query("SELECT * FROM player_stats WHERE name='$player2'") or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
$oldp2 = $row['points'];
$newp2 = '1';
$point = $oldp2 + $newp2;
$oldgp2 = $row['gp'];
$newgp1 = '1';
$gp = $oldgp1 + $newgp1;
$oldloss2 = $row['loss'];
$newloss2 = '1';
$loss2 = $oldloss2 + $newloss2;
mysql_query("UPDATE player_stats SET points='$point', gp='$gp', defeats='$loss2' WHERE name='$player2'") or die(mysql_error());
print "$player2 has successfully received $newp2 points. ";
}
}else {
$result = mysql_query("SELECT * FROM `player_stats` WHERE name='$player1'") or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
$oldp1 = $row['points'];
$newp1 = '1';
$point = $oldp1 + $newp1;
$oldgp1 = $row['gp'];
$newgp1 = '1';
$gp = $oldgp1 + $newgp1;
$oldloss1 = $row['defeats'];
$newloss1 = '1';
$loss1 = $oldloss1 + $newloss1;
mysql_query("UPDATE player_stats SET points='$point', gp='$gp', defeats='$loss1' WHERE name='$player1'") or die(mysql_error());
print "$player1 has successfully received $newp1 points. <a href='http://www.aoe3clan.com/test/ladder.php'> View the Ladder</a>";
}
$result = mysql_query("SELECT * FROM player_stats WHERE name='$player2'") or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
$oldp2 = $row['points'];
$newp2 = '3';
$point = $oldp2 + $newp2;
$oldgp2 = $row['gp'];
$newgp2 = '1';
$gp = $oldgp2 + $newgp2;
$oldwins2 = $row['wins'];
$newwins2 = '1';
$wins2 = $oldwins2 + $newwins2;
mysql_query("UPDATE player_stats SET points='$point', gp='$gp', wins='$wins2' WHERE name='$player2'") or die(mysql_error());
print "</br>$player2 has successfully received $newp2 points. <a href='http://www.aoe3clan.com/test/ladder.php'> View the Ladder</a>";
}
}
?>
I dont see why its not working now, as it worked before...