Page 1 of 1

PHP MySQL Flash integration - Variable "lost"

Posted: Fri Nov 14, 2008 6:59 am
by ricferr
Hi all,

This topic has been of great help to me, as this is my first project with MySQL. Unfortunately, there's still something wrong with my code which is preventing it from working.

I have a simple one table MySQL database with 4 fields: numero, nome, email, resultado. Sorry about the Portuguese but I think its preferable, for the sake of better understanding my code, which follows:

Code: Select all

 
$nome = $_POST["nomeVar"];
//$nome = "rf teste";
$email = '';
 
$results = mysql_query("SELECT email FROM colaboradores WHERE nome = '$nome'")or die(mysql_error());
while($row = mysql_fetch_assoc($results)) {
    if($email != '') { $email .= ', '; }
    $email .= $row['email'];
}
 
mysql_free_result($result);
mysql_close($link);
 
if($email != '') { $email .= ''; }
echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n";
echo "<colaboradores>\n";
echo "<email>" . $email . "</email>\n";
echo "</colaboradores>\n";
 
$sendTo = "ricardo.ferreira@pointoview.net";
$headers = "From: " . $nome;
 
$subject = "qemail.php - Resultado de " . $email;
$message = "O nosso colaborador, " . $nome . ";
 
mail($sendTo, $subject, $message, $headers);
 
The e-mail is just to check if the "nome" variable is reaching the PHP, which it is. "rf teste" is the name I have inserted in the table to perform all the testing.

I have a flash quizz game which populates a combobox with the names from the database (through PHP and XML). After answering the questions, each user selects his name and, by pressing a confirmation button, the DB should be queried for the corresponding e-mail address and then return it to flash. The result is also inserted in the DB (no problem with that).

I just can't understand what's wrong with this. If I assign the "nome" in the PHP, using the commented 2nd line of code, the query is executed and I get the intended e-mail address back, in XML, ready to be read by flash.

When I send the variable from flash, it reaches PHP and is sent back to me via e-mail but, it fails to reach MySQL as the query isn't executed. Consequently, I get a null result in my flash application.

Somehow, the variable "nomeVar" sent from flash to php is lost between querying for the corresponding e-mail address and sending the "email" variable back to flash.

I hope I've clearly put it down for you. Thanks in advance

Regards

RF

Re: PHP MySQL Flash integration - Variable "lost"

Posted: Fri Nov 14, 2008 7:43 am
by Jaxolotl
First of all i will suggest you to read this article written by Mordred, because your are implementing your query rpocedure in an unsafe way.

Second.

The variable you are trying to catch from flash in php is passed by POST or GET?
Did you try testing your script first in php using a form to post info?
can you post your flash AS code?

Code: Select all

 
$results = mysql_query("SELECT email FROM colaboradores WHERE nome = '$nome'")or die(mysql_error());
// BETTER
$results = mysql_query("SELECT `email` FROM `colaboradores` WHERE `nome` = '".$nome."'")or die(mysql_error());
// by the way I'd suggest you to implement an sql abstraction
//to handle connetion and error reporting instead of die(mysql_error()) here
 
another tip

Code: Select all

 
##################### INSTEAD OF
while($row = mysql_fetch_assoc($results)) {
if($email != '') { $email .= ', '; }
 $email .= $row['email'];
 }
 
##################### TRY THIS
// if there are more than 0 results
if(mysql_num_rows($results) > 0){
    //initialize array
    settype($email,"array");
 
    while($row = mysql_fetch_assoc($results)) {
        // if $row['email'] contains characters
        if(trim($row['email'])){
            // push the value into the array
            array_push($email,$row['email']);
        }
    }
 
    // if is an array and the array contains more than 0 copules of key/val
    if(is_array($email) && (count($email) > 0)){
        // implode all the values into a string separated with a ", "
        $email = implode($email,", ");
    }
}
 

Re: PHP MySQL Flash integration - Variable "lost"

Posted: Fri Nov 14, 2008 12:06 pm
by ricferr
Hi,

First of all, thanks for your help.

I followed your link to Mordred's article but could only reach the PHP Security forum, which is a bit too vast. Any way, I suppose what you are suggesting is that I use an external file for my DB access settings and include it in the main PHP file. I'll do it as soon as I have all of this working. This is my first project with MySQL and I only learned about that security issue half way through the job.

The variable is passed by POST but also tried with GET. The difference I know to exist between both regards the size of the variable, which is no real issue in this case. Are there any others?
I created a simple PHP form to send the variables to the query file and the query is executed and the XML returned correctly. I'm starting to realize that the problem might be in my AS, which I'm posting below:

Code: Select all

 
on (release, keyPress "<Enter>") {
    if (form.nomeVar == "nada") {
        alerta.gotoAndPlay(2);
    } else {
        form.loadVariables("php/qemail.php","POST");
 
        var theXML2:XML = new XML();
        theXML2.ignoreWhite = true;
        theXML2.onLoad = function() {
            var nodes = this.firstChild.firstChild.lastChild;
            form.emailInst.text = nodes;
            for (i=0; i<nodes.length; i++) {
                form.emailInst.addItem(nodes[i].firstChild.nodeValue,i);
            }
        };
        theXML2.load("php/qemail.php");
        
        form.loadVariables("php/insert.php","POST");
        gotoAndPlay(7);
    }
}
 


This AS is in a button which the user must press to send his name back to the db to search for his e-mail address. It also writes his result on the db (and that's working fine).

I tried both your code tips and, since my initial "while" loop worked fine with the PHP submit form, I let it stay as it is more simple and easier for me to understand it.

So, apparently, the problem is on the AS side and not on the PHP. I imagine that loading twice the same file will erase the variable previously sent. Any ideas on how to go over this issue?

Thanks again

regards

RF

Re: PHP MySQL Flash integration - Variable "lost"

Posted: Mon Nov 17, 2008 3:44 pm
by Jaxolotl
I'll check it tomorrow and try to help you ricferr, sorry about the long times but I'm really smashed down with work.

Re: PHP MySQL Flash integration - Variable "lost"

Posted: Tue Nov 18, 2008 5:16 pm
by ricferr
Thanks for keeping in touch.

I have now realized that the problem lies in loading twice the same php file and, therefore, cleaning any result that it might have gotten as of the first load.

I'm now trying to write the result of the query into a XML file with a different name. My flash movie would then POST the query to qemail.php, which would generate a results.xml, then loaded by the flash movie.

I'll post the results as soon as I'll have any.

regards

RF

Re: PHP MySQL Flash integration - Variable "lost"

Posted: Tue Nov 18, 2008 9:54 pm
by ricferr
Hi,
I've solved the problem and here is my code:

Code: Select all

 
<?PHP
$link = mysql_connect("localhost","user","password");
mysql_select_db("database");
 
$nome = $_POST["nomeVar"];
 
$result = mysql_query("SELECT email FROM colaboradores WHERE nome = '".$nome."'") or die("Could not complete database query");
$num = mysql_num_rows($result);
 
if ($num != 0) {
 $file= fopen("results.xml", "w");
 $_xml ="<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n";
 while ($row = mysql_fetch_assoc($result)) {
 if ($row["email"]) {
 $_xml .="\t<colaboradores>\r\n";
 $_xml .="\t\t<email>" . $row["email"] . "</email>\r\n";
 $_xml .="\t</colaboradores>\r\n";
 } else {
 $_xml .="\t<colaboradores>\r\n";
 $_xml .="\t\t<email>\"não encontrado\"</email>\r\n";
 $_xml .="\t</colaboradores>\r\n";
 } }
 fwrite($file, $_xml);
 fclose($file);
 } else {
 echo "No Records found";
 } 
 
?>
 
 
I also had to separate the sending and the loading of the variables in flash through different frames, otherwise it would try to load a not yet generated xml file.

I still might work on it in order to improve its security but, for now, its working fine.

Thanks for your help

regards

RF