[PHP] Performing Multiple Prepared Queries
All,
I am attempting to perform multiple prepared queries using mysqli. I
want to pull information out of one table based on the information in
another. I do not receive any errors and the rest of the page seems to
load correctly. Below is my code:
foreach ($uniqueids as $entryid) {
$getentrybyid->bind_param("i", $entryid);
$getentrybyid->execute();
$getentrybyid->bind_result($level, $published, $updated, $title, $body,
$resources, $signature, $comments);
$getentrybyid->fetch();
$getentrybyid->close();
$getsignaturebyid->bind_param("i", $signature);
$getsignaturebyid->execute();
$getsignaturebyid->bind_result($fname, $lname);
$getsignaturebyid->fetch();
$getsignaturebyid->close();
printEntry($title, $level, $published, $updated, "$fname $lname",
$body, $resources);
if ($comments == 'y') {
echo "View Comments...\n";
}
}
What ends up happening is the first query (getentrybyid) works just fine
and displays when told. The second query (getsignaturebyid) does not
get the information that it is supposed to, thus the variable is empty.
NOTE: I have moved the close() functions outside of the foreach loop
and it partially works. It starts displaying the information it is
supposed ($fname $lname) but it repeats the rest of the information.
Any thoughts?
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Spider Security
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Performing Multiple Prepared Queries
Carlton Whitehead wrote: > Hi Nathaniel, > > When your query starts its second loop, the resultset from the first > one is still defined as the resultset in your prepared statement > object. Before you can get another resultset, you need to clear the > first one using the mysqli_stmt_free_result function. It would > probably be best to place the free_result call after each call to > fetch. Check > http://www.php.net/manual/en/function.mysqli-free-result.php for more > details about it. > I thought I had tried that, but apparently not. It works now. Thanks for the help. -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Spider Security -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Find MAC Address in PHP
Hi all,
I am attempting to find the MAC address of systems visiting my page from
the local LAN. I have tried several things, but it appears it will not
let me run system commands. For example, running system("arp 192.168.200.254"); echo $MAC; ?>" does not give me any
output. I have copied arp to a place that the apache user can execute
from and ensured arp is executable.
This is on a Fedora Core 6 box running PHP 5.1.6-3.4 and Apache
2.2.3-5. Any help is appreciated.
--
Nathaniel Hall
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
Richard Lynch wrote: On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote: I am attempting to find the MAC address of systems visiting my page from the local LAN. I have tried several things, but it appears it will not let me run system commands. For example, running " does not give me any output. I have copied arp to a place that the apache user can execute from and ensured arp is executable. Use exec and the extra args to get error codes. Can you run 'arp' and get what you want from command line? Can you 'su' to PHP user and *then* run it and get what you want? If not, you can't do that. I dunno what 'arp' is gonna give you, but I wouldn't think you'd in general have access to the MAC address of a visitor hardware... Nor should you, actually... But if you've got your boxes configured to let any ol' person run this 'arp' thing and reply with their MAC addresses, I guess it oughta work... Thanks for the help. I believe I have narrowed it down to SELinux keeping Apache from executing commands. Anybody had the same problem and know a fix? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
Davi wrote:
Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu:
On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote:
does not give me any
output. I have copied arp to a place that the apache user can execute
from and ensured arp is executable.
Use exec and the extra args to get error codes.
ARP is a root-command... =]
Can you run 'arp' and get what you want from command line?
As web-user? No.
Can you 'su' to PHP user and *then* run it and get what you want?
Hum... Not at all... You need to enter the root password... How can you do
that?
sudo sounds a little better... But... How about security?
I know it can be done because I have a Fedora Core 4 system doing it
right now. I didn't have to do anything special for it to work. The
system I am working on now is a Fedora Core 6 box. In /var/log/messages
I receive:
Apr 24 09:33:51 STUAUTH kernel: audit(1177425231.020:114): avc: denied
{ execute } for pid=31786 comm="httpd" name="bash" dev=dm-0 ino=916642
scontext=root:system_r:httpd_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Find MAC Address in PHP
chris smith wrote:
On 4/25/07, Nathaniel Hall <[EMAIL PROTECTED]> wrote:
Davi wrote:
> Em Domingo 22 Abril 2007 03:12, Richard Lynch escreveu:
>
>> On Fri, April 20, 2007 3:00 pm, Nathaniel Hall wrote:
>>
>>>
>>> does not give me any
>>> output. I have copied arp to a place that the apache user can
execute
>>> from and ensured arp is executable.
>>>
>> Use exec and the extra args to get error codes.
>>
>
> ARP is a root-command... =]
>
>
>> Can you run 'arp' and get what you want from command line?
>>
>
> As web-user? No.
>
>
>> Can you 'su' to PHP user and *then* run it and get what you want?
>>
>
> Hum... Not at all... You need to enter the root password... How can
you do
> that?
> sudo sounds a little better... But... How about security?
I know it can be done because I have a Fedora Core 4 system doing it
right now. I didn't have to do anything special for it to work. The
system I am working on now is a Fedora Core 6 box. In /var/log/messages
I receive:
Apr 24 09:33:51 STUAUTH kernel: audit(1177425231.020:114): avc: denied
{ execute } for pid=31786 comm="httpd" name="bash" dev=dm-0 ino=916642
scontext=root:system_r:httpd_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
If fixing up selinux doesn't work then look in to using 'sudo'. The
manpage(s) show examples about how to set it up to allow specific
commands to be run without a password.
Thanks for everybody's help. I have narrowed the problem down to
SELinux. Once I disabled SELinux the arp command works fine. I'm now
in the process of making it where SELinux can remain on while allowing
PHP to execute the command. Thanks a lot.
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Another SYSTEM Function Question
I have another question regarding running a system command on a web
server. Let me explain again, I am creating a login page that is to be
used on my local lan only. I am wanting to lock down a maximum number
of logins to up to 2 MAC addresses. I finally got the arp command
working, but now I have another issue with new lines.
The command I am running is system("arp " . $_SERVER['REMOTE_ADDR'] . "
| grep " . $_SERVER['REMOTE_ADDR'] . " | cut -b34-50");
The command runs correctly, however the output is directly and not by
using echo. I would like to be able to assign what is returned to a
variable so that I can do additional work on it. Any ideas?
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Another SYSTEM Function Question
Richard Lynch wrote:
On Thu, April 26, 2007 3:27 pm, Nathaniel Hall wrote:
The command I am running is system("arp " . $_SERVER['REMOTE_ADDR'] .
See also:
http://php.net/exec
Thanks to all for you help. I apparently missed that exec was the proper
function to use for what I am wanting. It all works fine now. :)
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Command line script
I am attempting to run a script that will run from the command line
nightly to update a field in a database. I already created a script
that would access the database and insert most of the information when a
webpage is visited and I had no problems with it. The command line
script appears to fail on the prepare. I have echo'ed the SQL statement
to the screen, copied it, and run it on the MySQL server with no
problems. Any ideas?
if ($logout = $mysqli->prepare("UPDATE `mydb`.`authlog`
SET `logout` = ? WHERE `login` LIKE '$login%'")) { // <--- Will not go
any further than here, even when hard coding the information.
$logout->bind_param("s", date('m\-d\-Y\TH\:i\:s'));
$logout->execute();
$logout->close();
}
}
$mysqli->close();
?>
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Spider Security
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Command line script
Daniel Brown wrote:
First and foremost, it's a VERY BAD idea to use root for MySQL.
If your code isn't perfect (and even sometimes if it is), arbitrary
commands and SQL injection attacks could lead to migraines that no
Tylenol will ever be able to alleviate.
I changed the user I was connecting as in order to post. I don't use
root in the real code.
Secondly, what error is the CLI kicking out when you run it from
the command line?
It doesn't give an error. The only thing it does is continue on through
the IF statement, which goes nowhere. I have added an ELSE to the
script and run it. It ends up running the code in the ELSE.
$login = date('m\-d\-Y');
if ($logout = $mysqli->prepare("UPDATE `mydb`.`authlog` SET
`logout` = ? WHERE `login` LIKE '$login%'")) { // <--- Will not
go any further than here, even when hard coding the information.
$logout->bind_param("s", date('m\-d\-Y\TH\:i\:s'));
$logout->execute();
$logout->close();
}
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Spider Security
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Command line script
Greg Donald wrote:
On 5/1/07, Nathaniel Hall <[EMAIL PROTECTED]> wrote:
> I am attempting to run a script that will run from the command line
> nightly to update a field in a database. I already created a script
> that would access the database and insert most of the information when a
> webpage is visited and I had no problems with it. The command line
> script appears to fail on the prepare. I have echo'ed the SQL statement
> to the screen, copied it, and run it on the MySQL server with no
> problems. Any ideas?
>
> $mysqli = new mysqli('localhost', 'root', 'abc123', 'mydb');
> if (mysqli_connect_errno()) {
> echo "Unable to connect to database.\n";
> exit;
> } else {
> $login = date('m\-d\-Y');
> if ($logout = $mysqli->prepare("UPDATE `mydb`.`authlog`
> SET `logout` = ? WHERE `login` LIKE '$login%'")) { // <--- Will not go
> any further than here, even when hard coding the information.
> $logout->bind_param("s",
date('m\-d\-Y\TH\:i\:s'));
> $logout->execute();
> $logout->close();
> }
> }
> $mysqli->close();
> ?>
Add full error reporting, then make sure you can see the errors, then
test to see if you have the mysqli extension:
error_reporting( E_ALL );
ini_set( 'display_errors', 1 );
ini_set( 'log_errors', 1 );
if( !in_array( 'mysqli', get_loaded_extensions() ) )
{
die( 'no mysqli found' );
}
I get no errors and I have verified that mysqli is loaded.
Also, why do you need to escape the dashes in the date() calls?
> php -r 'echo date("Y-m-d");'
2007-05-01
Habit.
--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Spider Security
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Reuse MySQL prepared statement
I am trying to use a prepared MySQL statement after retrieving the
results from a previous query (it's for a multi-level menu). The first
query works fine, but the second query does not.
I have tried using mysqli_stmt::reset and mysqli_stmt::close, but had no
luck with those either. Lastly, the only time I receive error messages
is when I use mysqli_stmt::close.
The code I am currently using is:
[code]
$l1_parent = 0;
$retrieve_menu->bind_param("i", $l1_parent);
$retrieve_menu->execute();
$retrieve_menu->bind_result($menu_id, $menu_item, $menu_cmd);
$level1 = array();
while ($retrieve_menu->fetch()) {
$level1_item = array();
array_push($level1_item, $menu_id);
array_push($level1_item, $menu_item);
array_push($level1_item, $menu_cmd);
array_push($level1, $level1_item);
}
$retrieve_menu->free_result();
$level1_counter = 0;
echo "";
for ($level1_counter = 0; count($level1) >= $level1_counter; $level1_counter++)
{
echo "https://myserver/?sid=$GENSID&uid=$GETUID&cmd="; .
$level1[$level1_counter][2] . "\" class=\"" . $level1[$level1_counter][2] .
"\">" .
$level1[$level1_counter][1] . "";
$l2_parent = $level1[$level1_counter][0];
$retrieve_menu->bind_param("i", $l2_parent);
$retrieve_menu->execute();
$retrieve_menu->bind_result($menu_id, $menu_item, $menu_cmd);
$level2 = array();
while ($retrieve_menu->fetch()) {
$level2_item = array();
array_push($level2_item, $menu_id);
array_push($level2_item, $menu_item);
array_push($level2_item, $menu_cmd);
array_push($level2, $level2_item);
}
$retrieve_menu->close();
if (count($level2) > 0) {
echo "";
echo "$level2 " . $level1[$level1_counter][0] .
"";
echo "";
}
}
echo "";
[/code]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Reuse MySQL prepared statement
Nathaniel Hall wrote: > Lastly, the only time I receive error messages is when I use > mysqli_stmt::close. I should probably note that the error messages I receive when using mysqli_stmt::close are related to the statement handle being removed. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: OT - Visio Network Charting Application
Jim Lucas wrote: > To all curious... > > I realize that this has nothing to do with PHP, but here goes. > > I have Googling, but not able to find a mailing list on "visio review" and > "visio top 10" and other search terms related to visio. So, I thought I would > ask for the lists opinions on visio software. > > I am in need of visio software that will allow me to make a full layout chart > of my entire network. > > I have looked at the normal suggestions M$ Visio & SmartDraw, Dia, etc... > > I can see that they give you good options for linking things together and > general stencils, but I am looking for more. For detailed stencils. I want > to know by looking, or reading on the chart, that our Customer #1234 is > connected to FSB slot t1-1/0/1:16 on our Juniper M20. > > So, if anybody has suggestions for software, I'm all ears. > > TIA > Visio will allow you to do that. There are additional properties to each object. You just have input the information. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Reuse MySQL prepared statement
Eric Butera wrote: > On Mon, Sep 29, 2008 at 11:21 AM, Richard Heyes <[EMAIL PROTECTED]> wrote: >>> Use a tree structure (I assume it's a tree type menu that has already >>> been written and save yourself the hassle. The PEAR HTML_TreeMenu code >>> can Create a tree structure from a Tree object (my own tree class at >>> phpguru.org). >> Sorry, forgot to mention that said Tree object can create a tree >> structure from a flat MySQL result set using the familiar, >> id/parent_id, structure: >> >> >> -- >> Richard Heyes >> > > I would recommend using using a preorder tree traversal for storing > the data. It is a little different at first, but once you get the > idea it is pretty slick to work with. The main advantage is to build > the tree structure you only need one query as opposed to a recursive > algorithm. > > http://www.sitepoint.com/article/hierarchical-data-database/2/ > http://dev.mysql.com/tech-resources/articles/hierarchical-data.html I will keep the preorder tree traversal in mind, however, I am currently not worried about the number of queries. I just cannot figure out how to reuse the existing prepared statement. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Reuse MySQL prepared statement
I have figured out the problem. While I was resetting the first query and not closing it, I was closing the second query. That kept any subsequent queries from running. Thanks Jack! -- Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP code in a MySQL record
I am working on a project that uses an index.php page. Depending on the variable in the URL, a different php page is included. I have a config.php that contains variables that are accessible from any page. That is the easy part. I have some pages pulling HTML out of a database. I would like to be able to reference some of the variables in the config.php in the database blob field. Here is an example: [EMAIL PROTECTED] -- ...etc config.php -- test.php -- MySQL record: -- id,year,month,day,entry 1,2005,01,01,This is a test _ I have tried using >? echo $that_var; ?< and I have tried escaping everything, but that still didn't work. Any ideas? Nathaniel Hall [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Mark Email as Urgent
I have a PHP script that automatically sends an e-mail when accessed. Is there any way to mark the e-mail that is sent as urgent or flagged? Any help is appreciated. -- Nathaniel Hall, GSEC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Mark Email as Urgent
Richard Lynch wrote: > On Thu, October 13, 2005 12:47 pm, Nathaniel Hall wrote: > >>I have a PHP script that automatically sends an e-mail when accessed. >>Is there any way to mark the e-mail that is sent >>as urgent or flagged? >> >>Any help is appreciated. > > > Yes, but... > > You can add a header "Priority: High" (I think it's "High") > > But only spammers use that [1], so it increases the odds of getting > marked as spam. > > The urgency of an email, as defined by the sender, has turned out to > be relatively useless, since the urgency, as defined by the recipient, > rarely matches. While you may have the luxury of knowing for sure > that the two urgencies (sender/recipient) *DO* match up, it's a rare > occurrence. > > If you have sufficient control over sender and recipient accounts, you > could add URGENT to the Subject: and/or set up filtering on the email > client to force the message to be flagged there, based on criteria > that are less likely to get the email flagged as junk. > > Maybe if Priority email cost more to send and bulk was cheaper, these > settings would become meaningful again. But, as it stands now, they > are largely useless to the sender. I'm sure some recipients > re-prioritize email based on filters, and that remains useful. > > [1] This was an exaggeration, though not a huge one. Actually, savvy > spammers no longer use a Priority setting. > This is all for internal use. The PHP webpage is used as a honeypot on our website. When people visit the appropriate page, I would like an Urgent e-mail to be sent to my e-mail and my cell phone (to the phones email address). I am able to send text messages as urgent and they vibrate and ring differently already. I have the page working now, but it does not mark anything as urgent or high priority. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
