d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > Lamp Web Application > Sql Query Via Php
12Next
Add Reply New Topic New Poll
Member
Posts: 2,217
Joined: Sep 10 2007
Gold: 35.88
Oct 11 2013 01:48pm
Hey guys/gals!

So, I recently purchased a very nice server.
It's running Ubuntu Server 12.4 as the Operating System, and I used apt-get to install and update it's Lamp-Server package.
I have also installed PHPMyAdmin.

I used PHPMyAdmin to add a database "Inventory"
I also used PHPMyAdmin to add a table "Product_Types"
Then I used PHPMyAdmin to insert a few rows.


I wrote a simple PHP script to test my database connection, and all seemed to be well.
Then I added a simple query to test things, and of course.. no luck.

The reason I've come here is for help determining whether it's my code or my LAMP setup.


Code

<?php

$host = "localhost";
$user = "REMOVED";
$pass = "REMOVED";
$db = "inventory";

$conn = new mysqli($host, $user, $pass, $db);

if ($conn) {
echo "Welcome to the Inventory database!";
}
else {
echo "Connection to database failed.";
}

$result = mysqli_query($conn,"SELECT * FROM Product_Types");

while($row = mysqli_fetch_array($result))
{
echo $row['Type_ID'] . " " . $row['Type_Description'];
echo "<br>";
}

mysqli_close($conn);
?>


Once the page is loaded it displays the "Welcome to the Inventory Database" message, but does not echo the query results.
Any idea what's going wrong? Is my PHP/SQL bad, or is this more likely to be a LAMP issue.
Member
Posts: 11,610
Joined: Oct 28 2008
Gold: 1,795.00
Oct 11 2013 02:05pm
Use prepared statements, direct queries by default are not escaped allowing malicious code to enter your database.

While displaying content and inserting content it's a good idea to use htmlspecialchars() (replaces <, >, (, ), ', ", ect with &; equivalent) and strip_tags() (removes recognized tags <p>, <b>, ect)

You can use the following code to use prepared statements and use PDO (sql by default does not work with php prepared statements, so using PDO makes it work)

Code
session_start();
$dsn = "mysql:host=localhost;dbname=Inventory;charset=utf8";
$opt = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC
);
$pdo = new PDO($dsn,'username','password', $opt);


To reference your table "Product_Types" use the following code:

Code
$stmt = $pdo->prepare("SELECT * FROM Product_Types");
$stmt->execute(array());
$array = $stmt->fetchAll(PDO::FETCH_ASSOC);


Your data will then be held in a 2-dimensional array that you can use to reference

If you have any further questions let me know
Member
Posts: 2,217
Joined: Sep 10 2007
Gold: 35.88
Oct 11 2013 02:44pm
Thanks boss! I really appreciate your help!
I was actually hoping to get a response from you, seeing how you seem to be amongst the "most knowledgeable" in this sub-forum.

This post was edited by grievance on Oct 11 2013 02:59pm
Member
Posts: 29,723
Joined: Jun 11 2007
Gold: 279.52
Oct 11 2013 04:04pm
i dont really see anything wrong with your code, sometimes those local testing servers are picky.
you could try using mysqli_connect instead of new mysqli
also try using "root" as the user and just leaving password empty.

and if you do play on not using the PDO way, i would either create or find a filter class that someone has written and filter everything that comes in and out of the database.
Member
Posts: 11,610
Joined: Oct 28 2008
Gold: 1,795.00
Oct 11 2013 04:55pm
Quote (AkuuZ @ Oct 11 2013 05:04pm)
i dont really see anything wrong with your code, sometimes those local testing servers are picky.
you could try using mysqli_connect instead of new mysqli
also try using "root" as the user and just leaving password empty.

and if you do play on not using the PDO way, i would either create or find a filter class that someone has written and filter everything that comes in and out of the database.


If I remember right the lamp stack they ship has mysql not mysqli so that would make mysqli commands not work.
Member
Posts: 29,723
Joined: Jun 11 2007
Gold: 279.52
Oct 11 2013 05:46pm
Quote (0n35 @ Oct 11 2013 10:55pm)
If I remember right the lamp stack they ship has mysql not mysqli so that would make mysqli commands not work.


mysql has been deprecated, so you have to use PDO or mysqli commands now.

Member
Posts: 32,925
Joined: Jul 23 2006
Gold: 3,804.50
Oct 11 2013 06:14pm
Quote (grievance @ Oct 11 2013 04:44pm)

I was actually hoping to get a response from you, seeing how you seem to be amongst the "most knowledgeable" in this sub-forum.


all the regulars (minus Eep) are pretty knowledgeable in various areas. Eep is gettin' there.
Member
Posts: 11,610
Joined: Oct 28 2008
Gold: 1,795.00
Oct 11 2013 06:47pm
Quote (carteblanche @ Oct 11 2013 07:14pm)
all the regulars (minus Eep) are pretty knowledgeable in various areas. Eep is gettin' there.


:rofl:
This is true

Quote (AkuuZ @ Oct 11 2013 06:46pm)
mysql has been deprecated, so you have to use PDO or mysqli commands now.


Right that's what I meant, mysqli commands won't work with mysql (at least I couldn't get them to, OP can't either) and PDO seems promising. I could switch databases and only have to change one word in an includes file and have no issues at all transferring over to a different database.
Member
Posts: 29,723
Joined: Jun 11 2007
Gold: 279.52
Oct 11 2013 07:33pm
Quote (0n35 @ Oct 12 2013 12:47am)
:rofl:
This is true



Right that's what I meant, mysqli commands won't work with mysql (at least I couldn't get them to, OP can't either) and PDO seems promising.  I could switch databases and only have to change one word in an includes file and have no issues at all transferring over to a different database.


Oh, yea i dont know. if mysqli commands didnt work i would assume the connection wouldnt even work, but he says he gets a connection. so idk. I havent used much PDO either
Member
Posts: 2,217
Joined: Sep 10 2007
Gold: 35.88
Oct 14 2013 09:03am
Quote (AkuuZ @ Oct 11 2013 07:33pm)
Oh, yea i dont know. if mysqli commands didnt work i would assume the connection wouldnt even work, but he says he gets a connection. so idk. I havent used much PDO either


I used the following to check for MySQLi

Code
$herpDerp = function_exists('mysqli_connect')

if($herpDerp)
{
echo 'MySQLi appears to work';
}

else
{
echo 'This server probably doesn't support MySQLi';
}


The result returned true with the "MySQLi appears to work" message.

My server is running the most updated lamp-server stack from the ubuntu-server 12.4 package.
I'm pretty sure the majority of my problems lie somewhere within my LAMP server configuration, maybe some option in a ".ini" file I've never heard of.

As far as security goes, it's not too much to worry about.
My web server and web applications are hosted on this local webserver, which is not accessible via internet, and is used only by local employee with little/no tech knowledge.
The server also contains very little "personal" information, it's mostly just "tech specs" and "images".
Mostly, I just make simple webapps to autopmate "paperwork".

However, I'm taking on some extra responsibilities, and learning some additional skills.
In the form of, trying to make a database backed inventory web application for our ever-increasing computer / computer part / computer accessory inventory.
Daunting task, to say the least.

This post was edited by grievance on Oct 14 2013 09:09am
Go Back To Programming & Development Topic List
12Next
Add Reply New Topic New Poll