mysql / php problem :S

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

User avatar
TyR
New php-forum User
New php-forum User
Posts: 17
Joined: Wed Feb 18, 2004 1:13 pm
Location: Norway
Contact:

mysql / php problem :S

Postby TyR » Sun May 30, 2004 9:53 am

I really need help!!!

Code: Select all

<?
include "connect.php";

$createusers="CREATE TABLE Usersklklk (
  id bigint(21) NOT NULL default '0',
  Username varchar(60) NOT NULL default '',
  Password varchar(255) NOT NULL default '',
  monsterName varchar(60) NOT NULL default '',
  monsterType varchar(60) NOT NULL default '',
  lvl bigint(21) NOT NULL default '',
  atk bigint(21) NOT NULL default '',
  def bigint(21) NOT NULL default '',
  spd bigint(21) NOT NULL default '',
  int bigint(21) NOT NULL default '',
  hp bigint(21) NOT NULL default '',
  IP bigint(21) NOT NULL default '',
  buddylist longtext NOT NULL default '',
  wins bigint(21) NOT NULL default '',
  ties bigint(21) NOT NULL default '',
  loses bigint(21) NOT NULL default '',
  messages longtext NOT NULL default '',
  email varchar(60) NOT NULL default '',
  items longtext NOT NULL default '',
  equipment longtext NOT NULL default ''
)";


mysql_query($createusers) or die(mysql_error());
print "Installation Complete";
?>


when i run that i get:

Code: Select all

You have an error in your SQL syntax near 'int bigint(21) NOT NULL default '', hp bigint(21) NOT NULL default '', IP ' at line 11
seriously!!! need help! :shock:

User avatar
gesf
Moderator
Moderator
Posts: 1717
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden
Contact:

Postby gesf » Sun May 30, 2004 12:11 pm

Well, i think the problem is because you´re giving to your field the name int, witch is the same as Mysql field´s type!

You better give it another name :p


Cheers,
gesf

User avatar
TyR
New php-forum User
New php-forum User
Posts: 17
Joined: Wed Feb 18, 2004 1:13 pm
Location: Norway
Contact:

lol

Postby TyR » Sun May 30, 2004 12:58 pm

Thx:P

one more question:

Code: Select all

<?php
include "connect.php";
$limit=100;
$getss=("SELECT * FROM sams_shout ORDER by id DESC LIMIT $limit");
while($shout=mysql_fetch_array($getss)){
extract($shout);

i get:

Code: Select all

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /customers/n1studios.net/n1studios.net/httpd.www/sams_shout/shouts.php on line 5

wtf is wrong with line 5 ???

User avatar
gesf
Moderator
Moderator
Posts: 1717
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden
Contact:

Postby gesf » Sun May 30, 2004 7:37 pm

Yeh, you miss something on line: 4!
You need to 'run' the query before 'fetching' it!

Use this instead:

Code: Select all

$getss = mysql_query("SELECT * FROM sams_shout ORDER by id DESC LIMIT $limit");


Return to “PHP & MySQL Security”

Who is online

Users browsing this forum: No registered users and 1 guest

cron