Joined: Wed Apr 30, 2014 10:42 am

Postby ScoobyDoobie » Wed Apr 30, 2014 10:48 am

I have a script that is designed to work with mysql and i need it to work with microsoft sql. I have already built a web app using mvc and have it connecting to the database. i have also built a mobile app using a software called App inventor 2 shich just uses code blocks. I need the mobile app to connect to the same database but in order to do so i have to use a php script but the problem is this script is wrote for mysql and i am using microsoft sql. I have never used php before and am wondering is there much involved to change the script so it will work with microsoft sql.

Code: Select all

[syntax=php][syntax=php]//DATABASE DETAILS//

//This code is something you set in the APP so random people cant use it.


//these are just in case setting headers forcing it to always expire
header('Cache-Control: no-cache, must-revalidate');


if( isset($_POST['query']) && isset($_POST['key']) ){         //checks if the tag post is there and if its been a proper form post
  //2014/02/18: set content type to CSV (to be set here to be able to access this page also with a browser)
  header('Content-type: text/csv');

  if($_POST['key']==$SQLKEY){                                 //validate the SQL key
    if(get_magic_quotes_gpc()){     //check if the worthless pile of crap magic quotes is enabled and if it is strip the slashes from the query
    $link = mysql_connect($DB_ADDRESS,$DB_USER,$DB_PASS);     //connect ot the MYSQL database
    mysql_select_db($DB_NAME,$link);                          //connect to the right DB
      $result=mysql_query($query);                            //runs the posted query (NO PROTECTION FROM INJECTION HERE)
        if (strlen(stristr($query,"SELECT"))>0) {          //tests if its a select statemnet
          $num_fields = mysql_num_fields($result);            //collects the rows and writes out a header row
          $headers = array();
          for ($i = 0; $i < $num_fields; $i++) {
            $headers[] = mysql_field_name($result , $i);
          $outstream = fopen("php://temp", 'r+');             //opens up a temporary stream to hold the data
          fputcsv($outstream, $headers, ',', '"');
          while ($row = mysql_fetch_row($result)){
            fputcsv($outstream, $row, ',', '"');
          // echo $csv; //writes out csv data back to the client
        } else {
          header("HTTP/1.0 201 Rows");
          echo "AFFECTED ROWS: ".mysql_affected_rows($link); //if the query is anything but a SELECT it will return the number of affected rows
      } else {
        header("HTTP/1.0 400 Bad Request");                  //send back a bad request error
        echo mysql_errno($link).": ".mysql_error($link);     // errors if the query is bad and spits the error back to the client
      mysql_close($link);                                    //close the DB
    } else {
      header("HTTP/1.0 400 Bad Request");
      echo "ERROR Database Connection Failed";               //reports a DB connection failure
  } else {
     header("HTTP/1.0 400 Bad Request");
     echo "Bad Request";                                     //reports if the code is bad/
} else {
        header("HTTP/1.0 400 Bad Request");
        echo "Bad Request";

Joined: Mon Oct 01, 2012 12:32 pm

Postby seandisanti » Thu May 01, 2014 11:35 pm

mysql_ library is deprecated for security reasons, and it's slow, AND it's specifically for mysql. You can use PDO with very little work involved in switching the code. check out for the official specification and walk throughs, or get a quick peek via video thanks to this example by Jesse Boyer of fame.

