#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Location
    Pierrefonds, QC Canada
    Posts
    205
    Rep Power
    11

    Basics: Output Simple Array


    Hi there!

    I wish to output an array.

    In my PHP Script, I wrote this:

    Code:
    function synchrouser($user,$pass)
    {        $user = trim($user);
    $pass = md5(trim($pass));
    $table = '_a_users';
    $query ="SELECT * FROM $table WHERE userName='$user' AND userPassword='$pass'";
    $myresult =mysql_query($query);
    $mydata = "";
    while ($row =mysql_fetch_array($myresult)) {
    $lastName = $row["lastName"];
    $firstName = $row["firstName"];
    $school = $row["school"];
    $promoYear = $row["promo"];
    $exitYear = $row["promoOut"];
    $promoNumber = $row["promoNum"];
    $email = $row["email"];
                     //insertion of a "|" delimiter
    $mydata .= "|".$lastName."|".$firstName."|".$school."|".$promoYear."|".$exitYear."|".$promoNumber."|".$email;
    print "&mydata=".$mydata;
    }
    }

    What's wrong in this coding?

    Many thanks in advance for your help!
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    I have no idea what you mean by "output an array" and what this strange "&mydata=...|..." syntax is supposed to do. What is that for? What are you trying to do?

    Apart from that, there are several things wrong with your code:
    • You don't escape values before you insert them into the query string, which makes your code vulnerable to SQL injections
    • You don't escape values before printing them, which makes your code vulnerable to cross-site scripting
    • the "mysql_" functions are long obsolete and will die out sooner or later; choose one of the contemporary extensions. Those also support prepared statements, which allow you to safely pass values to queries.
    • MD5 hashes are not secure. They can be "cracked" rather reasily with a standard PC. Use the PHPass library to generate serious hashes that will actually withstand brute force attacks.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Location
    Pierrefonds, QC Canada
    Posts
    205
    Rep Power
    11
    Thank you very much, Jacques1, for your kind reply.

    Besides all security concerns which (as important as they are for sure) and the modernity of the code, I thought I was clear enough with the simple title I've chosen...

    My problem is : "From this sql query, how can I output an array containing all the results of the query in the order I enumerated them and separated with the specified delimiter?"

    I need to solve this at the moment.

    Best regards

    PS: Of course, I'm widely opened to improve the security and the "neat" coding of my scripts.
    But this requires some time to learn, no?
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by Germaris
    My problem is : "From this sql query, how can I output an array containing all the results of the query in the order I enumerated them and separated with the specified delimiter?"
    I still don't understand what you mean. What is an "array" for you? To me, it's an abstract data structure in PHP (and other languages). It doesn't have delimiters, and you cannot output it (the best you'll get is a human-readable representation of the array, which can be used for debugging).

    Or do you simply mean a list?

    And what's wrong with the code you currently have? Do you get an error message? You didn't say that.



    Originally Posted by Germaris
    PS: Of course, I'm widely opened to improve the security and the "neat" coding of my scripts.
    This has nothing to with "neat coding". If you plan to put this script online (which I suppose), security is absolutely necessary. Otherwise your site and possibly your server won't live long. Bad guys rarely have consideration for someone being new to PHP, so the code has to be correct from the beginning.



    Originally Posted by Germaris
    But this requires some time to learn, no?
    No, secure code isn't rocket science. You just need to be aware of the typical dangers and know the standard solutions. What I've written down above is pretty much it.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Location
    Pierrefonds, QC Canada
    Posts
    205
    Rep Power
    11
    Thank you for your advices.

    Here is another function I successfully use for years:

    Code:
    $table = "_reminders";
    		$query ="SELECT text FROM $table";
    		$myresult =mysql_query($query);
    		$mydata = "";
    		$counter = 0;
    		while ($row = mysql_fetch_array($myresult)) {
    			$text = $row["text"];
    			if ($counter == 0) {
    				$mydata .= $text;
    			} else {
    				// Use a item delimiter "|" to separate the records
    				$mydata .= "|".$text;
    			}
    			$counter++;
    		}
    		print "&mydata=".$mydata;

    The output is an array containing all the rows of the "text" column in "_reminders" table. Inside, there's a list even if we can't see it. But with a big difference with a simple list : The data inside is indexed in the same order as the rows in the table.
    Then, when my Flash SWF is receiving this array, it can extract any part with the index reference (which won't be possible with a simple list)

    Example in Flash AS2:

    var mydata:Array = new Array();
    myTextField.text = mydata[4] // To get the corresponding string

    Best regards
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    OK, so this is for Flash? That's something you should have mentioned. Not everybody knows Flash and will recognize a Flash array.

    And what's wrong with your first code? The only difference I see is that you start with a delimiter, while in your "other function" you specifically avoid that.

    By the way, why do you have a loop? Shouldn't that just be a single row? You should also avoid this "SELECT *" stuff. This is what I'd do:
    PHP Code:
    $user_query mysql_query("
        SELECT
            lastName
            , firstName
            , school
            , promo
            , promoOut
            , promoNum
            , email
        FROM
            _a_users
        WHERE
            userName = '" 
    mysql_real_escape_string($user) . "'
            AND userPassword = '" 
    mysql_real_escape_string($pass) . "'
    "
    );
    $user_data mysql_fetch_row($user_query);
    print 
    '&mydata=' implode('|'$user_data);            // escape the data for Flash! 
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2004
    Location
    Pierrefonds, QC Canada
    Posts
    205
    Rep Power
    11
    Originally Posted by Jacques1
    OK, so this is for Flash? That's something you should have mentioned. Not everybody knows Flash and will recognize a Flash array.

    And what's wrong with your first code? The only difference I see is that you start with a delimiter, while in your "other function" you specifically avoid that.

    By the way, why do you have a loop? Shouldn't that just be a single row? You should also avoid this "SELECT *" stuff. This is what I'd do:
    PHP Code:
    $user_query mysql_query("
        SELECT
            lastName
            , firstName
            , school
            , promo
            , promoOut
            , promoNum
            , email
        FROM
            _a_users
        WHERE
            userName = '" 
    mysql_real_escape_string($user) . "'
            AND userPassword = '" 
    mysql_real_escape_string($pass) . "'
    "
    );
    $user_data mysql_fetch_row($user_query);
    print 
    '&mydata=' implode('|'$user_data);            // escape the data for Flash! 
    Thank you very much.
    I'll give a try to your formula and see if it works.
    You'll have feedback from me for sure.
    Just give me some time (it's lunch time here in Montreal)
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    If it doesn't work, please finally tell us what it is that doesn't work. I mean, we can make guesses all day long and try out different approaches. But we need the exact error. Is it a syntax problem? etc.

    That's why I'm asking you the third time now.

IMN logo majestic logo threadwatch logo seochat tools logo