Newbie question

From: Tyler Mittan 
------------------------------------------------------
I am trying to create a basic, mock CRUD with mysql and php.. I am having a
problem adding to the database. Do the php files have to be stored in the
same place as the database or something? I can't figure out where I am
going wrong.

=============================================================== From: Randy Yates ------------------------------------------------------ Are you accessing the mysql server on the same machine as the php is running on?

=============================================================== From: Tyler Mittan ------------------------------------------------------ Yes, it's all on my Nexus 7.

=============================================================== From: Randy Yates ------------------------------------------------------ Can you pastebin some of your code?

=============================================================== From: Tyler Mittan ------------------------------------------------------ Sure: http://pastebin.com/VjBfUdtF I appreciate you taking a look at it. The first part is a separate pup file just called 'inventory'.. The second part has changed so much because I've been trying all sorts of different ways.

=============================================================== From: Dan Lyke ------------------------------------------------------ On Fri, Aug 16, 2013 at 5:04 PM, Tyler Mittan wrote: A potential "gotcha": I believe that mysql has two connection methods for the local machine, TCP/IP via "localhost", and local filesystem accessible sockets. Does: mysql --host=localhost --user=root --password=root inventory connect correctly? Dan

=============================================================== From: Tyler Mittan ------------------------------------------------------ Thanks, Dan. I just left to grab a bite to eat, but I'll try it out when I get home.

=============================================================== From: Randy Yates ------------------------------------------------------ Tyler, your SQL statement may be failing. Have you tried that statement manually in mysql? You may need to add VALUES like so: 1. INSERT INTO sedan ( year, make, model, color, price) values('{$

=============================================================== From: Randy Yates ------------------------------------------------------ I'd also like to give a few other helpful hints while I'm looking at it. 1. Learn OOP PHP now before developing bad habits. 2. Use PDO instead of the old mysql functions. 3. Your data is open for SQL injection as it sits. Learn about that and learn how to prevent it. It's easy if you use PDO. 4. As soon as you can(after exploring OOP a bit), learn an MVC framework such as Symfony, Fuel, Laravel, or CodeIgniter. You'll be able to separate your code and maintain it easier later on. 5. You can check out my intro to PHP videos on youtube which cover PDO and a little OOP. http://www.youtube.com/watch?v=jASUZjhZz04&list=PL9D51D102F582F504

=============================================================== From: Tyler Mittan ------------------------------------------------------ Thanks, Randy! When I get back I am going to take a look at the YouTube videos. I was trying to find a good tutorial, but I was just looking at CRUD php tutorials.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 umm, no. If your mysql binary database files are accessible by your web server, you did something horribly wrong. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSDsfAAAoJEMP+wtEOVbcdf3IIAJl3ejk6HWd2TzCtXBMlJFmk nmTE6KF0aU3KNwDg6Ph3TcUAj03ArFPUw1Nf4WuB5+xKeG5QFTQ6eUB6mRlsAsQD sDRKs+KJD9beULtfBNUfDMpqYOYBklCf42n7qtqdTSC0sGrEkewXSje8NzwFJ05y KcTPMMex3oQafAPb1owXIUo3SEWiTv4PZhvlOuoc/6/qNSU7+iHA0qcxoZp5xV1Z Y+lPzl67eUvIPMrdn9KSiVsOPck4e3VpIBYX3/SxA/smf7CK1ae2qkySQs36QZI1 kzhXn9ZJ7ardIsz2hvLDg4YcBxM/DjklA0BdGGoeW1Pds15SF9j6bVFanDjWSsE= =xQaF -----END PGP SIGNATURE-----

=============================================================== From: Stephen Haywood ------------------------------------------------------ I second learning the PDO stuff. You should NEVER UNDER ANY CIRCUMSTANCE = put user controlled data in a SQL or eval statement of any kind ever. -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP 423.305.3700 stephen@averagesecurityguy.info statement manually in mysql? You may need to add VALUES like so: values('{$

=============================================================== From: Jon Stanford ------------------------------------------------------ Why are you using php on android? Android provides a fairly good sqlite v3 implementation. Though the calls should be made off the main thread (asynchronous).

=============================================================== From: Randy Yates ------------------------------------------------------ I'd say he's just trying to learn PHP and MySQL. Side note: If you were using PDO, you could connect to either SQLite or MySQL. Yet another advantage of PDO.

=============================================================== From: Tyler Mittan ------------------------------------------------------ Yeah, I am just trying to get a feel for it. It's pretty fun, actually. Just frustrating sometimes.

=============================================================== From: Dan Lyke ------------------------------------------------------ On Fri, 16 Aug 2013 20:18:04 -0400 Randy Yates wrote:

=============================================================== From: Randy Yates ------------------------------------------------------ When I said that, I was just trying to find the quick fix for his problem. I later warned him that he would have SQL injection issues with a statement like that. I just didn't want anyone to get the idea that I wrote that SQL statement. I was merely pointing out that he was missing the keyword "VALUES" in his pastebin code.

=============================================================== From: Tyler Mittan ------------------------------------------------------ I'm actually glad that this was brought up again. I am trying something new and was wondering how it looks: http://pastebin.com/v3XT3PSD For some reason when I am writing the first stmt it keeps closing the php syntax and then the rest is showing up on the webpage like it is part of the html. How can I get it to stop doing that? When I said that, I was just trying to find the quick fix for his problem. I later warned him that he would have SQL injection issues with a statement like that. I just didn't want anyone to get the idea that I wrote that SQL statement. I was merely pointing out that he was missing the keyword "VALUES" in his pastebin code.

=============================================================== From: Randy Yates ------------------------------------------------------ Tyler, here is a slightly better version of your pastebin code. I haven't tested it to see how it looks, so I may have a mistake here and there. However, notice the use of PDO. Check out the :year, :make, :model, etc in the SQL statement. Then when the $pdo->execute() is executed an array is passed as an argument to tell PDO how to bind the values. http://pastebin.com/W5tas7J9

=============================================================== From: Randy Yates ------------------------------------------------------ If you are seeing code, it could be from the multiple includes of the same file in your code.

=============================================================== From: Tyler Mittan ------------------------------------------------------ Thanks, I am trying out what you sent because it looks cleaner and easier to read. The first if statement being made with the $

=============================================================== From: Tyler Mittan ------------------------------------------------------ Well, right now I have it as if(isset($

=============================================================== From: Randy Yates ------------------------------------------------------ If you are checking the button, you can just check if the button id isset in post, I believe. Like: if(isset($

=============================================================== From: Randy Yates ------------------------------------------------------ buttonId is just my generic term for whatever your button's id is. If it's id='create' then you should just use if(isset($

=============================================================== From: Randy Yates ------------------------------------------------------ What's in inventory.php? You can probably remove that other include.

=============================================================== From: Tyler Mittan ------------------------------------------------------ whoops! sorry forgot to include that. http://pastebin.com/7c5VHCtz

=============================================================== From: Tyler Mittan ------------------------------------------------------ http://pastebin.com/1DReBY32 I took the include out, but the break appears to be happening at the first stmt

=============================================================== From: Randy Yates ------------------------------------------------------ Does your file have a .php extension?

=============================================================== From: Tyler Mittan ------------------------------------------------------ Yes.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What is your php.ini setting for: display

=============================================================== From: Tyler Mittan ------------------------------------------------------ I'm not quite sure honestly. I downloaded a mysql app that came with phpmyadmin and then an app called php editor. It doesn't appear to have any particular settings.

=============================================================== From: Randy Yates ------------------------------------------------------ Your php.ini is your configuration file on the server side. Normally it's in /etc/php5/apache2/

=============================================================== From: Tyler Mittan ------------------------------------------------------ I am looking for it, but can't seem to find it. Is it going to be different because I am using Android rather than an actual computer?

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Create a PHP page that contains this: Regards, dtb

=============================================================== From: Tyler Mittan ------------------------------------------------------ Okay, I created it. What should I do with it now?

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Execute it in a browser. Peruse it. These are your PHP environmental settings. Which libraries are active, location of INI file, memory limits, all kinds of fun things. I'm pretty sure it will answer at least one other question posted to you. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSD8+5AAoJEMP+wtEOVbcdfvUIAJRD7U6VyXR7nTkvNHhS8ZXs o1J/jWB9OXIqFlYXMxjXVODnt+MQTILpKtivf5k+XJNr3vWjYjlrFIXxLPAX9ZRv t73OO/EGZzQRK8I6kTjIAbZjWoc9PNBNVgzLPiZRqr5XKUoT1YiI1+sy6wk1pvPs 4PJXC9OgoyRDjqDjyNEgzr59VTmaNx3UwzzS0n6XMcNWtv1VnxoDdhg+0hApJJzs kosrnsKj22hzlVcguiF2zp19nclDwcVufK5LjFKZMrwGmoSB22hHPwOP3yLlJ4lX i2/J7KHhu+waKXgQzLd8xG44otspXynXxN8wtLWUkEfpiHCjYrvsb+PcxYZQcsg= =Qob9 -----END PGP SIGNATURE-----

=============================================================== From: Tyler Mittan ------------------------------------------------------ Finally got that problem fixed. Wanted to thank you guys for bearing with me. The problem was just working on Android. I am not sure the specific problem, but I moved over to OS X and that problem is gone. I do have another issue I was wondering if somebody might be able to help. Two actually: http://pastebin.com/cvssKyYj least one other question posted to you.

=============================================================== From: Randy Yates ------------------------------------------------------ On the second problem, your connection string for PDO is incorrect. You are missing "dbname=" before the variable containing your database name.

=============================================================== From: Tyler Mittan ------------------------------------------------------ THANK YOU!

=============================================================== From: Tyler Mittan ------------------------------------------------------ I am trying to use a foreach loop, but it's not showing the entire database. Is this because I incorrectly used fetchall? On Aug 18, 2013 4:47 PM, "Tyler Mittan" wrote:

=============================================================== From: Randy Yates ------------------------------------------------------ If you are selected everything in the table, it should work. You can run the fetchAll() without an argument and it will return an array. I'd have to see your code to see why it's not working. You should also get in the habit of creating a user specifically for the database, instead of using the root user. Throwing root at it is easy, but force yourself to do the tedious stuff. Create a database user and grant it privileges to just that database. Also check your php.ini and see what the error

=============================================================== From: Tyler Mittan ------------------------------------------------------ Thanks, Randy. I am just trying to get the hang of php and mysql. When I get a better handle on it, I will really challenge myself. Clearly, though, I don't have that great of a grip on it yet, but I am working on it! I made sure that E

=============================================================== From: Randy Yates ------------------------------------------------------ That's not an array. You are fetching objects.

=============================================================== From: Tyler Mittan ------------------------------------------------------ Yeah, that's why I don't understand why it is just showing the first in my table as opposed to all the info in my table.

=============================================================== From: Randy Yates ------------------------------------------------------ After you save the results to the $results variable, do: print

=============================================================== From: Randy Yates ------------------------------------------------------ Also, I've not used PDO::Fetch

=============================================================== From: Tyler Mittan ------------------------------------------------------ I used print

=============================================================== From: Randy Yates ------------------------------------------------------ actually I see it now..your foreach statement is incorrect

=============================================================== From: Randy Yates ------------------------------------------------------ you have foreach($results as $entry); That semi-colon is ending the statement. You should have: foreach($results as $entry) { }

=============================================================== From: Randy Yates ------------------------------------------------------ Another tip: when you pastebin your code, choose php syntax highlighting. It'll make it easier for us to read.

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If your environment allows it, I'd recommend two users per database. One with read-only privs that you make all your non-updating db calls with. But definitely add a user separate from the database "root" account.

=============================================================== From: Dan Lyke ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 18 Aug 2013 19:30:22 -0400 Dave Brockman wrote: And if you can get into the habit of the two user style, then when it comes time to work off of a master database and a replicated slave, you can point each of those database handles to the appropriate master (writable) and slave (read-only). Dan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJSEZAVAAoJEAvds6IeGLPDfk4IAMABawToieG/LBO087f+6YCH LBtjfQnZdF3Y0C41N9fVc0SiXVwEG/VolVO/AcFcyRygwi4UO3YTkcRc0N9nPSjM qhbR8spAFwQR/7pdPs9URmfiNtERzIEp97V4Rom+K1c5UJRHc9eaQq7d9OIEUYZS Y8zttKgTHTLcds3GRE/pjUl16I7MG920UJgPxnuKwTSO9dkecIiGtGD+CYM3tfp0 YfAPLCFYqvL68slz4WQDk9monExI3Hn3KrDMJQclLcNtB2MABWbvTShK7005RQvq nveMoPvIZqCwyHdCG3CfbKewHNcBkROwCVfHK7mTcBxqa68MsTNHkjP99PI/LNQ= =zH+r -----END PGP SIGNATURE-----

=============================================================== From: Mike Harrison ------------------------------------------------------ Dan spake: That's something we have started to do with our reporting engine, a few reports run off the real time system because they are "today" reports. The rest, either use a slave server on other hardware or an early AM copy of the system. I can't make it read only because of the temporary tables and other silly things I tend to do, but it is limited.

=============================================================== From: Dean Warren ------------------------------------------------------ Guys, You don't know how "Right on Time!" this discussion was. I hope we have MORE newbie questions. Helped me see some things I was blind to before. Thanks for asking the question Tyler and for everyone that contributed. Dean Hope you have a great day, Dean Warren

=============================================================== From: Unkmar ------------------------------------------------------ Also at some point you may have multiple databases running in you SQL server. Maybe, Drupal and Wordpress. That way your Drupal is safe from your Wordpress getting pwned, And/Or vise versa.