Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder slappyjaw's Avatar
    Join Date
    Mar 2009
    Location
    Wonderland!
    Posts
    146
    Thanks
    14
    Thanked 3 Times in 3 Posts

    Question mysql quick question

    Hello i just had a quick question what do you do in you when you have a reserved word entered into your mysql to be inserted into a database. i remember someone telling me to back slash it in. Could someone please give me an example. Thank you!

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You just put back ticks around the column name. Not that hard.
    PHP Code:
    $sql "INSERT INTO `table`(`reservedword`,notreservedword) VALUES ('blah','blah2')"
    You can put backticks around table names, and column names.

    Although its better to just not use reserved words in the first place if you can avoid it.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    Regular Coder slappyjaw's Avatar
    Join Date
    Mar 2009
    Location
    Wonderland!
    Posts
    146
    Thanks
    14
    Thanked 3 Times in 3 Posts
    OK thank, you its just that people are going to be inputting information and for one of my insert transactions it inputs the length of a movie file from ffmpeg and it says there's an error inputting the data. I think it is because the $length variable returns 00:00:00 or what ever length. what should i do about that? Thank you!

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    We need to see your code. Are you using mysql_real_escape_string?
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #5
    Regular Coder slappyjaw's Avatar
    Join Date
    Mar 2009
    Location
    Wonderland!
    Posts
    146
    Thanks
    14
    Thanked 3 Times in 3 Posts
    this is my code
    PHP Code:
    <?php include("../Connections/mysql.php");?>
    <?php
    if ($_POST['submit']){
    $ffmpeg "/usr/bin/ffmpeg";

    $target_path "/hsphere/local/home/rubygirl58/slappyjaw.com/videos/orig/";

    $target_path $target_path.basename($_FILES['uploadedfile']['name']); 

    $fileName $_FILES['uploadedfile']['name'];

    $ext substr($fileNamestrrpos($fileName'.') + 1);

    $newfilename basename($fileName$ext);

    $newvideo "/hsphere/local/home/rubygirl58/slappyjaw.com/videos/videos/".$newfilename."flv";

    $image "/hsphere/local/home/rubygirl58/slappyjaw.com/videos/thumbnails/".$newfilename;

    if(
    move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

    exec($ffmpeg." -i ".$target_path." -ar 22050 -ab 32 -f flv -s 320x240 ".$newvideo);

    exec($ffmpeg." -i ".$target_path." -an -ss 00:00:05 -r 1 -vframes 1 -y ".$image."jpg");

    //get duration of video with ffmpeg.
    ////////////////////////////////////
    $videofile $target_path;
    ob_start();
    passthru("/usr/bin/ffmpeg -i \"{$videofile}\" 2>&1");
    $duration ob_get_contents();
    ob_end_clean();

    $search='/Duration: (.*?),/';
    $duration=preg_match($search$duration$matchesPREG_OFFSET_CAPTURE3);
    /////////////////////////////////////////////////////////////
    //get the information that was gathered by the form to submit.

    } else{
        echo 
    "There was an error uploading the file, please try again!";
    }
    ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
    //////////////////////////////////////////////////////// start input transaction //////////////////////////////////
    ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////

    $desription $_POST['description']; 
    $filename basename($newvideo);
    $length $matches[1][0];
    $title $_POST['title'];
    session_start();
    $username $_SESSION['kt_login_user'];
    mysql_select_db($database_mysql$mysql);
    $sql "INSERT INTO videos (description, filename, length, title, username) VALUES ({$desription}, {$filename}, {$length}, {$title}, {$username})";
    mysql_query($sql) or die(mysql_error());
    header("Location:http://www.slappyjaw.com/user_home.php");
    } else {
    header("Location:http://www.slappyjaw.com/video_upload.php");
    }
    ?>

  • #6
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You aren't doing anything to prevent mysql injection. Change this
    PHP Code:
    $sql "INSERT INTO videos (description, filename, length, title, username) VALUES ({$desription}, {$filename}, {$length}, {$title}, {$username})"
    to this
    PHP Code:
    $sql "INSERT INTO videos (description, filename, length, title, username) VALUES ('$desription', '$filename', '$length', '$title', '$username')"
    I suggest you read this tutorial.

    http://www.tizag.com/mysqlTutorial/m...-injection.php
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #7
    Regular Coder slappyjaw's Avatar
    Join Date
    Mar 2009
    Location
    Wonderland!
    Posts
    146
    Thanks
    14
    Thanked 3 Times in 3 Posts
    thank you this is very helpful i am going to need to change stuff on my site cause of this. Thanks for the help


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •