Quick PHP / Mysql question

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • mkx
    Confirmed User
    • Nov 2003
    • 4001

    #1

    Quick PHP / Mysql question

    I am trying to insert the $array[14] result into my mysql database but it is just inserting $array[14] in plain text instead of the variable.

    Code:
    <?php
    include 'dbconnect.php';
    
    $query  = "SELECT * FROM messages WHERE id=43";
    $result = mysql_query($query);
    
    
    while($row = mysql_fetch_array($result))
      {
      $str = $row['message'];
      }
    
    
    $arrays = (explode(",\"",$str)); //seperates anything with ,"
    $arrays = (explode("\"",$str)); //reseperates anything with "
    
    
    echo $arrays[14]; //prints result 14
    
    
    mysql_select_db($mysql);
    $query = 'INSERT INTO `sms`.`redirects` (`id`, `msg`, `from_num`, `to_num`, `from_country`, `to_country`, `status2`, `time_created`) VALUES (NULL, \'apples\', \'peanuts\', \'[B][U][SIZE="6"]$arrays[14][/SIZE][/U][/B]\', \'\', \'\', \'\', \'\');';
    
    mysql_query($query) or die('Error, insert query failed');
    
    $query = "FLUSH PRIVILEGES";
    mysql_query($query) or die('Error, insert query failed');
    
    ?>
    I tried
    uts\', \'"$arrays[14]"\', \'
    uts\', \'echo $arrays[14]\', \'
    uts\', \'".$arrays[14]."', \'

    and a few other variations but it just gave a http 500 error or inserted it in plain text.

    Incase your wondering about the weird insert command and all the unnecessary back slashes, I got the code from inserting manually into the mysql database and hitting create php code since nothing else was really working.
    Last edited by mkx; 12-16-2009, 10:06 AM.
  • grumpy
    Too lazy to set a custom title
    • Jan 2002
    • 9870

    #2
    try this


    Code:
    $query = 'INSERT INTO `sms`.`redirects` (`id`, `msg`, `from_num`, `to_num`, `from_country`, `to_country`, `status2`, `time_created`) VALUES (NULL, \'apples\', \'peanuts\', \'".$arrays[14]."\', \'\', \'\', \'\', \'\');';
    Don't let greediness blur your vision | You gotta let some shit slide
    icq - 441-456-888

    Comment

    • Fuckin Bill
      Confirmed User
      • Feb 2003
      • 1020

      #3
      You have to enclose an array in curly brackets.

      \'{$array[14]}\'

      You should also use double quotes around the query, then you won't have to escape every single quote in the line.

      Comment

      • mkx
        Confirmed User
        • Nov 2003
        • 4001

        #4
        hmm both suggestions just insert the plain text into the to_num field

        ".$arrays[14]."
        and
        {$arrays[14]}

        I tried doing it with double quotes before but it kept screwing up so I am just copying it from the create php code option in phpmyadmin.

        Last edited by mkx; 12-16-2009, 10:30 AM.

        Comment

        • mkx
          Confirmed User
          • Nov 2003
          • 4001

          #5
          boo ya ka cha
          Code:
          mysql_select_db($mysql);
          $query = "INSERT INTO `sms`.`redirects` (`id`, `msg`, `from_num`, `to_num`, `from_country`, `to_country`, `status2`, `time_created`) VALUES (NULL, 'apples', 'peanuts', '".$arrays[14]."', 'pizza', '', '', '')";

          Comment

          • borked
            Totally Borked
            • Feb 2005
            • 6284

            #6
            single and double quotes.... you're getting all mixed up and confused...

            run this script and see for yourself where your problem lies....

            Code:
            <?php
            
            $array[5] = 'single quote';
            $array[6] = 'double quote';
            
            echo 'This is an echo from within a {$array[5]} <br>';
            echo "This is an echo from within a {$array[6]} <br>";
            
            ?>

            For coding work - hit me up on andy // borkedcoder // com
            (consider figuring out the email as test #1)



            All models are wrong, but some are useful. George E.P. Box. p202

            Comment

            • Bird
              Confirmed User
              • Jan 2005
              • 4365

              #7
              Yes single quotes means literal so if you have '.$string.' the out put will be .$string. With double quotes ".$string." the output would be whatever $string = to
              ICQ:268731675

              Comment

              • JarvisEncoding
                Confirmed User
                • Nov 2009
                • 620

                #8
                Originally posted by borked
                single and double quotes.... you're getting all mixed up and confused...

                run this script and see for yourself where your problem lies....

                Code:
                <?php
                
                $array[5] = 'single quote';
                $array[6] = 'double quote';
                
                echo 'This is an echo from within a {$array[5]} <br>';
                echo "This is an echo from within a {$array[6]} <br>";
                
                ?>
                Agreed. This is the best way from my neighbour.

                Discount Encoding
                The Professional Encoding Service Provider! We are working... You are resting!
                Special Offer For DVD Ripping & Encoding into H.264 Multiple Format!
                Email: [email protected]
                ICQ: 560197599

                Comment

                • JarvisEncoding
                  Confirmed User
                  • Nov 2009
                  • 620

                  #9
                  Originally posted by Bird
                  Yes single quotes means literal so if you have '.$string.' the out put will be .$string. With double quotes ".$string." the output would be whatever $string = to

                  Discount Encoding
                  The Professional Encoding Service Provider! We are working... You are resting!
                  Special Offer For DVD Ripping & Encoding into H.264 Multiple Format!
                  Email: [email protected]
                  ICQ: 560197599

                  Comment

                  • quantum-x
                    Confirmed User
                    • Feb 2002
                    • 6863

                    #10
                    Everyone who has replied to this thread writes code vulnerable to SQL injections - never hire anyone from this thread.
                    PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

                    Comment

                    Working...