mssql_fetch_row odbc equivalent?

[wesman2232]

I've recently converted my website over to odbc connections from mssql due to the request of our gunz host, he dislikes mssql and prefers odbc =P

My problem is that everything is ok until something uses odbc_fetch_row. They come up blank. I'm assuming this is because the mssql_fetch_row gets the row as an enumerated array while the odbc version does not. What's the fix?

EDIT: I fixed the Total Account and etc, but it apparently is more fucked up than I thought. The whole login function is broken.

PHP Code:

<?php
    $userid = anti_injection($_POST['userid']);
    $password = anti_injection($_POST['password']);
    $sqllogin = odbc_exec($connect, "SELECT UserID, Password FROM Login WHERE UserID='$userid' AND Password='$password'");
    if($userid&&$password){
        if(num_rows($sqllogin)<>0){
            $sql1 = odbc_exec($connect, "SELECT UserID FROM Account WHERE UserID='$userid'");
            $_SESSION['user'] = $userid;
            $sql2 = "SELECT UGradeID FROM Account WHERE UserID='".$_SESSION['user']."'";
            $res = odbc_exec($connect, $sql2);
            $ugid = odbc_fetch_array($res);
            $_SESSION['UGradeID'] = anti_injection($ugid['UGradeID']);
        }else{
            $msg = $logerror['1']; alert($msg);
            redirect("index.php");
            die();
        }
    }else{
        $msg = $logerror['2']; alert($msg);
        redirect("index.php");
        die();
    }
    header("Refresh: 3; url=\"index.php\"");
?>

See anything wrong? I'm just getting the index page refreshed, but not being logged in. And the url says index.php?act=login.

EDIT 2: Checked the sessions stored and it says this
Array ( [count] => 4 [AID] => [PageTitle] => )

[MentaL]

[OJuice]

http://php.net/manual/en/function.odbc-fetch-array.php
this may work 4 ya

but it does exist btw for odbc_fetch_row
http://www.php.net/manual/en/functio...-fetch-row.php

[wesman2232]

I've looked at php.net and odbc_fetch_array doesnt work this way.

[OJuice]

I've looked at php.net and odbc_fetch_array doesnt work this way.

but odbc_fetch_row exists O.o

[wesman2232]

odbc_fetch_row exists, but as I've already said, it doesn't work like mssql_fetch_row, which is why some of my web is having issues.

EDIT: I fixed the Total Account and etc, but it apparently is more fucked up than I thought. The whole login function is broken.

PHP Code:

<?php
    $userid = anti_injection($_POST['userid']);
    $password = anti_injection($_POST['password']);
    $sqllogin = odbc_exec($connect, "SELECT UserID, Password FROM Login WHERE UserID='$userid' AND Password='$password'");
    if($userid&&$password){
        if(num_rows($sqllogin)<>0){
            $sql1 = odbc_exec($connect, "SELECT UserID FROM Account WHERE UserID='$userid'");
            $_SESSION['user'] = $userid;
            $sql2 = "SELECT UGradeID FROM Account WHERE UserID='".$_SESSION['user']."'";
            $res = odbc_exec($connect, $sql2);
            $ugid = odbc_fetch_array($res);
            $_SESSION['UGradeID'] = anti_injection($ugid['UGradeID']);
        }else{
            $msg = $logerror['1']; alert($msg);
            redirect("index.php");
            die();
        }
    }else{
        $msg = $logerror['2']; alert($msg);
        redirect("index.php");
        die();
    }
    header("Refresh: 3; url=\"index.php\"");
?>

See anything wrong? I'm just getting the index page refreshed, but not being logged in. And the url says index.php?act=login.

EDIT 2: Checked the sessions stored and it says this
Array ( [count] => 4 [AID] => [PageTitle] => )

[Solaire]

There's no need to clean the input from the UGradeID as it's a database value, you should only clean user input ($_COOKIE, $_REQUEST, $_GET and $_POST).

As for odbc_fetch_array, it doesn't fetch the fields as a key unlike MySQL and MSSQL extensions. So you'll have to use a numeric index ($ugid[0] in your case).

[wesman2232]

There's no need to clean the input from the UGradeID as it's a database value, you should only clean user input ($_COOKIE, $_REQUEST, $_GET and $_POST).

As for odbc_fetch_array, it doesn't fetch the fields as a key unlike MySQL and MSSQL extensions. So you'll have to use a numeric index ($ugid[0] in your case).

Hmm, thanks for that, I'll go fix some other ones around the web like that, but it unfortunately didn't solve my login, but looking at the code, I don't see what could be wrong.

The weird thing is that I'm not getting any sort of error even when I should from the if else codes, alert is a javascript alert with the message inside, but I never get any. display_errors is on. javscript enabled, etc.

Maybe the num_rows function?

Spoiler:

PHP Code:

    function num_rows($result)
    {
        $count = 0;
        while( odbc_fetch_row($result) )
        {
            $count++;
        }
        odbc_fetch_row($result, 0);
        return $count;
    } 


EDIT: Some of the other parts of the website are fine with the named field part used odbc_fetch_array could you explain how that works? I'm used to mssql, but I really should learn odbc and sqlserv so any help is appreciated.

PHP Code:

<?php
     $sqlt5cr = odbc_exec($connect, "SELECT TOP 5 CLID, Name, Point FROM Clan WHERE DeleteFlag='0' ORDER BY Point DESC,Wins DESC,Losses DESC");
     if(num_rows($sqlt5cr)<>0){
         $count=1;
         while($clan = odbc_fetch_array($sqlt5cr)){
             echo '<tr><td width="5">'.$count.'.</td>';
             echo '<td width="60"><a href="index.php?act=clanmanage&amp;CLID='.$clan['CLID'].'">'.$clan['Name'].'</td>';
             echo '<td width="25">'.$clan['Point'].'</td>';
             $clmemb = "SELECT COUNT(CMID) FROM ClanMember WHERE CLID='".$clan['CLID']."'";
             $memb_res = odbc_exec($connect, $clmemb);
             $memb_row = odbc_fetch_row($memb_res);
             echo '<td width="40">'.$memb_row[0].'</td></tr>';
             $count++;
          }
    }else{
        echo '<tr><td></td></tr>';
    }
?>

[Solaire]

Hmm, thanks for that, I'll go fix some other ones around the web like that, but it unfortunately didn't solve my login, but looking at the code, I don't see what could be wrong.

PHP Code:

var_dump(odbc_fetch_array($res)); die; 


Look at the output of that, it might return false which means something in your query is wrong.

EDIT: Some of the other parts of the website are fine with the named field part used odbc_fetch_array could you explain how that works? I'm used to mssql, but I really should learn odbc and sqlserv so any help is appreciated.

It's simple, instead of field names it uses column indexing. So if your query is as follows:

Code:

SELECT AID, UGradeID FROM Account;

Then $result[0] is AID and $result[1] is UGradeID.

When selecting the entire database entry, the order of the columns are used.

[wesman2232]

PHP Code:

var_dump(odbc_fetch_array($res)); die; 


Look at the output of that, it might return false which means something in your query is wrong.



It's simple, instead of field names it uses column indexing. So if your query is as follows:

Code:

SELECT AID, UGradeID FROM Account;

Then $result[0] is AID and $result[1] is UGradeID.

When selecting the entire database entry, the order of the columns are used.

What if I get nothing in the website?
But in a new file with just the querys needed, I get this:

array(1) { ["UGradeID"]=> string(3) "255" }

It's like it's not setting the session even though session_start() has been called in the index page.
I think the issue might have to do something with $sqllogin and the num_rows function.

These are using named keys though even with using odbc_fetch_array? It's working.

PHP Code:

echo '<td width="25">'.$clan['Point'].'</td>'; 


From my above posted code.

EDIT : I've done some trial and error on a new file called test.php and I've got it to work somehow, but when I add in the extra odbc_fetch_array to fetch the UGradeID, the var_dump starts giving me a bool(false)

PHP Code:

<?php
    if(isset($_POST['userid']))
    {
        $userid = anti_injection($_POST['userid']);
        $password = anti_injection($_POST['password']);
        $sqltest = "SELECT UGradeID FROM Account WHERE UserID='$userid'";
        $sqlres = odbc_exec($connect, $sqltest);
        //Removed = vardump good, Added = bool(false)-----$sqlget = odbc_fetch_array($sqlres);
        $sqltest2 = "SELECT UserID FROM Login WHERE UserID='$userid' AND Password='$password'";
        $sqlres2 = odbc_exec($connect, $sqltest2);
        $sqlget2 = odbc_fetch_array($sqlres2);
        $_SESSION['UGradeID'] = $sqlget['UGradeID'];
        $_SESSION['user'] = $sqlget2['UserID'];
        print_r($_SESSION);
        var_dump(odbc_fetch_array($sqlres)); die;
    }
?>

With $sqlget added in :
Array ( [AID] => [PageTitle] => [UGradeID] => 255 [user] => wesman2232 ) bool(false)
With $sqlget removed :
Array ( [AID] => [PageTitle] => [user] => wesman2232 ) array(1) { ["UGradeID"]=> string(3) "255" }

EDIT 2 :
I think I know whats wrong, I believe it's the way I'm doing the if else statements. But I'm not sure how else to do it.

Example:

PHP Code:

<?php
session_start();
include ("secure/config.php");
include ("secure/functions.php");
include ("language/$language.php");
?>
<html>
<body>
<form action="test.php" method="post">
    <input type="text" name="userid" maxlength="15"/>
    <input type="password" name="password" maxlength="20"/>
    <input type="submit" name="login" value="Login"/>
</form>
</body>
</html>
<?php
    $userid = anti_injection($_POST['userid']);
    $password = anti_injection($_POST['password']);
    if(isset($_POST['submit']))
    {
        $sqltest = "SELECT UGradeID FROM Account WHERE UserID='$userid'";
        $sqlres = odbc_exec($connect, $sqltest);
        //$sqlget = odbc_fetch_array($sqlres);
        $sqltest2 = "SELECT UserID FROM Login WHERE UserID='$userid' AND Password='$password'";
        $sqlres2 = odbc_exec($connect, $sqltest2);
        $sqlget2 = odbc_fetch_array($sqlres2);
        //$_SESSION['UGradeID'] = $sqlget['UGradeID'];
        $_SESSION['user'] = $sqlget2['UserID'];
        print_r($_SESSION);
        var_dump(odbc_fetch_array($sqlres)); die;
    }
    else
    {
        $msg = $logerror['2']; 
        alert($msg);
        //redirect("test.php");
        //die();
    }
?>

Every time I enter the page it says "Please enter username and password" but the if statement still works after the alert is done and I hit login again.

[Solaire]

Execute the query that returns false in MSSQL studio express and see if it throws any error.

[wesman2232]

Execute the query that returns false in MSSQL studio express and see if it throws any error.

The script still works with $sqlget and the $_SESSION['UGradeID'] = $sqlget['UGradeID']; added in, it gives me the UGradeID in the sessions, but it starts throwing a bool(false) error with the var_dump. Not sure if it's conflicting with the $sqlget odbc_fetch_array when it calls that function itself.

My problem now is how even though it's in an else statement, the alert function shows up every time I enter test.php, and after I hit ok, the script still works like it should. I just need that alert function to not start when I enter the page.

I'm not exactly sure how you want me to put it in MSSMSE since it's not going to take the odbc functions, the query itself works fine in it.

[Solaire]

The script still works with $sqlget and the $_SESSION['UGradeID'] = $sqlget['UGradeID']; added in, it gives me the UGradeID in the sessions, but it starts throwing a bool(false) error with the var_dump. Not sure if it's conflicting with the $sqlget odbc_fetch_array when it calls that function itself.

My problem now is how even though it's in an else statement, the alert function shows up every time I enter test.php, and after I hit ok, the script still works like it should. I just need that alert function to not start when I enter the page.

I'm not exactly sure how you want me to put it in MSSMSE since it's not going to take the odbc functions, the query itself works fine in it.

That's because when the submit button is not pressed, the else statement is triggered. I'm not sure what you're trying to archive with that else statement?

[wesman2232]

Ah my friend helped me out a bit. First off, I was using the wrong name for the submit button. I should have used $_POST['login'].

Also, we added in a if(isset($_POST['userid']) && isset($_POST['password']) else show the login form to stop the auto-submitting.

That makes that test page work now, but still isnt working with the actual login when I combine the test stuff with the real one.

My new login.php using the working variables from the test page:

Spoiler:

PHP Code:

<!-- Login Start -->
<?php
    //$connect = connect();
    $userid = anti_injection($_POST['userid']);
    $password = anti_injection($_POST['password']);
    $sqllogin = odbc_exec($connect, "SELECT UserID, Password FROM Login WHERE UserID='$userid' AND Password='$password'");
    if($userid&&$password){
        if(num_rows($sqllogin)<>0){
            $sqltest = "SELECT UGradeID FROM Account WHERE UserID='$userid'";
            $sqlres = odbc_exec($connect, $sqltest);
            $sqlget = odbc_fetch_array($sqlres);
            $sqltest2 = "SELECT UserID FROM Login WHERE UserID='$userid' AND Password='$password'";
            $sqlres2 = odbc_exec($connect, $sqltest2);
            $sqlget2 = odbc_fetch_array($sqlres2);
            $_SESSION['UGradeID'] = $sqlget['UGradeID'];
            $_SESSION['user'] = $sqlget2['UserID'];
        }else{
            $msg = $logerror['1']; alert($msg);
            redirect("index.php");
            die();
        }
    }else{
        $msg = $logerror['2']; alert($msg);
        redirect("index.php");
        die();
    }
    //header("Refresh: 3; url=\"index.php\"");
?>
<div style="text-align:center; padding-top:150px;">
    <img align="absmiddle" src="http://forum.ragezone.com/images/progress.gif">&nbsp;<?php echo $login['1']; ?><br /><br />
    <script language="javascript">
        var time_left = 2;
        var cinterval;
        function time_dec(){
            time_left--;
            document.getElementById('countdown').innerHTML = time_left;
            if(time_left == 0){
                clearInterval(cinterval);
            }
        }
        cinterval = setInterval('time_dec()', 1000);
    </script>
    <?php echo $login['2']; ?> <span id="countdown">2</span>.
</div>
<!-- Login End -->

I still think its something to do with the num_rows and the $sqllogin since it still just redirects me back to the main page.

EDIT: Hmm, maybe it's not. I added in the num_rows check and separated the login form (testing.php) from the login script (test.php) and everything works. but not on my main one. wtf.

test.php:

Spoiler:

PHP Code:

<?php
session_start();
include ("secure/config.php");
include ("secure/functions.php");
include ("language/$language.php");

$userid = anti_injection($_POST['userid']);
$password = anti_injection($_POST['password']);
$sqllogin = odbc_exec($connect, "SELECT UserID, Password FROM Login WHERE UserID='$userid' AND Password='$password'");
if($userid&&$password){
    if(num_rows($sqllogin)<>0)
    {
        $sqltest = "SELECT UGradeID FROM Account WHERE UserID='$userid'";
        $sqlres = odbc_exec($connect, $sqltest);
        $sqlget = odbc_fetch_array($sqlres);
        $sqltest2 = "SELECT UserID FROM Login WHERE UserID='$userid' AND Password='$password'";
        $sqlres2 = odbc_exec($connect, $sqltest2);
        $sqlget2 = odbc_fetch_array($sqlres2);
        $_SESSION['UGradeID'] = $sqlget['UGradeID'];
        $_SESSION['user'] = $sqlget2['UserID'];
        print_r($_SESSION);
    }
    else
    {
        $msg = $logerror['1']; 
        alert($msg);
        redirect("testing.php");
        die();
    }
}
else
{
    $msg = $logerror['2'];
    alert($msg);
    redirect("testing.php");
    die();
}
?>

testing.php:

Spoiler:

PHP Code:

<html>
<body>
<form action="test.php" method="post">
    <input type="text" name="userid" maxlength="15"/>
    <input type="password" name="password" maxlength="20"/>
    <input type="submit" name="login" value="Login"/>
</form>
</body>
</html> 


The test pages work, but the main one doesn't. Even after replacing them. Grr.

[Dave]

You should debug the num_rows function in that case.
var_dump the values and add an exit so you know what's happening in the function.

[wesman2232]

You should debug the num_rows function in that case.
var_dump the values and add an exit so you know what's happening in the function.

I've found out the num_rows function and everything works as the script itself, but something is happening with the way it's doing the form.
I modify the form to use includes/login.php instead of index.php?act=login and the script works, giving me the correct SESSIONs and all, but I cant get it to redirect me back to the index page, and it throws this warning:

Warning: Cannot modify header information - headers already sent by (output started at C:\AppServ\www\DR GunZ Web\includes\login.php:2) in C:\AppServ\www\DR GunZ Web\includes\login.php on line 38

Spoiler:

PHP Code:

<!-- Login Start -->
<?php
    //$connect = connect();
    include("../secure/config.php");
    include("../secure/functions.php");
    include("../language/$language.php");
    $userid = anti_injection($_POST['userid']);
    $password = anti_injection($_POST['password']);
    $sqllogin = odbc_exec($connect, "SELECT UserID, Password FROM Login WHERE UserID='$userid' AND Password='$password'");
    if($userid&&$password){
        if(num_rows($sqllogin)<>0)
        {
            $sqltest = "SELECT UGradeID FROM Account WHERE UserID='$userid'";
            $sqlres = odbc_exec($connect, $sqltest);
            $sqlget = odbc_fetch_array($sqlres);
            $sqltest2 = "SELECT UserID FROM Login WHERE UserID='$userid' AND Password='$password'";
            $sqlres2 = odbc_exec($connect, $sqltest2);
            $sqlget2 = odbc_fetch_array($sqlres2);
            $_SESSION['UGradeID'] = $sqlget['UGradeID'];
            $_SESSION['user'] = $sqlget2['UserID'];
            print_r($_SESSION);
        }
        else
        {
            $msg = $logerror['1']; 
            alert($msg);
            redirect("index.php");
            die();
        }
    }
    else
    {
        $msg = $logerror['2'];
        alert($msg);
        redirect("index.php");
        die();
    }
    header("Refresh: 3; url=\"../index.php\"");
?>

<div style="text-align:center; padding-top:150px;">
    <img align="absmiddle" src="http://forum.ragezone.com/images/progress.gif">&nbsp;<?php echo $login['1']; ?><br /><br />
    <script language="javascript">
        var time_left = 2;
        var cinterval;
        function time_dec(){
            time_left--;
            document.getElementById('countdown').innerHTML = time_left;
            if(time_left == 0){
                clearInterval(cinterval);
            }
        }
        cinterval = setInterval('time_dec()', 1000);
    </script>
    <?php echo $login['2']; ?> <span id="countdown">2</span>.
</div>
<!-- Login End -->

But when I use index.php?act=login act the form action, its doing the usual redirect and have no sessions set stuff.