SQL Populating Issue

Question

iWalletMobile 0 Newbie Poster

14 Years Ago

I am trying to populate a SQL entry with data from a php script but it doesnt work. I have the config file set up right and everything. This is the code I have

<?
include_once "secure/dbconfig.php";

//check md5
$SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxx';
$sig = md5('userId'+":"+'appId'+":"+'SECRET');

if($_REQUEST['sig'] == $sig) {
    $userdata = GetUserInfo($_REQUEST['userId']);
    $conn = ConnectDB();
    $res = mysql_query('UPDATE users SET points + '.$_REQUEST['amount'].' WHERE id = '.$_REQUEST['userId'].''. $connection);
    if($res){
        print "1";
        }else{
        print "0";
    }
    }else{
        print "0";
    }

How would I set up the SQL database in detail?

mysql

Edited 14 Years Ago by iWalletMobile because: n/a

4 Contributors
8 Replies
94 Views
2 Days Discussion Span
Latest Post 14 Years Ago Latest Post by rajarajan2017

tesuji 135 Master Poster

14 Years Ago

Is there any error message at all? Did you use correct server, user name, password?
explain connectDB()

-- tesu

tyson.crouch 6 Junior Poster

14 Years Ago

you may be getting the out put of 0 because $sig is not what is expected.

<?php
    include_once "secure/dbconfig.php";

    //check md5
    $SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxx';
    
    // I think that the php syntax for concatenation is to use the . not the +
    $sig = md5('userId' . ":" . 'appId' . ":" . 'SECRET');

    if($_REQUEST['sig'] == $sig) {
        $userdata = GetUserInfo($_REQUEST['userId']);
        $conn = ConnectDB();
        
        //$res = mysql_query('UPDATE users SET points + '.$_REQUEST['amount'].' WHERE id = '.$_REQUEST['userId'].''. $connection);
        $res = mysql_query('UPDATE users SET points = '.$_REQUEST['amount'].' WHERE id = '.$_REQUEST['userId'].''. $connection);
        if($res){ print "res ok"; }
        else{ print "res not ok"; }
    }else{
        print "sig not ok";
    }

I saw that the concatenation of your sig may have been off. try this and let us know how it goes

Edited 14 Years Ago by tyson.crouch because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

iWalletMobile 0 Newbie Poster · Answer 1 · 2010-06-26T05:53:38+00:00

I have my database info in dbconfig.php and assume it uses the info in there. The information is correct and it posts a 0 after running a script which means it failed to post the information. Not sure why though

tyson.crouch 6 Junior Poster · Answer 2 · 2010-06-27T09:40:22+00:00

Also, there was a + sign in your UPDATE query, when it should have been an = sign

iWalletMobile 0 Newbie Poster · Answer 3 · 2010-06-27T17:36:48+00:00

I tried to run the script with your modifications but it is indeed the sig that is not being rendered correctly. I am trying to send script.php?appId=1111&userId=12345&amount=10&hash=8b44493ab7b37a6e47ca2f8726b87563
where hash = ('userId' . ":" . 'appId' . ":" . 'SECRET');

tyson.crouch 6 Junior Poster · Answer 4 · 2010-06-27T22:34:51+00:00

What exactly are you using $sig for?
Is it simply for identification??

If you could please explain that a little more to me i may be able to get a better understanding on what you actually want to achieve.

thx.

iWalletMobile 0 Newbie Poster · Answer 5 · 2010-06-28T06:53:43+00:00

i am using sig to generate a hash based on the appid userid and and secret and verifying it against the hash that is posted when a request is sent to it.

rajarajan2017 · Answer 6 · 2010-06-28T11:13:28+00:00

UPDATE table_name
SET column1=value, column2=value2,...
WHERE some_column=some_value

The above is the syntax of update statement and you missed column name "=" value in the statment. Also echo all the variables to know whether you get the result of variables.

if (mysql_num_rows($res) > 0) { 
   echo "records found";
}else "records not found"

The above code will confirm whether the query affected the rows or not.