[exec-php] How to use databse queries with exec-php?

  • Resolved gunemalli

    (@gunemalli)


    16 years ago

    Hi, i’m trying to execute the following sql query from the same database that WP is. but to a seperate table not related to WP. I tried everything i can but i’m unable to execute the code.

    $sqlGG = “SELECT stdName,stdNo,sitting,sdMK,isMK,cntMK,(sdMK+isMK+cntMK) AS totMK, ROUND(((sdMK+isMK+cntMK)/3),2) AS avgMK FROM bcs”;
$cxnGG = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die(”Couldn’t Connect to DB”);
$dbGG = mysql_select_db(DB_NAME,$cxnGG) or die(”Eroor : “.mysql_error($dbGG));
$resultGG = mysql_query($sqlGG) or die(”Query failed: “.mysql_error());
while($rowGG = mysql_fetch_assoc($resultGG))
{
echo “
    <tr>
    	<td class=\"row1\">".$rowGG['stdName']."</td>
        <td>".$rowGG['stdNo']."</td>
        <td>".$rowGG['sitting']."</td>
        <td>".$rowGG['sdMK']."</td>
        <td>".$rowGG['isMK']."</td>
        <td>".$rowGG['cntMK']."</td>
        <td>".$rowGG['totMK']."</td>
        <td>".$rowGG['avgMK']."</td>
    </tr>";
    }
	mysql_close($cxnGG);
    ?>

    if i remove the $sqlGG a page gets displayed with errors. but if the sql is there then an internal error/misconfiguration error 500 page is being displayed. pls tell me what ami doing wrong here. i urgently need the page setup on blog.

    Thanks.

    note: i have removed the “” from the sql command.

    https://www.ads-software.com/extend/plugins/exec-php/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter gunemalli

    (@gunemalli)

    pls don’t mind the missing backticks and the < ?php part at the top of the post.

    Thread Starter gunemalli

    (@gunemalli)

    got the issue resolved. it was the backtickes in the sql statement giving the problems.

    but now one more issue. keeping the above code as it is, i get an error in several places. It is:
    Warning: mysql_error(): 10 is not a valid MySQL-Link resource in C:\xampp\htdocs\blog\wp-includes\wp-db.php on line 615

    but if i remove the mysql_close($cxnGG); part from the above code, everything works out real smoothly.

    so my final question is, would this cause any vulnerability issues in the code? i don’t want any hacker getting inside my server nor my databses.

    Thanks a lot people.

    riledhel

    (@riledhel)

    In general, database related vulnerabilities come from not sanitizing your user inputs, most of the time. Not closing inmediately a database connection isn’t a real issue, as the php documentation specifies: “Using mysql_close() isn’t usually necessary, as non-persistent open links are automatically closed at the end of the script’s execution”.

    I think we are making a mistake by just commenting the line with:
    mysql_close()
    what I think it is going on is that we leave the database connection open and if wordpress had other sidebars to parse after that section of code then it will not be able to make use of its wordpress db connection properly.

    So the hypothetical would be how to reload the wordpress native connection before entering that last piece of code, e.g. wp right sidebar or so.

    Anyone?

    I was able to solve my problem modifying the function on my database manipulation to include the mysql_select_db function and commenting the mysql_close function safely.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[exec-php] How to use databse queries with exec-php?’ is closed to new replies.