1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP from xxx where code error plz help !

Discussion in 'PHP & Perl' started by sedrado, Sep 30, 2012.

  1. sedrado

    sedrado Newbie

    Joined:
    Sep 9, 2012
    Messages:
    10
    Likes Received:
    0
    <?
    if ($_GET["action"] == "send") {
    $text = cs($_POST["text"]);
    $screen_name = cs($_POST["screen_name"]);

    $a = mysql_query("select * from users where oauth_token <>'' order by rand() limit ".$screen_name."");
    $i=0;
    while ($b = mysql_fetch_array($a)) {
    $oauth_token[$i] = $b["oauth_token"];
    $oauth_secret[$i] = $b["oauth_secret"];
    $i++; }




    for ($i=0;$i<$screen_name;$i++) {
    twyolla($oauth_token[$i],$oauth_secret[$i],$screen_name,$text); }
    flush();
    echo "<center><br><font color=green>Tweet Gönderildi.</font></center><br><br></center>";
    // ----------------------------
    }
    ?>

    there was smtg wrong on bold line but what is it ?
    i will send teamviewer for make u solve it..
     
  2. Duckless

    Duckless Newbie

    Joined:
    Jan 28, 2008
    Messages:
    48
    Likes Received:
    5
    I'm no php person, but at a glance it looks like you have an extra " in there
     
  3. randolph60

    randolph60 Junior Member

    Joined:
    May 13, 2011
    Messages:
    191
    Likes Received:
    48
    Try this line instead:

    $a = mysql_query('select * from users where oauth_token <> "" order by rand() limit ".$screen_name."');

    or mask the "
     
  4. artizhay

    artizhay BANNED BANNED

    Joined:
    Nov 21, 2010
    Messages:
    1,867
    Likes Received:
    1,335
    Don't tell him the query's quotations are incorrect when they're not. They are fine.

    I'd like to know what the $screen_name variable is, though. Your query is trying to limit by the screen name ("ORDER BY rand() LIMIT $screen_name") but you can only limit the query by numbers, i.e. only return a certain number of rows: ("ORDER BY rand() LIMIT 5") would be a proper example of using limit.

    I imagine this is probably calling the Twitter API? From my experience, the OAuth info does not change, so I imagine your query is trying to retrieve the OAuth codes for a user?

    If so, your query would simply be:
    ("SELECT * from `users` where `oauth_token`<>'' AND `screen_name`='" . $screen_name . "'")

    Assuming the field for $screen_name is called screen_name

    That's only if $screen_name is holding a username (like my "screen name" would be artizhay). Your for-loop implies that $screen_name is a number, although the variable name implies text data.

    Let us know what these variables are first. Also if the script is throwing an error you should post that as well. Given the current code snippet, there is no established MySQL connection, so I don't know if this is omitted or if you forgot it. Please provide any errors you've been given.
     
    Last edited: Sep 30, 2012
  5. zelma143

    zelma143 Power Member

    Joined:
    Jun 25, 2010
    Messages:
    571
    Likes Received:
    37
    Occupation:
    PHP programmer,Bot maker,iMacro script maker
    try this
    $a = mysql_query("select * from users where oauth_token <> order by rand() limit '$screen_name'");
     
  6. artizhay

    artizhay BANNED BANNED

    Joined:
    Nov 21, 2010
    Messages:
    1,867
    Likes Received:
    1,335
    This would cause an error because the <> operator now has no data to compare oauth_token to, and the limiting offset is now in single quotes, which is improper. You people need to stop giving improper responses if you don't know what you're talking about.
     
  7. cgimaster

    cgimaster Power Member

    Joined:
    Jun 30, 2012
    Messages:
    525
    Likes Received:
    311
    Gender:
    Male
    Please, don't use mysql_* functions for new code. They are no longer maintained and the php community has begun the deprecation process. See the red box? Instead you should learn about prepared statements and use either PDO or MySQLi. If you can't decide, this article will help to choose. If you care to learn, here is good PDO tutorial.

    Like art mentioned, you are also having extra " at your query:

    Code:
    "select * from users where oauth_token <>'' order by rand() limit ".$screen_name.""
    Should be:
    Code:
    "select * from users where oauth_token <>'' order by rand() limit " . $screen_name
    Keep in mind that limit is a number either single or comma separated as in 1,10 that means start and amount and does not work under single quotes and if you do not sanitize it prior to using it you may suffer from sql injections.

    For instance let's say you reuse the limits on your url like:
    Code:
    [URL]http://mysite.com?blabla.php?screen_name=10[/URL]
    Then some one could go for something like:
    Code:
     [URL]http://mysite.com?blabla.php?screen_name=;[/URL] DELETE * FROM table_name;
    By using mysqli or PDO with prepared statments you will avoid this cases at easy.
     
    Last edited: Sep 30, 2012