Jump to content


  • Content count

  • Joined

  • Last visited

Community Reputation

1 Neutral

About BrainPill

  • Rank
  1. change column names without changing the type

    My goal is to make column names, tablenames and database names variable. I use escape functions and I created filters myself to avoid wrong input in the database. As an extra security measure I would like to have a few scripts to change column, table and database names , making it easier to mitigate sql attacks. You say the problems stack up quickly. But what do you try to say with that? What problems do you mean?
  2. change column names without changing the type

    I see this as a problem of mysql. Is there a database system that does not have this problem?
  3. If I use the following commands: ALTER TABLE yourtab CHANGE `$colname1` `$colname2` VARCHAR(20) NOT NULL; ALTER TABLE yourtab MODIFY `$colname1` `$colname2` VARCHAR(20) NOT NULL; ALTER TABLE yourtab CHANGE COLUMN `$colname1` `$colname2` VARCHAR(20) NOT NULL; And because I use a variable inside a loop I can change an array of column names. The challenge I'm facing is that VARCHAR or other type formats are obviously obliged. is that true? Is there a possibility to change a column name and keep the type set as the original table create settings?
  4. SHOW COLUMNS with prepared in php

    Hi Roddy. I think your method of querying is (almost) obsolete and I prefer the methods I described.
  5. SHOW COLUMNS with prepared in php

    Using the 2nd option was a useful solution. Thanks for helping me out dsonesuk.
  6. SHOW COLUMNS with prepared in php

    Its the same case as above. I have to arrays. But one array has the wrong output. Its like this: It is all assigned to key value 0. But it should be an array with: 1=> value 2=> next value 3=> next value etc. this is the script I use for it: $pr_ar = array( 0 => 'cola' , 1 => 'colb' , 2 => 'colc' , 3 => 'cold' ) ; $unique = uniqid(); $suf = substr($unique, 0, 11); foreach ($pr_ar as $pre) { // var_dump($pre); $new_col = $pre.$suf; //var_dump($new_col); $cna = array($new_col); var_dump($cna); } how to assign the values to different keys? Please help
  7. SHOW COLUMNS with prepared in php

    This recommendation you give is mysqli and not OOP with prepared statements. Would that be safe? I am not that experienced with php and injection but from reading online my conclusion is that OOP with prepared statements and preferably placeholders was the safest way of programming. But, then again, in which cases is it - regarding security - obliged?
  8. three arrays in 1 foreach loop

    I can not fix this script, because the output is not in sync. I have 3 arrays. 1) present column names. 2) prefix (fixed name). 3) suffix (uniqid value). Can someone explain how exactly I should create a foreach loop in a foreach loop with 3 arrays and fetching the field value from the get_result command as the the value it is related to. This would result in: <---->Present Column Name <-----> New Column Name <---->value1 <--------------------------------> value1_abcd <---->value2 <------------------------------> value2_abcd etc. <?php $prefix_arr = array( 'col_a' , 'col_b' ,'col_c' , 'col_d', 'col_e' , 'col_f' , 'col_g' , ) ; $col2 = uniqid(); $suffix = substr($col2, 5, 11); $servername = "localhost"; $username = "userx"; $password = "pass12345"; $dbname = "test_database"; $conn = new mysqli($servername, $username, $password, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $stmt = $conn->prepare("SHOW COLUMNS FROM table_xyz"); $stmt->execute(); $res = $stmt->get_result(); $pres_colname = $res; // var_dump($prefix_arr); foreach ($prefix_arr as $los_ele){ $prefix = $los_ele; // var_dump($prefix); // var_dump($suffix); $col_new = $prefix."_".$suffix; //var_dump($col_new); foreach ($pres_colname as $val){ $col = $val['Field']; // var_dump($col); ?> <br><input type="text" value =" <?php echo $col; ?>"><input type="text" value ="<?php echo $col_new;?>"> <?php $stmt = $conn->prepare("ALTER TABLE `table_xyz` CHANGE COLUMN `$col` `$col_new` VARCHAR(30) NOT NULL;"); $stmt->execute(); } } //$stmt->close(); $conn->close(); ?> The complicated thing this time is that I need the exact 'Field' value which is an output of get_result, so I can not fit it in.
  9. SHOW COLUMNS with prepared in php

    Hi I would like to know how to fetch all columns from a table. Not the data in the table, but only the names of the columns. I made a script. I tested the query first in the console giving me a good result in the section Field . Can someone please explain how to use this in PHP ? code example: <?php // test set up for fetching column names $servername = "localhost"; $username = "name"; $password = "pass123"; $dbname = "test_database"; // $conn = new mysqli($servername, $username, $password, $dbname); if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } if ($stmt = $conn->prepare("SHOW COLUMNS FROM test_table ")) { $stmt->execute(); $row = $stmt->fetch(); var_dump($stmt); var_dump($row); foreach ($row as $value) { var_dump($value); } } $stmt->close(); $conn->close(); ?> EDIT: I solved the script in the following way. <?php $stmt = $conn->prepare("SHOW COLUMNS FROM test_table"); $stmt->execute(); $res = $stmt->get_result(); var_dump($res); foreach ($res as $val){ $col = $val['Field']; var_dump($col); } ?> You have to remove the if part and the {} and replace it with the code above.
  10. PHPMailer gives an error message

    I found my error. I solved it by adding the following piece of code $mail->SMTPOptions = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ) ); I first tried to improve the old install (which suddenly stopped working some time ago) and then searched in the scripts for verify_peer and found it in the old install. I now realize I can just add it to the script that I initially posted in this thread. Thanks for helping me out
  11. PHPMailer gives an error message

    not sure if this is for my host. I have phpmailer + composer installed under WAMP (windows 10) I checked if I had verify_peer in scripts in the phpmailer directory but nothing was found. I installed the latest version of phpmailer (version 6.0.2) I'm desperate and dont know how to solve this.
  12. PHPMailer gives an error message

    I downloaded a piece of software from github but I can not really get it working, so I would like to get some tips of people who have used this. The name of the script is PHPMailer. I have the latest version. I decided to use gmail for smtp. with autentication. In the troubleshooting they recommended to use composer, but I dont get what / why they want it. What is composer used for? As far as i get it is used to run php commands from a command line. This my script: <?php // Import PHPMailer classes into the global namespace // These must be at the top of your script, not inside a function use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\Exception; //Load composer's autoloader //require 'vendor/autoload.php'; require 'A:\wamp64\www\PHPMailer\src\Exception.php'; require 'A:\wamp64\www\PHPMailer\src\PHPMailer.php'; require 'A:\wamp64\www\PHPMailer\src\SMTP.php'; $mail = new PHPMailer(true); // Passing `true` enables exceptions try { //Server settings $mail->SMTPDebug = 4; // Enable verbose debug output $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = 'smtp.gmail.com'; // Specify main and backup SMTP servers $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = 'my.own.gmail@gmail.com'; // SMTP username $mail->Password = '12345fake'; // SMTP password $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted $mail->Port = 587; // TCP port to connect to //Recipients $mail->setFrom('my.own.gmail@gmail.com', 'My Own Gmail'); $mail->addAddress('recipient.person999@gmail.com', 'John Doe'); // Add a recipient // $mail->addAddress('ellen@example.com'); // Name is optional // $mail->addReplyTo('info@example.com', 'Information'); // $mail->addCC('cc@example.com'); // $mail->addBCC('bcc@example.com'); //Attachments // $mail->addAttachment('/var/tmp/file.tar.gz'); // Add attachments // $mail->addAttachment('/tmp/image.jpg', 'new.jpg'); // Optional name //Content $mail->isHTML(true); // Set email format to HTML $mail->Subject = 'To John Doe (test mail) '; $mail->Body = 'This is the HTML message body <b>in bold!</b>'; $mail->AltBody = 'This is the body in plain text for non-HTML mail clients'; $mail->send(); echo 'Message has been sent'; } catch (Exception $e) { echo 'Message could not be sent.'; echo 'Mailer Error: ' . $mail->ErrorInfo; } ?> when running the script I dont receive an email and I get the following output with a message: 2018-01-05 13:21:25 Connection failed. Error #2: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed [A:\wamp64\www\PHPMailer\src\SMTP.php line 404] SMTP Error: Could not connect to SMTP host. 2018-01-05 13:21:25 CLIENT -> SERVER: QUIT see the complete output here: I'm curious what causes this error and would like to solve it.
  13. change column names of a table

    ok thanks for helping me out
  14. change column names of a table

    My question is, if it is possible, to change the name of the column with MYSQL. (not with php) This is my example: mysql> select * from horses; +------------+---------------+-----------------------+---------------------+---------------------+-----------------------------+ | num | name | location | created_day | changed_day | key_value | +------------+---------------+-----------------------+---------------------+---------------------+-----------------------------+ | 1 | Horse Riding | http://www.camping.fr | 2017-03-30 13:40:16 | 2017-10-19 18:14:57 | Horse, Riding, Woods | | 2 | Horseriding77 | http://www.wine.com | 2017-10-27 10:16:59 | 2017-10-27 10:16:59 | Outdoor, Vacances, Test | | 3 | Horsetours45 | http://www.fake.com | 2017-10-23 16:18:17 | 2017-10-23 16:18:17 | Outdoor, Vacances, Test | | 4 | Horsetours57 | http://www.bing.com | 2017-10-23 17:24:32 | 2017-10-23 17:24:32 | Outdoor, Vacances, Test | | 5 | Horseriding48 | http://www.test.com | 2017-10-25 09:05:18 | 2017-10-25 09:05:18 | Outdoor, Vacances, Test | | 6 | Horseriding67 | http://www.google.uk | 2017-10-27 10:11:18 | 2017-10-27 10:11:18 | Outdoor, Vacances, Test | | 7 | Horseriding52 | http://www.google.es | 2017-10-26 17:00:05 | 2017-10-26 17:00:05 | Outdoor, Vacances, Test | | 8 | Horseriding57 | http://www.google.fr | 2017-10-27 12:13:38 | 2017-10-27 12:13:38 | Outdoor, Vacances, Test | +------------+---------------+-----------------------+---------------------+---------------------+-----------------------------+ 8 rows in set (0.03 sec) mysql> the idea is that for example location as a column name is changed by mysql into other names.
  15. This script shows the fetched data in a modify form. In the old situation I used rec_num wich was corresponding to the record number in the database.table For security reasons I added a uniqid column to the table. So not like under with an input hidden attribute for uniqid. If possible I would like it to be stored in a session variable. This is doable like above, but outside the foreach loop only the last value is stored. How to connect every single uniqid value (for multiple records!) to the separated rec_num without users being able to see the uniqid? $value = $_POST['checkbox_values']; $i=0; foreach ($value as $values) { if (++$i > 10) break ; $element = explode(" / " , $values); $_SESSION['uniqid'] = $element[1]; var_dump($_SESSION['uniqid']); ?> <form action = "" method="post"> <input type ="hidden" name="rec_num[]" value="<?php echo $element[0] ;?>" > <!--<input type ="hidden" name="uniqid[]" value="<?php echo $element[1] ;?>" >--> <input type ="text" name="value1[]" value="<?php echo $element[5] ;?>" > <input type ="text" name="value2[]" value="<?php echo $element[6] ;?>" > <input type ="text" name="value3[]" value="<?php echo $element[7] ;?>" > <input type ="text" name="value3[]" value="<?php echo $element[8] ;?>" > <br> <?php } ?><br> <input type="submit" name="send" value="Modify "> </form>