开发者

PHP/MySQL/PDO - results false but no DB error message?

I have a chunk of code which is performing weirdly. Sometimes it works, sometimes it doesn't. The server has an absolutely ancient copy of PHP (5.1.6, five years old, but with security patches that have been manually backported by Red Hat).

Here's the code, including the debug lines I currently have in it:

<?php
// Includes json_print, which does a json_encode, an 
// appropriate content-type header, prints it, and exits the script.
include_once('json-functions.php');

$uid = $_POST['uid'];

$salted = false;

if(isset($_POST['salted'])){ $salted = true; }

// No uid gi开发者_如何学编程ven.
if(is_null($uid) || $uid === ''){
        $details = array(
            'error' => 1,
            'errorMessage' => 'No unique ID entered.  Please try again.',
        );
        json_print($details);
}

// Validate uid.  Must be 64 digit hexadecimal value.
$pattern = '/^[a-f0-9]{64}$/i';
if(preg_match($pattern, $uid) === 0){
        $details = array(
            'error' => 2,
            'errorMessage' => 'Invalid unique ID.',
        );
        json_print($details);
}


include_once('../db.php');

header('Content-Type: text/plain');

// Is this salted already?
var_dump($salted);

// What's the UID?
var_dump($uid);

if(!$salted){ $uid = hash('sha256', $salt.$uid); }

// Was the UID salted?  (shouldn't be double-salted)
var_dump($uid);

// The query
$SQL = 'SELECT ';

    $SQL .= 'p.patronID AS patronID, ';
    $SQL .= 'uniqueID, ';
    $SQL .= 'status, ';
    $SQL .= 'active, ';
    $SQL .= 'd.name AS department, ';
    $SQL .= 'docdelivery, ';
    $SQL .= 'terms, ';
    $SQL .= 'copyright, ';
    $SQL .= 'lastLogin, ';
    $SQL .= 'updated, ';
    $SQL .= 'TIMESTAMPDIFF(MINUTE, lastLogin, NOW()) AS recency, ';
    $SQL .= 'DATEDIFF(NOW(), updated) AS stale, ';

    $SQL .= 'AES_DECRYPT(first, ?) AS first, ';
    $SQL .= 'AES_DECRYPT(last, ?) AS last, ';
    $SQL .= 'AES_DECRYPT(barcode, ?) AS barcode, ';
    $SQL .= 'INET_NTOA(AES_DECRYPT(ip, ?)) AS ip, ';
    $SQL .= 'AES_DECRYPT(email, ?) AS email, ';
    $SQL .= 'AES_DECRYPT(phone, ?) AS phone, ';
    $SQL .= 'AES_DECRYPT(address1, ?) AS address1, ';
    $SQL .= 'AES_DECRYPT(address2, ?) AS address2, ';
    $SQL .= 'AES_DECRYPT(city, ?) AS city, ';
    $SQL .= 'AES_DECRYPT(state, ?) AS state, ';
    $SQL .= 'AES_DECRYPT(zip, ?) AS zip ';

$SQL .= 'FROM patrons p, departments d ';
$SQL .= 'WHERE department = d.deptID ';
$SQL .= 'AND uniqueID = ?';

$query = $DB->prepare($SQL);

$p = array(
    $key,
    $key,
    $key,
    $key,
    $key,
    $key,
    $key,
    $key,
    $key,
    $key,
    $key,
    $uid,
);

$query->execute($p);

$result = $query->fetch();

// dump the results
var_dump($result);
print "\n\n";

// And any error info
var_dump($DB->errorInfo());
exit;

Here is sample output when it works right:

// Salted is true
bool(true)

// UID is:
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"

// It was not double-salted:
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"

// Results were:
array(46) {
  ["patronID"]=>
  string(1) "126"
  [0]=>
  string(1) "126"
  ["uniqueID"]=>
  string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
  [1]=>
  string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
  ["status"]=>
  string(1) "4"
  [2]=>
  string(1) "4"
  ["active"]=>
  string(1) "1"
  [3]=>
  string(1) "1"

  *** snip! ***

  [21]=>
  string(2) "TX"
  ["zip"]=>
  string(5) "78623"
  [22]=>
  string(5) "78623"
}

// Errors reported?
array(1) {
  [0]=>
  string(5) "00000"
}

And here is sample output when it fails:

 // Salted is true
bool(true)

// UID is:
string(64) "1d6fa3b897b07301a836f5441d23f60e7cb4b52a00ee6d20648fe51b01c769bf"

// It was not double salted
string(64) "1d6fa3b897b07301a836f5441d23f60e7cb4b52a00ee6d20648fe51b01c769bf"

// Results were:
bool(false)

// Error code was:
array(1) {
  [0]=>
  string(5) "00000"
}

I can't figure out why it works for SOME uids, but not for others. Also, in the second example, the result set comes up FALSE, but the database reports error 00000, which means "no error". I already checked to see if the query is being prepared properly, and it is, in both cases.

What am I missing here?


Try running your query directly on your database and check if its ok.


*facepalm*

Okay, I figured it out. The query was failing because of this:

WHERE department = d.deptID

The accounts that didn't work were returning zero results because they had a department ID with no corresponding department in the departments table.

Excuse me, I have a nice serving of crow in the oven. Thanks anyway!


Check $query->errorInfo() after you execute.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜