Using xampp, any ideas what this error is about when trying to start the mysql service...
Fatal error: Can't open and lock privilege tables: Table 'mysql.host' doesn't exist
Dave
[web] Sessions In PHP [ retitled ]
It means something is messed up with your GRANT tables. Those tables manage who can use the database and who cannot. Go to the directory where XAMPP is installed and go to the mysql folder. Inside it should be another mysql folder. In that, there should be a folder for each database that you created. One of those databases is called mysql. You don't normally see that when you use phpMyAdmin or some other database manager. Make sure that the files inside the mysql folder can be read and written by mysql.
Did you install XAMPP right? Did you execute mysql_install_db or whatever install scripts XAMPP uses? The most common cause of this error seems to be that MySQL wasn't installed properly.
Did you install XAMPP right? Did you execute mysql_install_db or whatever install scripts XAMPP uses? The most common cause of this error seems to be that MySQL wasn't installed properly.
Author
I have reinstalled xampp. I think i accidentally removed one of the important tables from my sql manager.
Quote:Original post by Mattman
Never EVER allow user content directly into a SQL statement like this. The reason is that I could easily enter something like this for password text field:SomePass' OR '1'='1
That would cause the query to become this:select * from USERTABLE where UserName = 'SomeUser' and Password = 'SomePass' OR '1'='1'
Look up SQL injection for details about this kind of attack. To prevent it, use the PHP escape_slashes() function. (At least, I think this is what it's called...maybe escape_quotes() or str_escape() or something like that.)
Magic quotes should fix that, but I tend to use $var = htmlspecialchars(stripslashes($var), ENT_QUOTES); on top of this so that I will never insert a ' into an SQL statement, even if I think it's correctly escaped (with the added advantage that your database results can be displayed on a page without any further translation).
Quote:Original post by benryves
Magic quotes should fix that, but I tend to use $var = htmlspecialchars(stripslashes($var), ENT_QUOTES); on top of this so that I will never insert a ' into an SQL statement, even if I think it's correctly escaped (with the added advantage that your database results can be displayed on a page without any further translation).
Thanks benryves :) I couldn't quite remember how I've done it in the past...it's been awhile!
mysql_string_escape($Var); is also a good function to use.
At any rate, are there any 'good' books about PHP/MySql game development? I've read a few that center mostly around ecommerce.... but maybe writting such a book would make for a good group gdnet project. I know I'd be interested in doing something like that.
At any rate, are there any 'good' books about PHP/MySql game development? I've read a few that center mostly around ecommerce.... but maybe writting such a book would make for a good group gdnet project. I know I'd be interested in doing something like that.
Yes, use mysql_string_escape. Never *ever* rely on magic quotes or any of that. In fact, if you can, turn magic quotes off or in you can't, unquote all your magic quoted strings. Magic quotes is the root of all evil. You should properly escape the string for whatever you are using it. For mysql, that means the mysql_string_escape() function.
Quote:Original post by SanderI cannot disable them - would you say that my technique of $var = htmlspecialchars(stripslashes($var), ENT_QUOTES); is not wise?
...In fact, if you can, turn magic quotes off or in you can't, unquote all your magic quoted strings.
It'll do..... but this is the Right Thing(tm):
if (get_magic_quotes_gpc()){ $var = strip_slases($var);}$var = mysql_escape_string($var);This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
