Menu
Community /Pin to ProfileBookmark
@NogDogApr 22.2012 — #
So as always, check your query return value for false first and handle any failures accordingly (debug output to log file, failure message to user, etc.).@NogDogApr 22.2012 — #If the api key is incorrect, then nothing gets output. Maybe you need an else that returns "invalid api key" or some other indicator to check for in your cURL response?
PS: And I hope you are sanitizing the inputs before you use them in your query? @NogDogApr 23.2012 — #Any value that comes from an external source you do not have 100% control over must be sanitized. (And what the heck, why not sanitize those you [i]think[/i] you have 100% control over, just in case?)
One of the easiest ways is to make use of prepared statements with bound parameters (available via the MySQL[b]i[/b] extension or the PDO extension). If that is not practical, you can make use of mysql_real_escape_string() for the "regular" MySQL extension, and in cases of values that should be integers or floats, simply cast them as such before using them:
Help w/ Simple Curl API
I’m trying to adapt an existing cURL API script to my site and am having some trouble generating the results that I need. And help would be greatly appreciated. Thank you.
Here’s the API script on the user site that checks the other site for database matches:
[CODE]// Open curl connection and set up your request
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, count($values));
curl_setopt($ch, CURLOPT_POSTFIELDS, $values_string);
// Execute the request
$result = curl_exec($ch);
if ($result === false) {
// There was an error — probably a typo
} elseif ($result == 1) {
// There was no match
} elseif ($result == 0) {
// There was a match
} else {
// Nothing happened
}
I’m passing some data in the $values_string array (apikey, id1, id2) for the query to run on the other site.
And here is the mysql query on the other site:
[CODE]if ($apikey == “123456789”) {
$query = “SELECT * FROM table WHERE field1=$id1 AND field2=$id2”;
$result = @mysql_query($query);
if ($result && @mysql_num_rows($result) > 0) {
// There is a match – what do I do here?
} else {
// There is no match – what do I do here?
}
}
I’d really like to be able to generate the four different results from the second page. Obviously, I’m missing some basic understandings of how the cURL script works. (For instance, when I test with the wrong apikey, the API returns a 1 — which should only be returned when the apikey is correct and there is no match from the query.
Thank you for your help!
Sign in
to post a comment8 Comments(s) ↴
0
@NogDogApr 22.2012 — #[code=php]
if ($result
[/code]...is testing whether or not the query was successfully executed, not whether or not it returned anything; so if it is failing (e.g. due to a syntax error -- perhaps due to no value for $id1 or $id2), then you'll fall through to the else block.So as always, check your query return value for false first and handle any failures accordingly (debug output to log file, failure message to user, etc.).
0
@NogDogApr 22.2012 — #PS: And I hope you are sanitizing the inputs before you use them in your query?
0
@NogDogApr 23.2012 — #Any value that comes from an external source you do not have 100% control over must be sanitized. (And what the heck, why not sanitize those you [i]think[/i] you have 100% control over, just in case?)One of the easiest ways is to make use of prepared statements with bound parameters (available via the MySQL[b]i[/b] extension or the PDO extension). If that is not practical, you can make use of mysql_real_escape_string() for the "regular" MySQL extension, and in cases of values that should be integers or floats, simply cast them as such before using them:
[code=php]
$sql = sprintf(
"SELECT * FROM some_table WHERE id=%d and type='%s'",
(int) $_GET['id'], // cast to integer
mysql_real_escape_string($_GET['type']) // escape a string
);
$result = mysql_query($sql);
[/code]