Home General support

zp-core/functions-db.php interference with external mysql

natenewz Member
in General support
I was making a theme for zenphoto that looks like my website, and part of the sidebar on my website uses some mysql stuff. Putting that and zenphoto together resulted in a lot of db errors for zenphoto. To fix it, I added `global $mysql_connection` at the top of `getWhereClause($unique_set)` line 179, and then on 185, changed `mysql_real_escape_string($value)` to `mysql_real_escape_string($value, $mysql_connection)` so that is uses that link resource from then on.
It would probably be good programming practice to go through that function and give all of the sql functions that will take it the global `$mysql_connection` link identifier.

Comments

  • acrylian Administrator, Developer
    Well, we of course don't know what in detail you did or what you use to run your main site.

    You can do everything mysql related via our class methods. These are the two ways we recommend to use Zenphoto with another system.
    http://www.zenphoto.org/2008/01/hacks/#zenphoto-as-plugin
    http://www.zenphoto.org/2008/01/hacks/#integrating-zenphoto- into-wordpress

    We basically use the second way on zenphoto.org.
  • natenewz Member
    I don't do anything too fancy with my site. It is www.psi-akl.com and the gallery page is a link to the zenphoto directory with a copy of the default theme activated that I added my style sheet and some html to so that zenphoto appears in the content div. But many times throughout functions-db functions such as http://us3.php.net/mysql_real_escape_string are called without passing the identifier in. Since I use a db connection to populate the events on my sidebar, it was the last actively used connection, and for some reason mysql_real_escape was trying to perform it's own mysql_connect() with no arguments.

    link_identifier

    The MySQL connection. If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If by chance no connection is found or established, an E_WARNING level error is generated.

    That means it was trying to connect to the db with www-data@localhost. This was throwing permission denieds all over the page. that global mysql_connection variable is the link identifier that will cause it to use the defined user name and password.
  • acrylian Administrator, Developer
    Well, actually Zenphoto has settings for the database connection etc. which are stored in the zp-config.php file within zp-core and are actually generated by the setup script when installing. All Zenphoto functions make use of that. Actually no need to pass anything else directly.

    If there is "localhost" that surely means the default value is still there which of course will not work on most (shared) hosts. At least I have never heard of that issue before and we have many users using Zenphoto that way with Wordpress etc.

    Please check if that file is correctly fill with data and if setup reports any issues (since you didn't tell I assume you use Zenphoto 1.2.5. If not please upgrade.).
  • sbillard Member
    Why don't you just put the Zenphoto tables in the same database you are using for your sidebar stuff? That is what the table prefix is all about.
  • natenewz Member
    My zp-config file is correct, it's my own server, and so I can use localhost.

    I am using 1.2.5

    It has nothing to do with table prefixes. The problem is that zenphoto is making one db connection, and my sidebar code is making another. And since the zenphoto source makes a call to the mysql_real_escape_string function without passing in the available global link identifier (unique to zenphoto's db connection) it was trying to use my sidebars db connection. if you read the section on link identifiers that I block quoted you will see that it uses the last called connection if no link identifier is passed.

    Zenphoto should consistently pass the resource $link_identifier into it's database function calls for good programming practice, and to prevent problems such as this one.

    Here is the fix to functions-db.php in zp-core

    `

    /**

    * Constructs a WHERE clause ("WHERE uniqueid1='uniquevalue1' AND uniqueid2='uniquevalue2' ...")

    * from an array (map) of variables and their values which identifies a unique record

    * in the database table.

    *@param string $unique_set what to add to the WHERE clause

    *@return contructed WHERE cleause

    *@since 0.6

    */

    function getWhereClause($unique_set) {

    global $mysql_connection;

    if (empty($unique_set)) return ' ';

    $i = 0;

    $where = ' WHERE';

    foreach($unique_set as $var => $value) {

    if ($i > 0) $where .= ' AND';

    $where .= ' ``' . $var . '` = \'' . mysql_real_escape_string($value, $mysql_connection) . '\'';
    $i++;
    }
    return $where;
    }
Sign In or Register to comment.