0

i need some help with PHP

I've got a situation like this:

http://myserveraddress.com/parser.php?name=user_1

this file do some stuff and output a png image, saving it in a folder on my server. Now I need to call my parser in another php file, inside a loop:

   $result = mysql_query("SELECT * FROM users order by name") 
        or die(mysql_error());
    while($row = mysql_fetch_array( $result ))
    {   
        exec('parser.php?name='.$row['name']);
    }

It don't seem to work, it doesn't output nothing and doesn't save anything... How can I fix it?

NaNo666
  • 1
  • 1
  • 1
    If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Nov 04 '15 at 20:49
  • 1
    Have you checked your error logs? Add error reporting to the top of your file(s) right after your opening ` – Jay Blanchard Nov 04 '15 at 20:50
  • Turn on error reporting and look at your errors. Also, this has a *huge* potential for security flaws. If anything in the `users` table ever came from the user (and I'm guessing most of it did, especially the user's name), you're hosed. What happens when the user's "name" is `Bob | do_evil_arbitrary_code_here`? – elixenide Nov 04 '15 at 20:51
  • Ok... It's my host that has disabled exec... Any alternative? @EdCottrell: thanks for the advice, in this particular case however all the stuff in my users table is inserted by me, so it's 95% safe... :) – NaNo666 Nov 04 '15 at 21:00
  • @NaNo666 Yeah, `exec` usually is (and always should be) disabled, as it's very dangerous if not used perfectly. It's not clear enough what you're trying to do to be specific, but you ought to be able to wrap everything in `parser.php` in a function or in a method of a class, then just call that function or method. It's usually a bad idea (for security, performance, and other reasons) to spawn a new process just to run some code more than once. – elixenide Nov 04 '15 at 21:06
  • @EdCottrell: Well, actually I'm a total noob in PHP, I've started programming with it a few days ago. In the next week I'll make a function for my parser and for the other stuff I've made... The security is not really a problem (well... actually I hope so...), all the scripts will be executed only by me, the end user will get only the png file... – NaNo666 Nov 04 '15 at 21:28
  • @NaNo666 If the end user can make requests to `http://myserveraddress.com/parser.php`, you *will* get thoroughly hacked by trying to use `exec` on data that hasn't been sanitized and whitelisted. If you plan to put this on the web, doing it the way you are doing it now *is* really a problem. – elixenide Nov 04 '15 at 21:30
  • HOLY CRAP `exec()` is used to EXECUTE A SCRIPT, not make an HTTP request. [RTFM](http://php.net/manual/en/function.exec.php) when something *don't seem to work* and you will see that your function does not do what you think it does. – Josh J Nov 04 '15 at 21:34

1 Answers1

0

Solved! I've used curl

   $result = mysql_query("SELECT * FROM users order by name") 
        or die(mysql_error());
    while($row = mysql_fetch_array( $result ))
    {   
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, "http://myserveradress.com/parser.php?name=".$row['name']);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        $output = curl_exec($ch);
        curl_close($ch);
    }
NaNo666
  • 1
  • 1