| Re: Regarding split text and match from data base [message #183939 is a reply to message #183935] |
Wed, 27 November 2013 14:57   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 11/27/2013 12:22 AM, jalaf28(at)gmail(dot)com wrote:
> Hi Jerry
>
> i already Post It
> but now i m post it again..
>
> here is the Code..
>
>
> <?php
>
> $out=shell_exec("arp -a");
>
> $ex=explode(" ",$out);
>
> $j=21;
> $k=32;
>
> $ln=@mysql_connect("localhost","root","");
>
> if(!$ln)
> {
> die("Could not Connect to The Server");
> }
>
> mysql_select_db("mysql") or die("Could Not Connect with database");
>
> $rs=mysql_query("select * from mac_add");
>
>
>
> while($rr=mysql_fetch_array($rs))
> {
> $rsr=mysql_query("select * from mac_add where mac_id= '$ex[$k]'");
> while( $res=mysql_fetch_array($rsr))
> {
>
> echo "<tr><td>" . htmlspecialchars($ex[$j]) . "</td><td>" . htmlspecialchars($res[0]) . "</td> </td><td>" . htmlspecialchars($res[1]) . "</td></tr>" ;
>
> }
>
> $j +=21;
> $k +=21;
>
> }
>
>
> echo "</table></center>";
>
> mysql_close();
>
> ?>
>
OK, your code was posted in another part of the thread, so I wasn't sure
if that was what you were currently using or not.
There are several problems with your code:
1. Don't use '@' in front of function calls. It prevents you from
seeing any errors (even in the log). Rather, your development system
should have display_errors=on in your php.ini file, and your production
system should have display_errors=off.
2. The mysql extension has been deprecated. New code should use the
mysqli extension.
3. You shouldn't use die() in your web scripts. This terminates ALL
processing of your code, including any other html on the page. The
results is either a completely empty page (if your PHP code is at the
start of your page) or invalid HTML. Neither is good. Rather, if the
call fails, use a conditional to go around the code that relies on the
failing command.
4. You should ALWAYS have a root password on your database, even on your
local system.
5. The 'mysql' database is a system database and may be replaced or
changed by any upgrade. You should NEVER use it for your own data.
Create your own database instead.
6. You are depending on absolute positions for the start of your data.
This is almost never good.
7. You fetch the entire table, then loop through the entries but never
use them. Rather, you use this loop to execute additional SELECT
statements.
8. You make multiple calls to SELECT individual mac addresses. This is
less efficient than doing it all in one call.
9. You are not escaping the mac address before using it in the mysql
call. While it's not going to matter here (because the regex does
filtering), it's almost always good to use on strings for safety reasons.
Here is a better version. It uses a regex to get all of the ip and mac
addresses in an array, then selects them. I set this up for CLI output
(for basic testing here), so you'll have to change the display. But
otherwise it should work with few modifications and correcting for the
line wrapping as indicated
<?php
$arp = shell_exec('arp -a');
----
// *1
$res=preg_match_all('/^\s*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\ s+([0-9a-fA-F]{2}\-[0-9a-fA-F]{2}\-[0-9a-fA-F]{2}\-[0-9a-fA-F]{2}\-[0-9a-fA -F]{2}\-[0-9a-fA-F]{2})/m',
$arp, $matches, PREG_SET_ORDER);
// (the preceding should be all one line)
if ($res === false)
echo "Regex error!\n";
else { // *2
if ($link = mysqli_connect("localhost","root","password", "test")) {
// *3
$macs = ''; // *4
foreach ($matches as $match) {
if ($macs != '') // Not the first time through, so
$macs .= ', '; // Add a separator
$macs .= '\'' . mysqli_real_escape_string($link, $match[2]) .
'\''; // Append the next MAC address (again all one line above)
}
if ($macs != '') { // Ensure we actually had some *5
$sql = "SELECT mac_id, mac_name FROM mac_addr WHERE mac_id IN
($macs)"; // one line here also
$res = mysqli_query($link, $sql);
if ($res) { // .. If it worked
while ($data = mysqli_fetch_row($res))
echo $data['mac_id'] . ' ' . $data['mac_name'] . "\n";
}
else
echo "SELECT error: " . mysqli_error($link) . "\n";
}
}
else
echo "Connect error: " . mysqli_connect_error() . "\n";
}
?>
Notes:
1. This regex looks much worse than it is
2. $matches will be an array of arrays
Each array within $matches will contain:
[0] IP MAC_ADDR
[1] IP
[2] MAC_ADDR
3. Use mysqli instead of deprecated mysql.
You can also specify the database here (NOT mysql!)
And ensure you have a password
4. We could just issue multiple SELECT statements, one for each MAC
address. However, this is inefficient. Better is to use the IN
clause to
specify all MAC addresses in one SQL statement
5. $macs will now contain: 'mac1', 'mac2', 'mac3', ...' macx'
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]