0

As I am new to PHP, I want to insert PHP form data that will run on IIS Server than WAMP/XAMP Server, into MS SQL Server.

I have installed all the necessary drivers for PHP to connect MS SQL Server.

The following is the simple code I tried. I am able to connect to the MS SQL Server but cannot perform any operations.

<html>
<head>
<title>PHP Test</title>
</head>
<body>
<form action="md.php" method="post">
    <input name="empName" type="text"><br><br>
    <button name="submit" id="submit" value="submit">Submit</button>
</form>
<?php
$serverName = "MD\MSSQLSERVER,1433";
$conn = new PDO("sqlsrv:Server=$serverName;Database=CTest", "sa", "P@ssw0rd");

if($conn)
{
echo "Connection established.</br></br>";

if(isset($_POST['submit']) && !empty($_REQUEST['emp_name']))
{
    $empName = $_POST['empName'];
    echo $emp_name;
    $sql = "INSERT INTO EMP_DETAILS VALUES('$empName')";
    //$params = array($empName);  
    $stmt = sqlsrv_query($conn, $sql);
    sqlsrv_close($conn);
}

}
else
{
    echo "Connection could not be established.</br>";
    die(print_r(sqlsrv_errors(), true));
}
?>
</body>
</html>

The error log is also empty!

Improve this question
13
  • Try adding if( $stmt === false ) { die( print_r( sqlsrv_errors(), true)); }, after $stmt = sqlsrv_query($conn, $sql); to see if database returns any errors Commented May 18, 2016 at 5:23
  • add error_reporting(E_ALL); after your php starting tag <?php and try back again and let us know if you get any error..! Commented May 18, 2016 at 5:25
  • @Gvidas, I have also tried this earlier. Even now too. But didn't work. No report in error log too. Commented May 18, 2016 at 5:29
  • @UmairShahYousafzai, I did, but no results. Commented May 18, 2016 at 5:30
  • @MohammedAhmedF : Are you sure that your MS SQL Credentials are correct? Try to login through SHELL using the same MS SQL Login credentials in order to confirm that credentials are correct..! Commented May 18, 2016 at 5:32

2 Answers 2

Reset to default
1

Hi,

I guess that it is a permission problem. First check this by inserting this at the beginning of your php script.

echo "Server Software: ".$_SERVER['SERVER_SOFTWARE']."<br>"."Server builtin account: ".exec('whoami')."<br><br>";

Take that user that is indicated and go to IIS Manager - Application Pool. There you change the corresponding user and change from ApplicationPoolIdentity -> advanded settings.

You can see here what I changed to get access via IIS 7.5 to a certain ODBC DNS by changing the default values of ASP.NET 1.1: IIS 7.5 ODBC permissions for ASP.NET 1.1

You could use SQL-Server-Authentication or Windows-Authentication.

You could then use local/system. This will make your application run under NT AUTHORITY\SYSTEM, which is an existing login for the sql database by default or change it to what you prefer. This is the simple way, but naturally you have to consider security too. That then needs further steps. This is only to make it work.

See here the SQL-server-side permissions as an image. Management - database permissions

There are some other prerequisites too, which could perhaps be of importance:

Check PDO support in phpinfo(): "sqlsrv" should be in "enable" list. Connection String: sqlsrv:Server=xxxxxxxxxxx;Database=cTest

PHP Manager in IIS 7.0 Goto PHP Manager ->PHP Extensions->Enable of Disable Extensions ->Disable List Enable your PHP_PDO_SQLSRV_5(xx)_nts.dll.

And it could - in combination with the php versionon you use - depend on the Microsoft Drivers: 3.1, to 2.0 dll files

See https://msdn.microsoft.com/en-us/library/cc296170%28v=sql.105%29.aspx

right drivers

And - if you have to pass a firewall - open port 1433

But I guess that these prerequisites are all met in your environment, for if you get no php error output. IIS simply hangs in a permission problem.

OK - I read your amendment 1 The first thing is the question what user is indicated from your php script.

exec('whoami');

Tell me that please , if you would be so kind. I need that for the further explanation.

OK - I read your amendment 2 NT_AUTHORITY/iusr - ahhh OK - he belongs to IIS_IUSRS group. That is a little bit strange, that IIS 7.5 runs below IUSR. But OK let me reflect a little while. ... It is this one here

IIS IUSR

I never did that for IUSR, but let us try it out. Remember all steps for roll-back.

First go to IIS Manager, click Application Pools and please send me the screenshot of the indicated right side ( the "users"). Normally it would be ASP.NET 1.1. and not IUSR. This is highly insecure!

I need the screenshot, for something very strange seems to be set in your Application Pool identity settings.

See here my message on the try to set IUSR as identity:

IUSR not allowed I have to reflect. Please wait a moment. There is something very strange.

OK - I saw your screenshot and amendment 3

IIS uses IUSR because of PDO permissions - that is OK. So we make it from the other side of SQL Server permissions:

1 Add 'NT AUTHORITY\IUSR' user to security of SQL

2 Set the server role as public or DBcreator and set the mapping of the database(membership of db_owner) which the user can access to as well

SQL Management

Do you know where to make that?

If not - we can try a very simple thing in DefaultAppPool settings. I'm now out of office for two hours.

You can simply try that for the first. It could run if your database permissions include NT_AUTORITY/SYSTEM, which is normally included.

You set this in advanced settings of DefaultAppPool enter image description here

This could simply make it run if the SQL-Server side has these permissions - I guess that it is so.

OK - I read your amendment 4

Now set your connection string user name and password to NULL

$conn = new PDO("sqlsrv:Server=$serverName;Database=CTest", NULL, NULL);

And change this in SQL Management:

Windows and SQL Authentication

I tried it out for SQL EXPRESS:

echo "Server Software: ".$_SERVER['SERVER_SOFTWARE']."<br>"."Server builtin account: ".exec('whoami')."<br><br>";
$serverName = "RWTH-SAP1\SQLEXPRESS,1433";
try {
    $conn = new PDO("sqlsrv:Server=$serverName\SQLEXPRESS;Database=master",NULL, NULL);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e) {
    echo $e;
    die("Error connecting to SQL Server");
}

echo "Connected to SQL Server\n";

And I tried it out for SQL Server 2008 R2

<?php
echo "Server Software: ".$_SERVER['SERVER_SOFTWARE']."<br>"."Server builtin account: ".exec('whoami')."<br><br>";
try {
        $conn = new PDO("sqlsrv:Server=RWTH-SAP1\RWTH-SAP1,1433;Database=ECC", NULL, NULL);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        echo "Connected to SQL Server\n";
    } catch (PDOException $e) {
        echo $e;
        die("Error connecting to SQL Server");
    }


?>

It works in my environment with the settings that we tried out. Can you test it with the corresponding connection string too?

$conn = new PDO("sqlsrv:Server=$serverName\xxxxxxxx;Database=xxxx",NULL, NULL);

<?php
echo "Server Software: ".$_SERVER['SERVER_SOFTWARE']."<br>"."Server builtin account: ".exec('whoami')."<br><br>";
try {
        $conn = new PDO("sqlsrv:Server=RWTH-SAP1\SQLEXPRESS;Database=", NULL, NULL);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        echo "Connected to SQL Server<br>";
        $sqlDB = "CREATE DATABASE testStackoverflow";
        $connSQL = $conn->exec($sqlDB);
        echo "Database Created<br>"; 
        $conn->query("use testStackoverflow");

        // sql to create table
        $sql = "CREATE TABLE MyGuests (
        firstname VARCHAR(30) ,
        lastname VARCHAR(30)  ,
        email VARCHAR(50)     ,
        reg_date TIMESTAMP
        );";
        // use exec() because no results are returned
        $conn->exec($sql);
        echo "Table MyGuests created successfully";
    }
catch (PDOException $e) {
        echo $e;
        die("Error connecting to SQL Server");
    }
$conn = null;
?>

output

result in server

enter image description here

Debug is ok too. So all PDO things work.

What is important too, is that you can change your PHP APP_POOL_ID, which is in my case:

_SERVER["APP_POOL_ID"]  ASP.NET 1.1

here:

_SERVER["APP_POOL_CONFIG"]  C:\inetpub\temp\apppools\ASP.NET 1.1\ASP.NET 1.1.config

Best regards

Axel Arnold Bangert - Herzogenrath 2016

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I tried them. But no results. Yes, you are correct, IIS hangs in a permission problem from MS SQL. But, I did not understand that SQL Permission Configuration part. Can you please elaborate. Thanks.
exec('whoami'); -> nt authority\iusr
Now I am getting this error: [18-May-2016 16:31:01 Asia/Kolkata] PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[28000]: [Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed for user 'sa'.' in C:\inetpub\wwwroot\md.php:23 Stack trace: #0 C:\inetpub\wwwroot\md.php(23): PDO->__construct('sqlsrv:Server=M...', 'sa', 'P@ssw0rd') #1 {main} thrown in C:\inetpub\wwwroot\md.php on line 23
0

I think i have a doubt in query .You should use
$query = "INSERT INTO TABLENAME (id,name) VALUES ('$id','$name')"; like this.

Improve this answer

1 Comment

Thanks. My query is correct as the ID is autoincrement.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.