Alert line code is not working as I want to show alert on particular condition but code die after that and alert is also not showing. please tell the solution for this.
case "NEW_REC_INSTANCE_PRIPB":
if (!empty($_REQUEST['PRIADCTG']) && !empty($_REQUEST['SEC_CD']) && !empty($_REQUEST['MATCODE']) && empty($_REQUEST['CLIENT_ADD'])) {
$data = array();
$qRSet = $objComm->GET_QUICK_RESULT("SELECT NVL (address_required, 'N') ADDE_REQ FROM " . $_SESSION['DB_USER'] . ".ad_ccpctg WHERE priadctg = '" . $_REQUEST['PRIADCTG'] . "' AND priccpctg = '" . $_REQUEST['SEC_CD'] . "' AND secccpctg = '" . $_REQUEST['MATCODE'] . "'
AND status = 'Y'", 1);
IF ($qRSet['ADDE_REQ'] == 'Y') {
echo '<script type="text/javascript">alert("Client address is required to enter! please check");</script>';
if (!file_put_contents($_SERVER["DOCUMENT_ROOT"] . '/DS/ccpentry_new/AS_PHP/uploadfile/DAA.txt', $qRSet['ADDE_REQ'])) {
echo 'unable to write';
die;
}
$data['ADD_REQ'] = $qRSet['ADDE_REQ'];
} else {
$data['ADD_REQ'] = $qRSet['ADDE_REQ'];
}
}
if ($_REQUEST['actype'] == "FIRST_NEW_REC") {
$newRecInsDet = $objGbl->SET_PUBL_NEWREC_INSTANCE($_REQUEST, "FY");
} else if ($_REQUEST['actype'] == "NEW_REC") {
$newRecInsDet = $objGbl->SET_PUBL_NEWREC_INSTANCE($_REQUEST, "Y");
} else {
$newRecInsDet = $objGbl->savePubData($_REQUEST, '', "", 1, $_REQUEST['INSNUM']);
}
echo json_encode($newRecInsDet);
exit;
break;
case "NEW_REC_INSTANCE_PRIPB":
$new_array = array();
if (!empty($_REQUEST['PRIADCTG']) && !empty($_REQUEST['SEC_CD']) && !empty($_REQUEST['MATCODE']) && empty($_REQUEST['CLIENT_ADD'])) {
$data = array();
$qRSet = $objComm->GET_QUICK_RESULT("SELECT NVL (address_required, 'N') ADDE_REQ FROM " . $_SESSION['DB_USER'] . ".ad_ccpctg WHERE priadctg = '" . $_REQUEST['PRIADCTG'] . "' AND priccpctg = '" . $_REQUEST['SEC_CD'] . "' AND secccpctg = '" . $_REQUEST['MATCODE'] . "' AND status = 'Y'", 1);
IF ($qRSet['ADDE_REQ'] == 'Y') {
$new_array['success'] = false;
$new_array['error'] = 'Client address is required to enter! please check';
if (!file_put_contents($_SERVER["DOCUMENT_ROOT"] . '/DS/ccpentry_new/AS_PHP/uploadfile/DAA.txt', $qRSet['ADDE_REQ'])) {
echo 'unable to write';
die;
}
$data['ADD_REQ'] = $qRSet['ADDE_REQ'];
} else {
$data['ADD_REQ'] = $qRSet['ADDE_REQ'];
}
}
if ($_REQUEST['actype'] == "FIRST_NEW_REC") {
$new_array['success'] = true;
$new_array['data'] = $objGbl->SET_PUBL_NEWREC_INSTANCE($_REQUEST, "FY");
} else if ($_REQUEST['actype'] == "NEW_REC") {
$new_array['success'] = true;
$new_array['data'] =$objGbl->SET_PUBL_NEWREC_INSTANCE($_REQUEST, "Y");
} else {
$new_array['success'] = true;
$new_array['data'] = $objGbl->savePubData($_REQUEST, '', "", 1, $_REQUEST['INSNUM'])
}
echo json_encode($new_array);
exit;
break;
Related
I am generating my MYSQL update statement dynamically in PHP. As I want my application to be secure to SQL injections I want to use the prepared statement function. But as I'm pretty experienced I'm struggling to do so. Below my code so far:
function sqlUpdate($tablename)
{
$connect = sqlConnect();
$updateString = "UPDATE " . $tablename . " SET ";
$columnname = getColumnname($tablename, false, true);
for ($k=0; $k<count($columnname, COUNT_RECURSIVE); $k++)
{
if ($k+1 < count($columnname, COUNT_RECURSIVE))
{
$updateString .= $columnname[$k] . " = '" . mysqli_real_escape_string($connect, $_POST[$columnname[$k]]) . "', ";
}
else
{
$updateString .= $columnname[$k] . " = '" . mysqli_real_escape_string($connect, $_POST[$columnname[$k]]) . "' WHERE " . $columnname[0] . " = '" . mysqli_real_escape_string($connect, $_POST[$columnname[0]]) . "';";
}
}
if(mysqli_query($connect, $updateString))
{
echo "Daten wurden erfolgreich aktualisiert! </br>";
}
else
{
echo "Es ist ein Fehler aufgetreten... </br>";
}
mysqli_close($connect);
}
My code is working fine at the moment but I'm not managing to get it to work with prepared statements. I hope my question is not too stupid. Can somebody share some thoughts how to realize it with my code or do I have to completly overthink my approach?
Sorry again for my noob question...
Thanks!
Thanks to everybody who answered I managed to get it to work. I used the call_user_func_array function and can now generate the prepared statements for UPDATE and INSERT in one function:
function preparedStatement($tableName, $action)
{
$connect = sqlConnect();
$stmt = $connect->stmt_init();
$columnname = getColumnname($tableName, false, true);
for ($k=0; $k<count($columnname, COUNT_RECURSIVE); $k++)
{
$fielddata[] = $columnname[$k];
$fieldvalue[] = $_POST[$columnname[$k]];
}
if ($action == "insert")
{
$fieldvalue[0] = " ";
}
$fieldvalue_join = implode(',', array_map('addquote', $fieldvalue));
$fieldvalue = explode(",",$fieldvalue_join);
$valueCount = count($fieldvalue);
$question_mark = array();
for($i=0; $i<$valueCount; $i++)
{
$question_mark[] = '?';
}
$join_question_mark = implode(",", $question_mark);
$types = '';
foreach($fieldvalue as $param)
{
if(is_int($param))
{
$types .= 'i'; //integer
}
elseif (is_float($param))
{
$types .= 'd'; //double
}
elseif (is_string($param))
{
$types .= 's'; //string
}
else
{
$types .= 'b'; //blob and unknown
}
}
if ($action == "insert")
{
$insertString = "INSERT INTO ".$tableName."(".implode(",",$fielddata).") VALUES (".$join_question_mark.");";
$stmt->prepare($insertString);
$bind_names[] = $types;
}
elseif ($action == "update")
{
$updateString = "UPDATE " . $tableName . " SET ";
for ($k=0; $k<count($columnname, COUNT_RECURSIVE); $k++)
{
if ($k+1 < count($columnname, COUNT_RECURSIVE))
{
$updateString .= $columnname[$k] . " = ?, ";
}
else
{
$updateString .= $columnname[$k] . " = ? WHERE " . $columnname[0] . " = '" . mysqli_real_escape_string($connect, $_POST[$columnname[0]]) . "';";
}
}
$stmt->prepare($updateString);
$bind_names[] = $types;
}
for ($i=0; $i<count($fieldvalue); $i++)
{
$bind_name = 'bind' . $i;
$$bind_name = $fieldvalue[$i];
$bind_names[] = &$$bind_name;
}
call_user_func_array(array($stmt,'bind_param'),$bind_names);
if($stmt->execute())
{
$insert_id=$stmt->insert_id;
$stmt->close();
return $insert_id;
}
else
{
echo "Fehler beim Ausführen der Aktion...";
}
}
function addquote($str)
{
if($str[0]=="'" || $str[0]=='"' && $str[strlen($str)-1]=="'" || $str[strlen($str)-1]=="'" )
{
$str=substr($str,1);
$str=substr($str,0,-1);
}
return sprintf("%s", $str);
}
I am trying to edit student's scores. like the image below. Each time I add the scores to be edited, my loop updates all the scores with only the last score in the form found below the picture of the form, my code and the SQL result when data has been edited.
Below is the code on my controller.
$fetch_session = $this->Home_model->SemesterSession();
$session = $fetch_session[0]->session;
$semester = $fetch_session[0]->semester;
// Form data
$unit = array();
$score = array();
$course = array();
$matno = $this->input->post('matno22');
$dept = $this->input->post('department22');
$level = $this->input->post('level22');
$score1 = $this->input->post('score');
$course1 = $this->input->post('c_code');
$unit1 = $this->input->post('unit');
// for each
for ($i=0;$i<count($course1);$i++) {
$data['score'] = $score1[$i]; //1
$data['unit'] = $unit1[$i];
$data['matno'] = $matno;
$data['level'] = $level;
$data['dept'] = $dept;
$data['course'] = $course1[$i];
$data['semester'] = $semester;
$data['session'] = $session;
if ($data['score'] >=69) {
$data['grade'] = 'A'; //2
$data['remark'] = 'Excellent'; //5
$data['grade_point'] = '5'; //3
$data['quality_p'] = $data['unit'] * $data['grade_point']; //4
} elseif ($data['score'] >= 59) {
$data['grade'] = 'B';
$data['remark'] = 'Very Good';
$data['grade_point'] = '4';
$data['quality_p'] = $data['unit'] * $data['grade_point'];
} elseif ($data['score'] >=49) {
$data['grade'] = 'C';
$data['remark'] = 'Good';
$data['grade_point'] = '3';
$data['quality_p'] = $data['unit'] * $data['grade_point'];
} elseif ($data['score'] >=44) {
$data['grade'] = 'D';
$data['remark'] = 'Fair';
$data['grade_point'] = '2';
$data['quality_p'] = $data['unit'] * $data['grade_point'];
} elseif ($data['score'] >=39) {
$data['grade'] = 'E';
$data['remark'] = 'Poor';
$data['grade_point'] = '1';
$data['quality_p'] = $data['unit'] * $data['grade_point'];
} else {
$data['grade'] = 'F';
$data['remark'] = 'Fail';
$data['grade_point'] = '0';
$data['quality_p'] = $data['unit'] * $data['grade_point'];
}
// Edit The Scores
$query = $this->Home_model->EditResult($data);
if ($query == true) {
$response['Error'] = 'false';
$response['Message'] = 'Result Successfully Modified';
} else {
$response['Error'] = 'true';
$response['Message'] = 'Error Modifying Result';
}
}
echo json_encode($response);
}
here is my model
public function EditResult($data) {
$condition = "matno = " . "'" . $data['matno'] . "' AND " . "course =" . "'" . $data['course'] . "' AND " . "semester =" . "'" . $data['semester'] . "' AND " . "session =" . "'" . $data['session'] . "'";
$this->db->where($condition);
$this->db->update('result', $data);
}
Lastly, This is what happens on my DB table when I update the scores
I'm trying to get value from memcache.
value of $dataOld[$i] is null when I'm trying to read that in if statement outside of if block it contains right value.
This is my code.
My code is for get and send data .
any help will be much appreciated.
<?php
/**
* Created by PhpStorm.
* User: PC1
* Date: 9/18/2018
* Time: 11:57 AM
*/
include 'config.php';
include 'BefrestAuth.php';
include 'Publisher.php';
$memcahe = new Memcache();
$memcahe->connect("localhost", 11211);
$dataNew = json_decode($memcahe->get('keyNew'));
$memcahe->set('keyOld', json_encode($dataNew));
while (true) {
$dataNew = json_decode($memcahe->get('keyNew'));
$dataOld = json_decode($memcahe->get('keyOld'));
if (!$dataNew[0]->price) {
continue;
} else {
$str = "";
$taskolu = array();
for ($i = 0; $i < count($dataNew); $i++) {
if ((int)$dataNew[$i]->price > (int)$dataOld[$i]->price) {
echo "\n".$dataNew[$i]->price."/////".json_encode($dataOld[$i])."\n";
$str .= "name:" . $dataNew[$i]->name . " type:" . $dataNew[$i]->type . " price:" . $dataNew[$i]->price."\n";
array_push($taskolu, $dataNew[$i]);
}
if ((int)$dataOld->price > (int)$dataNew[$i]->price) {
$str .= "name:" . $dataNew[$i]->name . " type:" . $dataNew[$i]->type . " price:" . $dataNew[$i]->price."\n";
array_push($taskolu, $dataNew[$i]);
}
}
if (!empty($str)) {
$dbca = connection();
$dbca->set_charset("utf8");
$rate = "SELECT u.user_chid FROM users u";
$result = $dbca->prepare($rate);
$result->execute();
$res = $result->get_result();
while ($obj = $res->fetch_object()) {
$auth = (string)BefrestAuth::generatePublishAuth($obj->user_chid);
Publisher::publish(11812, $obj->user_chid, $auth, json_encode(array("messages" => $taskolu)));
echo "\n";
}
}
$memcahe->delete('keyOld');
$data=json_encode($dataNew);
$memcahe->set('keyOld', $data);
$dataOld = json_decode($memcahe->get('keyOld'));
}
}
This is bizarre. I am working on a new website using WAMP on my pc and I copy and pasted the database functions I created from another site I worked on.
Below is the function. On this new site I'm getting an error (Notice: Undefined offset: 0) whenever there is nothing that matches in the database. But, on the other site (which is hosted externally) I never get that error (never have and I just tested it specifically to make sure).
Obviously, I could just put the "return $rows[0]" in an if statement to prevent this. But, I would like to know what is causing the problem in case I need to make some changes to the old site! I'm kind of worried!
There's also another difference. On the new site I get an error when the $order is NULL, saying that $s3 is undefined. Again, I can fix it easily by just defining it along with $s1 and $s2 at the beginning. But, it works fine on my other site and has for a long time. What on earth is the difference??
function get_row5($table, $field, $where1, $value1, $where2=NULL, $value2=NULL, $where3=NULL, $value3=NULL, $where4=NULL, $value4=NULL, $where5=NULL, $value5=NULL, $order=NULL) {
$rows = array();
global $conn;
connect();
$s1 = "SELECT $field FROM $table WHERE $where1" . '=' . "'$value1'";
$s2 = "";
if ($where2 != NULL) {
if ($value2 == NULL) {
$s2 = " and $where2 is NULL";
} else {
$s2 = " and $where2" . ' = ' . "'$value2'";
}
}
if ($where3 != NULL) {
if ($value3 == NULL) {
$s2 .= " and $where3 is NULL";
} else {
$s2 .= " and $where3" . ' = ' . "'$value3'";
}
}
if ($where4 != NULL) {
if ($value4 == NULL) {
$s2 .= " and $where4 is NULL";
} else {
$s2 .= " and $where4" . ' = ' . "'$value4'";
}
}
if ($where5 != NULL) {
if ($value5 == NULL) {
$s2 .= " and $where5 is NULL";
} else {
$s2 .= " and $where5" . ' = ' . "'$value5'";
}
}
if ($order != NULL) {
$s3 = " ORDER BY $order LIMIT 1";
}
$sql = $s1 . $s2 . $s3;
$result = $conn->query($sql);
while ($row = $result->fetch_assoc()) {
$rows[] = $row;
}
mysqli_free_result($result);
$conn->close();
return $rows[0];
}
You are geting this error because there is no row return from query you can overcome with following code
function get_row5($table, $field, $where1, $value1, $where2=NULL, $value2=NULL, $where3=NULL, $value3=NULL, $where4=NULL, $value4=NULL, $where5=NULL, $value5=NULL, $order=NULL) {
$rows = array();
global $conn;
connect();
$s1 = "SELECT $field FROM $table WHERE $where1" . '=' . "'$value1'";
$s2 = "";
$s3 = "";
if ($where2 != NULL) {
if ($value2 == NULL) {
$s2 = " and $where2 is NULL";
} else {
$s2 = " and $where2" . ' = ' . "'$value2'";
}
}
if ($where3 != NULL) {
if ($value3 == NULL) {
$s2 .= " and $where3 is NULL";
} else {
$s2 .= " and $where3" . ' = ' . "'$value3'";
}
}
if ($where4 != NULL) {
if ($value4 == NULL) {
$s2 .= " and $where4 is NULL";
} else {
$s2 .= " and $where4" . ' = ' . "'$value4'";
}
}
if ($where5 != NULL) {
if ($value5 == NULL) {
$s2 .= " and $where5 is NULL";
} else {
$s2 .= " and $where5" . ' = ' . "'$value5'";
}
}
if ($order != NULL) {
$s3 = " ORDER BY $order LIMIT 1";
}
$sql = $s1 . $s2 . $s3;
$result = $conn->query($sql);
while ($row = $result->fetch_assoc()) {
$rows[] = $row;
}
mysqli_free_result($result);
$conn->close();
if(count($rows))
return $rows[0];
else
return $rows; //<---empty row
}
The code below is an export tool, I am essentially querying the database of SobiPro, pulling a list of Entries (Companies) and also the associated custom fields.
I have stumbled on an infinite loop here. Some parts are there for simply noting an ID, so disregard the Company/Email/Phone/etc section.
The below information will be exported to CSV, so getting these paired up is crucial.
Here is my code below. Any ideas?
$ideas = mysql_query("SELECT itemid FROM jos_sobi2_item") or die(mysql_error());
while ($row = mysql_fetch_array($ideas)) {
$info[] = $row['itemid'];
}
foreach($info as $item) {
$entryID = $item['itemid'];
$queryfields = mysql_query("SELECT fieldid, data_txt, itemid FROM jos_sobi2_fields_data WHERE itemid = '". $entryID ."'");
//$queryfields = mysql_query("SELECT fieldid, data_txt, itemid FROM `jos_sobi2_fields_data` WHERE `itemid` = '$entryID'");
while ($rowqueryfields = mysql_fetch_array($queryfields)) {
$rowfields[] = $rowqueryfields;
}
foreach($rowfields as $item) {
// Primarily what I need is name, company and contact info such as phone, email fax web!
$contactPerson = '9'; // Name
$city = '3'; // City
$state = '5'; // State
$phone = '10'; // Phone
$email = '7'; // Email
$fax = '11';
$website = '8';
if($item['fieldid'] == 9) {
echo '<strong>Name: </strong>' .$item['data_txt'] . '</br>';
}
if($item['fieldid'] == 3) {
//echo '<strong>City: </strong>' .$item['data_txt'] . '</br>';
}
if($item['fieldid'] == 5) {
//echo '<strong>State: </strong>' .$item['data_txt'] . '</br>';
}
if($item['fieldid'] == 10) {
//echo '<strong>Phone: </strong>' .$item['data_txt'] . '</br>';
}
if($item['fieldid'] == 7) {
//echo '<strong>Email: </strong>' .$item['data_txt'] . '</br>';
}
if($item['fieldid'] == 8) {
//echo '<strong>Website: </strong>' .$item['data_txt'] . '</br>';
}
}
}
Why don't you simply use the SobiPro ImEx App?
Try something like this:
$sql = "SELECT I.itemID, fieldid, data_txt FROM jos_sobi2_item I";
$sql .= " JOIN jos_sobi2_fields_data D on D.itemID = I.itemID";
if( $result = mysql_query( $sql ) ) {
while( $row = mysql_fetch_array( $result ) ) {
switch( $row['fieldid'] ) {
case 9:
echo '<strong>Name: </strong>' .$item['data_txt'] . '</br>';
break;
case 3:
echo //whatever goes here
break;
// other cases
}
} else {
// database error so echo or whatever
}
I haven't tried it so don't blame me for any minor syntax errors ;)
Hope it helps. Have fun...