I have simple restful api with php
<?php
require "../ConfigBaza.php";
$proizvodid = $_GET['proizvodid'];
$naziv = $_GET['naziv'];
$pdv = $_GET['pdv'];
$aa = $_GET['akcijski_artikal'];
$a = $_GET['aktivan'];
$slika = $_GET['slika'];
$jm = $_GET['jm'];
$opis = $_GET['opis'];
$katbr = $_GET['katbr'];
$sql = "INSERT INTO Proizvod (PROIZVODID, NAZIV, PDV, AKCIJSKI_ARTIKAL, AKTIVAN, SLIKA, JM, OPIS, KATBR) VALUES ('$proizvodid', '$naziv', '$pdv', '$aa', '$a', '$slika', '$jm', '$opis', '$katbr')";
if($mysqli->query($sql))
{
echo("1");
}
else
{
echo("0" . "<br>");
echo("PROIZVODID = " . $proizvodid . "<br>");
echo("NAZIV = " . $naziv . "<br>");
echo("PDV = " . $pdv . "<br>");
echo("Akcijski Artikal = " . $aa . "<br>");
echo("Aktivan = " . $a . "<br>");
echo("SLIKA = " . $slika . "<br>");
echo("JM = " . $jm . "<br>");
echo("OPIS = " . $opis . "<br>");
echo("KATBR = " . $katbr . "<br>");
}
?>
And when i enter url like this:
/Php/Proizvodi/Novi.php?proizvodid=3410&naziv=REVIZIJA%20200*200%20GIPS&pdv=20&akcijski_artikal=1&aktivan=1&slika=&katbr=74-1800%20P%20#2.012N3IZ&jm=kom&opis=Revizioni%20otvor
It doesn't execute sql and for some reason jm returns blank and opis returns blank even if doesn't need to.
I think you might be looking for something along these lines https://www.designcise.com/web/tutorial/how-to-get-key-value-pair-from-url-query-string-in-php
In this example they use parse_str($_SERVER['QUERY_STRING'], $output); to get the raw values without url encoding.
I believe it is to do with having the # in the url string.
The server can't access the variables beyond the #, they are only accessible from the front end.
Hope this helps.
Related
I'm writing some html+php code but this part seems to be causing error. Do you see something wrong?
$sql = "SELECT p.seccio_id, count(*), sum(r.preu)
FROM report r, persona p
WHERE r.usuari_upc = p.persona_id
and r.any = " . $_POST["any"] . "
and r.mes = " . $_POST["mes"] . "
and p.any_id = '"
if ($_POST["mes"] < 9) echo ($_POST["any"] - 1) . "-" . $_POST["any"] . "'";
else echo $_POST["any"] "-" . ($_POST["any"] + 1) . "'";
"GROUP BY p.seccio_id
ORDER BY p.seccio_id";
You have to split it up:
$sql = "SELECT p.seccio_id, count(*), sum(r.preu) FROM report r, persona p WHERE .usuari_upc = p.persona_id and r.any = " . $_POST["any"] . " and r.mes = " . _POST["mes"] . " and p.any_id = '";
if ($_POST["mes"] < 9)
$sql .= ($_POST["any"] - 1) . "-" . $_POST["any"] . "'";
else
$sql .= $_POST["any"] "-" . ($_POST["any"] + 1) . "'";
$sql .= " GROUP BY p.seccio_id ORDER BY p.seccio_id";
P.S. Your sql is vulenarable to SQL injection.
I have made a database connection in php and FETCH parts like story and id.
the URL forms ok without '&' but fails when '&' is added in the URL.
Here is my php code with '&id=' added in the URL
$fullurl = /cms/page.php . '?chapter=' . $row['story'] . '&id=' . $row['id'];
Can someone put me right about the correct syntax...
The error is pretty obvious
$fullurl = /cms/page.php . '?chapter=' . $row['story'] . '&id=' . $row['id'];
should be changed so that all text is within the citation marks..
$fullurl = '/cms/page.php?chapter=' . $row['story'] . '&id=' . $row['id'];
Otherwise you will end up in an error.
Also please, consider using error_reporting(E_ALL); when debugging.
The part: /cms/page.php is not a string.... and thus is wrong. You could just change it to something like this:
<?php
// NOTICE THAT THE PART "/cms/page.php" IS NOW EMBEDDED IN QUOTES (STRING)
$fullurl = "/cms/page.php" . '?chapter=' . $row['story'] . '&id=' . $row['id'];
// OR EVEN COMPACT IT LIKES SO:
$fullurl = "/cms/page.php?chapter=" . $row['story'] . '&id=' . $row['id'];
poiz
it still didnt work but i found i dont need to fetch from NEWS_ARTICLES. In fact my variables are already fetched as you see below...
Here is my actual code.
$sql = "SELECT old,title,story,shortstory,author,origauthor,ip,timestamp,allowcomments,short,approved,viewcount,rating,archive date,neverarchive,archived,id,
" . NEWS_USERS . ".user AS authorname,
" . NEWS_USERS . ".avatar AS authoravatar,
commentcount AS comments
FROM " . NEWS_ARTICLES . " INNER JOIN " . NEWS_USERS . " ON " . NEWS_ARTICLES . ".author = " . NEWS_USERS . ".uid WHERE id IN (";
if($nocats == "1"){
$sql .= "SELECT id AS storyid FROM " . NEWS_ARTICLES . " WHERE id NOT IN (SELECT storyid FROM " . NEWS_GROUPCATS . " WHERE type = 'news') UNION ";
}
$sql .= "SELECT storyid FROM " . NEWS_GROUPCATS . " WHERE type = 'news' AND catid IN (SELECT catid FROM " . NEWS_GROUPCATS . " WHERE type = 'rss' AND storyid = ?) ) AND archived = '0' ORDER BY timestamp DESC LIMIT 0, $rssamount";
$newsstories = DataAccess::fetch($sql, $feedid);
foreach($newsstories AS $row){
if(FRIENDLY){
$fullurl = $newslocation . $prefix . $row['id'] . "-0-" . makefriendly($row[title]);
}else{
$fullurl = $newslocation . '?epic-code=' . $row['shortstory'] . '&id=' . $row['id'];
}
'&id' gives...
error on line 12 at column 85: EntityRef: expecting ';'
'id' gives...
[a link] http://www.example.com//stock-charts/share-charts.php?epic-code=ALTPid=3360
the & is missing ....
The below php database query (from phpMyAdmin) only brings back one value (the first one or the oldest) into amcharts:
<?php
class custom_class2
{
var $charts; // reference to the calling object.
function customfunction2($content,$conf)
{
global $TSFE;
$TSFE->set_no_cache();
// do whatever you want here
// db connection
mysql_connect("hostname", "username", "password");
mysql_select_db("database name");
//db abfrage
$query = "
SELECT
YEAR(datetime) AS dy,
MONTH(datetime) -1 AS dm,
DAY(datetime) AS dd,
HOUR(datetime) AS th,
MINUTE(datetime) AS tm,
temp,
hum,
pressure
FROM stock1
ORDER BY datetime
";
// NEW: Variable definition
$zeilenzaehler = 1;
// output of the rows
$result = mysql_query($query) OR die("Error: $query <br>" . mysql_error());
while ($row = mysql_fetch_array($result))
{
// return
if ($zeilenzaehler != 1)
{
$content.= ",";
}
$content.= "{date: new Date(" . $row['dy'] . "," . $row['dm'] . "," . $row['dd'] . "," . $row['th'] . "," . $row ['tm'] . "),t:" . $row['temp'] . ",h:" . $row['hum'] . ",p:" . $row['pressure'] . "}";
return $content;
// Variable now on 2
$zeilenzaehler = 2;
}
}
}
?>
Everything else looks like its working fine. Many thanks for the help
You return the first found result in your while-loop. That is why you have just one result. Also as mysql_* functions are depreceted consider switching to
mysqli_* or PDO.
I am adding code from your request:
<?php
class custom_class2
{
var $charts; // reference to the calling object.
function customfunction2($content,$conf)
{
global $TSFE;
$TSFE->set_no_cache();
// do whatever you want here
// db connection
$mysqli = new mysqli("hostname", "username", "password", "database name");
if ($mysqli->connect_error) {
// your error handling here
}
//db abfrage
$query = "
SELECT
YEAR(datetime) AS dy,
MONTH(datetime) -1 AS dm,
DAY(datetime) AS dd,
HOUR(datetime) AS th,
MINUTE(datetime) AS tm,
temp,
hum,
pressure
FROM stock1
ORDER BY datetime
";
// NEW: Variable definition
$zeilenzaehler = 1;
// output of the rows
$result = $mysqli->query($query);
if (FALSE === $result) {
// you can put different error handling here
echo 'Error: ' . $query . ' ' . $mysql->error);
die();
}
$total = array();
while (NULL !== ($row = $result->fetch_array()))
{
// return
if ($zeilenzaehler != 1)
{
$content.= ",";
}
$content.= "{date: new Date(" . $row['dy'] . "," . $row['dm'] . "," . $row['dd'] . "," . $row['th'] . "," . $row ['tm'] . "),t:" . $row['temp'] . ",h:" . $row['hum'] . ",p:" . $row['pressure'] . "}";
// return $content;
// if you not return the first result you can gather results in array, so array will contain every row in result, $total[0], $total[1]...:
// $total[] = $content; or:
$total[] = "{date: new Date(" . $row['dy'] . "," . $row['dm'] . "," . $row['dd'] . "," . $row['th'] . "," . $row ['tm'] . "),t:" . $row['temp'] . ",h:" . $row['hum'] . ",p:" . $row['pressure'] . "}";
// Variable now on 2
$zeilenzaehler = 2;
}
$result->free();
return $total; // return all rows
}
}
?>
Hi im unable to apply array_diff() for when user edits the stockroom detail to replace with the new result.
Here is the edit function where i call out all the variables via sql.
function einv_editStockrm($srid,$code,$name,$desc,$remark,$cat)
{
//connect to database
base_connectDatabase();
$User = base_getUserDetail($_SESSION['uID']);
$Stockroom = einv_getStockrmDetail($srid);
base_executeSQL("UPDATE einv_stockroom
SET einv_stockrm_code='" . $code . "',
einv_stockrm_name='" . $name . "',
einv_stockrm_desc='" . $desc . "',
einv_stockrm_remark='" . $remark . "',
einv_stockrm_cat = '" . $cat . "'
WHERE einv_stockrm_id=" . $srid . "");
base_addTransactionLog('Manage Stock Room', 'Edit',
"
Stock Room Code = " . $code . " ||
Stock Room Name = " . $name . " ||
Stock Room Description = " . $desc . " ||
Stock Room Remark = " . $remark . " ||
Stock Room Category = " . $cat . "
");
Here is the array_diff() function. There may be unnecessary calling and/or lack of coding..not too sure. This set of codings result in no output. The server basically crashes. Any help on this?
//oldsr is existing stockroom data
//newsr is new stockroom data through edit function
//resultsr is the end result
<?php
$StockroomGetAllDetails = array();
$arr2 = einv_getStockrmDetailFromCode($stockroomCode);
$codearr = explode(",", $arr2['einv_stockrm_code']);
$oldsr = array($codearr);
$newsr = array($codearr);
$resultsr = array_diff($newsr, $oldsr);
if(!count(array_diff($oldsr, $newsr)) && !count(array_diff($newsr, $oldsr))) {
// Arrays are equal
} else {
// Array values are different
echo $resultsr;
}
?>
This code is for redirect.
//go to stock room page
echo '<script type="text/javascript">' . "\n";
echo 'window.location="../einventory/view_stockrm.php?id='. $srid .'";';
echo '</script>';
//close the database
base_closeDatabase();
}
This set of codes able to display the new datas added and removed accordingly :)
$oldCat = $Stockroom["einv_stockrm_cat"];
$oldCatArr = explode(",",$oldCat);
$newCatArr = explode(",",$cat);
//Debugging
//print_r($oldCatArr);
//print_r($newCatArr);
$resultCatAdd = array_diff($newCatArr, $oldCatArr);
$resultCatRemove = array_diff($oldCatArr, $newCatArr);
//Debugging
print_r($resultCatAdd);
print_r($resultCatRemove);
I'm creating an appointment plugin, in that for already members and new members are there. in already member area the date entry is not entring into db. but when displaying the variale contains the date. i'm have been checking this from morning but didn't get what is the error. my code is:
$source = mysql_real_escape_string(trim($_POST['apdatetime']));
$datetime = explode(',', $source);
$dates = $datetime[0];
$app_time = $datetime[1];
if($app_time < 12){
$app_session = 'am';
}
else{
$app_session ='pm';
}
$splitdatet = explode('/', $dates);
$yyear = $splitdatet[2];
$mmonth = $splitdatet[1];
$ddate = $splitdatet[0];
$app_date = $yyear . "-" . $mmonth . "-" . $ddate;
if ($_POST['isnewpatient'] == "false") {
//$cSql = "select * from " . WP_contact . " where appointments_c_patientid='" . trim($_POST['ptntid']) . "' ";
$cSql = "select * from " . WP_eemail_TABLE_SUB . " where eemail_patient_id='" . trim($_POST['ptntid']) . "' ";
$data = $wpdb->get_results($cSql);
if (empty($data )) {
$err = 1;
echo "<div id='message' class='aerror'>No such patient ID exists....</div>";
} else {
#$mobile = htmlspecialchars(stripslashes($data[0]->eemail_mobile_sub));
#$email = htmlspecialchars(stripslashes($data[0]->eemail_email_sub));
#$name = htmlspecialchars(stripslashes($data[0]->eemail_name_sub));
$sqlss = "insert into " . WP_Appointments .
" (`appointments_patient_id`,`appointments_date`,`appointments_time`,`appointments_session`,`appointments_reg_date`) VALUES ('" .
mysql_real_escape_string(trim($_POST['ptntid'])) . "','" .
$app_date . "','" .
$app_time . "','" .
$app_session . "',CURRENT_TIMESTAMP() )";
$dd=$wpdb->get_results($sqlss);
var_dump($dd);
echo 'Date:'.$app_date;
// return $suc;
echo "<div id='message' class='asuccess' >Request has been sent for appointment</div>";
}
}
The output of the var_dump is array[0] and $app_date is Date:2014-10-22
The db entry is
appointments_id :393
appointments_patient_id : 9999999999
appointments_date : 0000-00-00
appointments_time : 9:00
appointments_session : am
appointments_reg_date : 2014-09-25 14:21:35
could anyone please point out the mistake in the code if any??
You should convert your string into date object like this:
$app_date = date('Y-m-d',strtotime($app_date));