simple html dom php curl error cannot grab text i need - php

i am using the following code in my cript to grab a part of source code i need
but it get this error
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting ')' in /home/cyberhos/public_html/CH/tes.php on line 151
simple_html_dom.php is already issued in my script elswhere
if (isset($_POST['mp'], $_POST['delim'], $_POST['submit'])) {
$mps = preg_split('/\r\n|\r|\n/', $_POST['mp']);
// Create an array to store results
$result_data = array();
// Iterate over requests
foreach ($mps as $mp) {
$mp = explode($_POST['delim'], $mp);
// Store the account details in variables
list($email, $password) = $mp;
// Get HTML data
$html_string = checkmail($email, $password);
$html = str_get_html($html_string);
$body = $html->find('div[id="welcome_text"]);
// Prepare a reusable string
$result_string = "Checked " . $email . " : " . $password . " is ";
// Append necessary word to it
if ($html>welcome_text === "Welcome to Tesco.com. We hope that you enjoy your visit.") {
$result_string .= "LIVE";
} else {
$result_string .= "DEAD";
}
how can i fix this error is there any way that i can fix this error so my script works properly
heres the part of source code i am trying to get
<div id="welcome_text" class="">
<div class="box">
Welcome to Tesco.com. We hope that you enjoy your visit.
<a id="ctl00_ctl00_lnkLogin" href="javascript:__doPostBack('ctl00$ctl00$lnkLogin','')">Log out</a>
</div>


you miss ' in this line edited is
$body = $html->find('div[id="welcome_text"]');
your edited code
if (isset($_POST['mp'], $_POST['delim'], $_POST['submit'])) {
$mps = preg_split('/\r\n|\r|\n/', $_POST['mp']);
// Create an array to store results
$result_data = array();
// Iterate over requests
foreach ($mps as $mp) {
$mp = explode($_POST['delim'], $mp);
// Store the account details in variables
list($email, $password) = $mp;
// Get HTML data
$html_string = checkmail($email, $password);
$html = str_get_html($html_string);
$body = $html->find('div[id="welcome_text"]');
// Prepare a reusable string
$result_string = "Checked " . $email . " : " . $password . " is ";
// Append necessary word to it
if ($html>welcome_text === "Welcome to Tesco.com. We hope that you enjoy your visit.") {
$result_string .= "LIVE";
} else {
$result_string .= "DEAD";
}
}
}

Related

How to Check If 10 Most Recent Entries in MySQL DB Begin with a String Using PHP?

I want to allow people to write something like BOLD: or ITALIC: at the beginning of their message to make bold or italic. The only way I can think of is to get the total amount of entries by ID and minus 10 then make an IF statement and minus 9 and so on. Is there a single statement I could query to check if the string in the database begins a certain way and display it in HTML in bold or italic if it does?
<?PHP
$A = "localhost"; // Server Name
$B = "root"; // MySQL Username
$C = ""; // MySQL Password
$D = "sql"; // Database
$CONNECT = new mysqli($A, $B, $C, $D);
if ($CONNECT->connect_error) {
die('<DIV>Connection Failed</DIV>');
}
echo "<DIV>Connected</DIV>";
if (isset($_POST['MSG'])) {
$MSG = htmlspecialchars($_POST['MSG']);
$SQL = "INSERT INTO Messages (Message) VALUES ('$MSG')";
if ($CONNECT->query($SQL) === TRUE) {
echo "<DIV>Message Sent</DIV>";
} else {
echo "<DIV>Error Sending Message</DIV>";
}
}
$SELECT = 'SELECT * FROM Messages ORDER BY ID DESC LIMIT 10';
$RESULT = $CONNECT->query($SELECT);
if (mysqli_num_rows($RESULT) > 0) {
while ($ROW = mysqli_fetch_assoc($RESULT)) {
echo '<DIV>ID: ' . $ROW['ID'] . ' MSG: ' . $ROW['Message'] . '</DIV>';
}
}
I added in some code if somebody begins their message with "'", but the type of strpos if statement doesn't work in the while loop for retrieving messages.
if (isset($_POST['MSG'])) {
$MSG = htmlspecialchars($_POST['MSG']);
$SQL = "INSERT INTO Messages (Message) VALUES ('$MSG')";
if ($CONNECT->query($SQL) === TRUE) {
echo "<DIV>Message Sent</DIV>";
} else {
if (substr($MSG,0,1 == '\'')) {
echo "<DIV>Error Sending Message</DIV>";
} else {
echo "<DIV>Nice Try :')</DIV>";
}
}

In order for this question to have an answer i will sum up what i did in the comments:
if (mysqli_num_rows($RESULT) > 0) {
while ($ROW = mysqli_fetch_assoc($RESULT)) {
$message = $ROW['message'];
if(strpos($ROW['message'], 'BOLD:') !== false){
$message = '<strong>'.substr($ROW['message'], 5).'</strong>';
} else if(strpos($ROW['message'], 'ITALIC:') !== false){
$message = '<i>'.substr($ROW['message'], 7).'</i>';
}
echo '<DIV>ID: ' . $ROW['ID'] . ' MSG: ' . $message . '</DIV>';
}
}
edit: oops i forgot to add the different style tags..
for bold you can wrap the $message in a strong -tag. for italic its the i -tag
edit2: included tags in the code

Php _GET Method as Prepared Statement

I am attempting to patch all of the SQL Injection vulnerabilities on a existing website.
One of my php files uses the _GET method inside of the ternary operator.
details.php:
<?php
$_SERVER['DOCUMENT_ROOT']=".";
include_once($_SERVER['DOCUMENT_ROOT'].'/include/CHtml.php');
include_once($_SERVER['DOCUMENT_ROOT'].'/include/CExtra.php');
include_once($_SERVER['DOCUMENT_ROOT'].'/include/CDetailMenu.php');
include_once($_SERVER['DOCUMENT_ROOT'].'/include/CDetail.php');
//include 'ChromePhp.php';
// Get Html Page Header
GetPageHeader();
GetTopMenu();
// Get Html Page Body
$menu_js = '';
$img_pd_header = '';
$did = (isset($_GET['did'])) ? $_GET['did'] : 0 ;
$mid = (isset($_GET['mid'])) ? $_GET['mid'] : 0 ;
$menu_html = (isset($_GET['gid'])) ? GetDetailMenu($_GET['gid']) : GetDetailMenu($_GET['mid']);
$detail_html = GetDetailContent($_GET['mid'], $did);
GetPageBody($menu_html, $detail_html);
if ($mid == 10)
$menu_js .= '
$(\'#gallery a\').lightBox();
';
// Get Html Page Footer
GetPageFooter(false, $menu_js);
?>
This value is passed along to a function in another php file to be used in constructing a SQL statement.
detailmenu.php:
<?php
include_once($_SERVER['DOCUMENT_ROOT'].'/include/CDataSet.php');
include 'config.php';
//include 'ChromePhp.php';
function GetDetailMenu($gid) {
global $menu_js;
global $DB;
$dbh= new mysqli($DB->host,$DB->user,$DB->pass,$DB->database);
if ($dbh->connect_errno) {
echo "Failed to connect to MySQL: (" . $dbh->connect_errno . ") " . $dbh->connect_error;
}
$cid = 0;
$dataset = new CDataSet();
if ($gid > 0) {
//$sql = 'SELECT PID FROM menu WHERE MID = '.$gid; // Old SQL Statement
// Prepared statement, stage 1: prepare
if (!($sqlstmt = $dbh->prepare("SELECT PID FROM menu WHERE MID = ?"))) {
echo "Prepare failed: (" . $dbh->errno . ") " . $dbh->error;
}
/* Prepared statement, stage 2: bind and execute */
if (!$sqlstmt->bind_param('i',$gid)) {
echo "Binding parameters failed: (" . $sqlstmt->errno . ") " . $sqlstmt->error;
}
if (!$sqlstmt->execute()) {
echo "Execute failed: (" . $sqlstmt->errno . ") " . $sqlstmt->error;
}
$ds = $dataset->GetFirstRecord($sql);
$cid = $ds['PID'];
}
$sql = 'SELECT FST_ID, '.GetFieldName('FST_NAME').', SND_ID, '.GetFieldName('SND_NAME').', TRD_ID, '.GetFieldName('TRD_NAME').', IMG_FILE, IS_PRODUCT, '.
'SND_FILE, SND_FILENAME, TRD_FILE, TRD_FILENAME '.
'FROM view_menu';
$dlmenu = $dataset->GetDataSet($sql);
$dataset = null;
$menu_html = '
<div style="float: left; padding-left: 22px;" id="my_menu" class="sdmenu">';
$mid = 0;
$idx = 0;
foreach($dlmenu as $key=>$value) {
if (!($value['IS_PRODUCT'])) {
if ($mid <> $value['FST_ID']) {
if ($mid > 0) $menu_html .= '
</div>';
$menu_html .= '
<div class="collapsed">
<span>'.stripslashes($value['FST_NAME']).'</span>';
$mid = $value['FST_ID'];
if ($mid == $cid) {
$img_pd_header = $value['IMG_FILE'];
$menu_js = '
var expendMenu = myMenu.submenus['.$idx.'];
myMenu.expandMenu(expendMenu); // Expand a submenu
';
}
++$idx;
}
if ($value['TRD_ID'] == '') {
if ($value['SND_FILE'])
$menu_html .= '
<img src="./images/dot.gif"> '.stripslashes($value['SND_NAME']).'';
else
$menu_html .= '
<img src="./images/dot.gif"> '.stripslashes($value['SND_NAME']).'';
} else {
if ($value['TRD_FILE'])
$menu_html .= '
<img src="./images/dot.gif"> > '.stripslashes($value['TRD_NAME']).'';
else
$menu_html .= '
<img src="./images/dot.gif"> > '.stripslashes($value['TRD_NAME']).'';
}
}
}
$menu_html .= '
</div>
</div>';
return Chinese_TradToSimp($menu_html);
}
?>
I can create a prepared statement and verify the results under detailmenu.php, but I do not know how to create a prepared statement for just the _GET command. Examples I've seen show it being initiated in the bind_params() function, but I do not have an associated statement to bind to. Any ideas on how to accomplish this?
To add, Ive also tried using the real_escape_string() function to no success.
if (isset($_GET['mid']))
$mid = mysqli_real_escape_string($dbh, $_GET['mid']);
else
$mid = 0;
The SQL Injection makes it in every time :(

Probably the easiest and least intrusive way in this case is casting the IDs to integers (the code does the same, but is a bit more readable in my opinion):
<?php
$id = (isset($_GET['gid'])) ? intval($_GET['gid']) : 0 ;
if ($id == 0 && isset($_GET['mid'])) {
$id = intval($_GET['mid']);
}
$menu_html = GetDetailMenu($id);
Is it the best solution? Absolutely not, but it will get the job done.

Creating a php file for translating the content dynamically

I have a database that has around 700 terms. I would just like to write a single php file called internationalize that would check the mysql database and return the proper translation. All the PHP variables have been setup and there is view that contains the translation of all the languages. There are about 11 languages. I have looked in a lot of places, but there isn't one that fits my situation. Any suggestions would be greatly appreciated.
if (!isset($_SESSION))
{
session_start();
}
if (isset($setup))
{
$lang=$_SESSION['setupLang'];
}
elseif (isset($_SESSION['lang']))
{
$lang=$_SESSION['lang'];
}
else
{
require("fetchMainConfig.php");
}
$lang_code = $lang;
//file_dir contains the language codes for example: il,fr,pt,ge and so on
$sql = "SELECT file_dir FROM `hydroserver_translation`.`language_file_dir`";
if($lang_code = $sql){
// What should go in here??? What is the best way to
// dynamically translate the database?
}
I am also attaching a copy of the database view. I plan to write the code is such a way that if there is no language translation the default translation is in english.

This is what I have done and it works. Thank you for your help!
<?php
//Connects to the database
$mysqlserver="servername";
$mysqlusername="langreader";
$mysqlpassword="readHSLlang#9";
$error=0;
$link=mysqli_connect($mysqlserver, $mysqlusername, $mysqlpassword) or $error=1;
$dbname = 'translation';
mysqli_select_db($link, $dbname) or $error=1;
if(!$error)
{//check which is the session language
$language = $lang_code;
//language file path
$file_path = "languages/" .$language. ".php";
//Check if file exists
$file_exists = file_exists($file_path);
if($file_exists){
// The file exists. Now just check when it was last time created.
$file_created_time = filemtime($file_path);
$timezone = date_default_timezone_set('UTC');
$current_time = time();
//Time lapse to check the difference between the current time and the last created time
$time_lapse = (abs($current_time-$file_created_time)/60/60);
//SQL statement to access the view from the database
$sql = "SELECT * FROM translation.translations_by_language";
$terms = mysqli_query($link, $sql);
//Will create a new file if it has been more than four hours
if($time_lapse >= '4.0'){
//Deleting the existing file to avoid any parsing errors
unlink($file_exists);
//Writing the new language_file
$lang_file= fopen("languages/" .$language. ".php","c+");
//Loops through the query and shows the translated terms
//and english terms if there are no translations for the term
$new_file = "<?php" . "\n ";
fwrite($lang_file, $new_file);
while($row = mysqli_fetch_array($terms)) {
if ($row[$language] != "")
fwrite($lang_file,$row['php_variable']. " = " . '"' . addslashes($row[$language]) . '"' . ";" . "\n ");
else
fwrite($lang_file,$row['php_variable']. " = " . '"' . addslashes($row['english_phrase']) . '"' . ";" . "\n ");
}
$last_line = "?>";
fwrite($lang_file, $last_line);
fclose($lang_file);
}
}
else{
// Creating a new file if the file doesn't exist
$sql = "SELECT * FROM hydroserver_translation.translations_by_language";
$terms = mysqli_query($link, $sql);
$lang_file= fopen("languages/" .$language. ".php","c+");
$new_file = "<?php" . "\n ";
fwrite($lang_file, $new_file);
while($row = mysqli_fetch_array($terms)) {
print_r($row);
if ($row[$language] != "")
//Provide the translation
fwrite($lang_file,$row['php_variable']. " = " . '"' . addslashes($row[$language]) . '"' . ";" . "\n ");
//If translation doesn't exist, just use the english phrase
else
fwrite($lang_file,$row['php_variable']. " = " . '"' . addslashes($row['english_phrase']) . '"' . ";" . "\n ");
}
$last_line = "?>";
fwrite($lang_file, $last_line);
fclose($lang_file);
//New language file succesfully created!!!!
}
}

php simple html dom return array?

I'm trying to create an app using the simple HTML DOM php script, but im running into a wall currently with it - hope you can help.
The aim is to read product numbers from mySQL database, concat these numbers with a url constant and then parse this resulting website for a specific class. The result should then be printed to the screen.
My problem is that the script is returning only the first result from the function array, i have tried a few things, such as trying to call $prices->children[4], but nothing seems to help.
When i trigger the function get_prices_array() with a url, it brings back multiple results -> but when i return this inside my while loop it only brings back the first result in the array.
Heres my code, hope you can point me in the right direction!
Thanks!
<?php
include('simple_html_dom.php');
function get_prices_array($url) {
$x = file_get_html($url);
foreach ($x->find('span.price')as $dom) {
$y = $dom->outertext;
return $y;
}
$x->clear();
}
$con = mysqli_connect("localhost", "***", "***", "***");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$result = mysqli_query($con, "SELECT * FROM articles");
while ($row = mysqli_fetch_array($result)) {
$constant = '***';
$prices = get_prices_array($constant . $row["product_number"]);
echo $row["product_number"] . " - " . $prices . '<br />';
}
mysqli_close($con);
?>
// EDIT //
I changed the function get_prices_array() to loop through each span price class and add the result to an array, the array is then returned from the function. The first 5 results from the array are then stored to variables and added to the return string. Thanks for your help!
<?php
include('simple_html_dom.php');
function get_prices_array($url) {
$x = file_get_html($url);
$y = array();
foreach ($x->find('span.price')as $dom) {
$x = ($dom->outertext);
$y[] = $x;
}
return $y;
//$x->clear();
}
$con = mysqli_connect("localhost", "***", "***", "***");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
exit();
}
$result = mysqli_query($con, "SELECT * FROM articles");
while ($row = mysqli_fetch_array($result)) {
$constant = '***';
$prices = get_prices_array($constant . $row["product_number"]);
$pos1 = $prices[0];
$pos2 = $prices[1];
$pos3 = $prices[2];
$pos4 = $prices[3];
$pos5 = $prices[4];
echo $row["product_number"] . " - " . $pos1 . " - " . $pos2 . " - " . $pos3 . " - " . $pos4 . " - " . $pos5 .'<br />';
}
mysqli_close($con);
?>

I think problem is because of return used in foreach loop of function get_prices_array($url).
it is executing foreach loop only once. There is no meaning of loop if you are returning without condition inside loop.

php generating csv file only works first time

I've the following script:
<?php
//Define basepath for codeigniter
define('BASEPATH', '/');
//Include constants.php config file from codeigniter
require_once "../../my_manager/system/application/config/constants.php";
//Check username and password from GET
if( $_GET['username'] != IMPORT_USERNAME || $_GET['password'] != IMPORT_PASSWORD )
{
header('HTTP/1.0 401 Unauthorized');
echo "Denied Access";
return;
}
//running scripts
include 'export_table1.php';
include 'export_table2.php';
include 'export_table3.php';
include 'export_table4.php';
?>
Eache export is like the following:
<?php
//$host="localhost";
$host="";
$user="";
$pass="";
$db_name="";
$table="table1";
$conn = mysqli_connect($host,$user,$pass,$db_name) or die("Connection Error");
$query = "SELECT * FROM $table ORDER BY ID";
$result = mysqli_query($conn,$query) or die("sql error");
if(mysqli_num_rows($result)>0)
{
$csv = "";
$row = mysqli_fetch_assoc($result);
$delim = "";
//retrieving first line fields
foreach($row as $k => $v)
{
$csv .= $delim . '"' . str_replace('"', '""', $k) . '"';
$delim= ";";
}
$csv .= "\n";
//retrieving value into fields
while($row = mysqli_fetch_assoc($result))
{
$delim = "";
foreach($row as $v)
{
$csv .= $delim . '"' . str_replace('"', '""', $v) . '"';
$delim = ";";
}
$csv .= "\n";
}
header("Content-type: text/csv");
header("Content-Disposition: attachment; filename=".$table.".csv");
echo $csv;
exit
}
else
{
echo "No records";
}
exit
?>
The issue is that only the first script is fired, so I can get only the first table downloaded into csv file. If I launch first the table2 export, only table2 export is fired. How can I manage that? Thanks in advance!

As far as i know "exit" kills both child- and parent-script - that's the cause why you only get the first table exported in a csv. Use "return" instead to continue.

Categories