I have the the following code however the data only goes into the applicant table and not the applicant_edit table, and apparently I am having this error around the program, I may think it has something to do with the $_post but im not sure, also I have the same exact application running on another computer and it works fine, here is what i did, on this new machine, whiche seems to not be working well, I installed apache, then copied over my entire server folder with all the setting from my other machine, most things seem to be working however when it comes to $_post, thats where errors occur. Please Id love some help and suggestions.
<?php
include("config.php"); // put the *FULL* path to the file.
$url = 'index.php';
header('Location: ' . $url);
//header('Location: ' . $url);
$values = $_POST;
foreach ($values as &$value) {
$value = mysql_real_escape_string($value);
}
$sq1="INSERT INTO applicant (app_trn,app_file_id, app_fname, app_lname,app_mid_name, app_strt_add_1, app_strt_add_2,app_city, app_parish, app_postal,
app_hme_cntct, app_cell1_cntct, app_cell2_cntct, app_email, app_gov_agncy, app_gov_agncy_strt,app_gov_agncy_city, app_gov_agncy_parish, app_post,
app_grade,app_appointment_date,app_salary,app_gov_last_agncy1,app_gov_last_agncy1_street,app_gov_last_agncy1_city,app_gov_last_agncy1_parish,
app_gov_last_agncy1_contact, app_gov_last_agncy2, app_gov_last_agncy2_street,app_gov_last_agncy2_city,app_gov_last_agncy2_parish,app_gov_last_agncy2_contact,
app_gov_last_agncy3,app_gov_last_agncy3_street,app_gov_last_agncy3_city,app_gov_last_agncy3_parish,app_gov_last_agncy3_contact)
VALUES
('$values[app_trn]','$values[app_file_id]', '$values[app_fname]','$values[app_lname]', '$values[app_mid_name]','$values[app_strt_add_1]', '$values[app_strt_add_2]',
'$values[app_city]', '$values[app_parish]', '$values[app_postal]', '$values[app_hme_cntct]', '$values[app_cell1_cntct]', '$values[app_cell2_cntct]',
'$values[app_email]', '$values[app_gov_agncy]', '$values[app_gov_agncy_strt]', '$values[app_gov_agncy_city]', '$values[app_gov_agncy_parish]','$values[app_post]',
'$values[app_grade]','$values[app_appointment_date]','$values[app_salary]','$values[app_gov_last_agncy1]','$values[app_gov_last_agncy1_street]',
'$values[app_gov_last_agncy1_city]','$values[app_gov_last_agncy1_parish]','$values[app_gov_last_agncy1_contact]', '$values[app_gov_last_agncy2]',
'$values[app_gov_last_agncy2_street]','$values[app_gov_last_agncy2_city]','$values[app_gov_last_agncy2_parish]','$values[app_gov_last_agncy2_contact]',
'$values[app_gov_last_agncy3]','$values[app_gov_last_agncy3_street]','$values[app_gov_last_agncy3_city]','$values[app_gov_last_agncy3_parish]',
'$values[app_gov_last_agncy3_contact]')";
$result = mysql_query($sq1);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
mysql_query("INSERT INTO applicant_edit (applicant_edit_id,edit_app_trn)
VALUES ('','$values[app_trn]')");
?>
You're redirecting all traffic to index.php before anything happens
$url = 'index.php';
header('Location: ' . $url);
Remove that and see what happens
1- Remove header redirect code as mentioned by Paul
2- Try to print out one value
echo $values[app_trn];
echo "'$values[app_trn]'"; //test same case (double quota and single quota)
if it works, then, it will be sql error, try to print
echo mysql_error();
3-
I also suggest to use:
foreach ($values as &$value) {
$value = mysql_real_escape_string($value);
}
after this add:
foreach ($values as $kc => $vc){
$$kc = $vc;
}
now all values can be accessed by using key names:
VALUES
('$app_trn','$app_file_id', '$valuesapp_fname', ...
Related
I have a POST function contained in my page. I am trying to call it directly for my CURL Function, notice in the following code the url variable is set to http://dirtrif.loc/installs.php
//extract data from the post
//set POST variables
$cookie_name = "drcuserid";
if(isset($_COOKIE[$cookie_name]))
{
$cookie = $_COOKIE[$cookie_name];
}
$url = 'http://dirtrif.loc/installs.php';
$fields['username'] = $vbulletin->userinfo[username];
$fields['webmasteremail'] = $vbulletin->options[webmasteremail];
$fields['cookie'] = $_COOKIE[$cookie_name];
//url-ify the data for the POST
foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
rtrim($fields_string, '&');
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
echo $fields_string;
This is causing an issue when the CURL script is executed, by navigating to the actual page and not running the portion that it's supposed to.
I currently have the post portion set up as follows in my installs.php:
if (isset($_POST['username'])) {
$vbulletin->db->query_write("
INSERT INTO " . TABLE_PREFIX . "installs (
username,
webmasteremail,
cookie
) VALUES (" .
$_POST['username'] .", '" .
$_POST['webmasteremail'] . ", '" .
$_POST['cookie'] . "'
)");
}
Is there a way I can change the URL in my CURL code to point directly to that part of the installs.php page?
the full contents of installs.php (note* I have made a few changes since posting this question)
<?php
// ####################### SET PHP ENVIRONMENT ###########################
error_reporting(E_ALL & ~E_NOTICE);
// #################### DEFINE IMPORTANT CONSTANTS #######################
define('THIS_SCRIPT', 'installs');
define('CSRF_PROTECTION', true);
define('CSRF_SKIP_LIST', '');
// ################### PRE-CACHE TEMPLATES AND DATA ######################
// pre-cache templates used by all actions
$globaltemplates = array(
'installs'
);
// pre-cache templates used by specific actions
$actiontemplates = array();
// ######################### REQUIRE BACK-END ############################
require_once('./global.php');
// ######################### VARIABLES ############################
$username = $_POST['username'];
$userid = $_POST['userid'];
$email = $_POST['email'];
$addontitle = $_POST['addontitle'];
$addonversion = $_POST['addonversion'];
$bburl = $_POST['bburl'];
$bbtitle = $_POST['bbtitle'];
$webmasteremail = $_POST['webmasteremail'];
$cookie = $_POST['cookie'];
if (isset($_POST['username'])) {
$db->query_write("
INSERT INTO " . TABLE_PREFIX . "installs (
username,userid,email,addontitle,addonversion,bburl,bbtitle,webmasteremail,cookie,dateline
) VALUES (
'$username',
'$userid',
'$email',
'$addontitle',
'$addonversion',
'$bburl',
'$bbtitle',
'$webmasteremail',
'$cookie',
NOW()
)");
}
// #######################################################################
// ######################## START MAIN SCRIPT ############################
// #######################################################################
$navbits = array();
$navbits[$parent] = 'Installs Page';
$navbits = construct_navbits($navbits);
eval('$navbar = "' . fetch_template('navbar') . '";');
eval('print_output("' . fetch_template('installs') . '");');
?>
Is there a way I can change the URL in my CURL code to point directly to that part of the installs.php page?
As for standard HTTP features: no, there is no explicit way of calling parts of a script.
Let's start from the beginning. What we would usually do in this situation is that we set the path in the URL to the file, that contains parts we want to execute. Then, it is up us to decide, how we design our program to know, which part should be executed. We can use POST parameters for that like you were trying. So far, so good.
Now, how do we divide our script, installs.php in your case, into pieces?
One good way is the one RamRaider already mentioned: use a POST parameter action and in installs.php, put code into a big switch. Example:
// installs.php
<?php
switch ($_POST['action']) {
case 'myfirstaction':
if (isset($_POST['username'])) {
$vbulletin->db->query_write("...");
}
break;
case 'myotheraction':
// code here
break;
}
?>
To call specific actions, just extend you $fields array:
<?php
// script that "can be executed from anywhere":
$fields['action'] = 'myfirstaction';
?>
I would say this is the cleanest way to do it in your situation. However, if installs.php is a larger script you are adjusting, this might be way too much work. In that case you may want to exit the script after running your code (thus, running only the code you want). You can simply write exit; and no further code will be executed. See: https://www.php.net/exit.
In my local server this script works fine. When I upload this script on live it does not work properly.
It inserts only 126 rows of data into the database, but I need to upload at least 500 rows at a time.
<?php
include 'database-config.php';
foreach($_POST['classroll'] as $row=>$classroll)
{
$sclassroll = $classroll;
$mark = $_POST['mark'][$row];
$type = $_POST['rtype'];
$session = $_POST['rsession'];
$department = $_POST['rdepartment'];
$examtype = $_POST['rextype'];
$examyear = $_POST['rexyear'];
$examsubject = $_POST['rexmarksubject'];
$stmt = $dbh->prepare("INSERT INTO exammarks(studnettype, studentsession, studentdepartment, studentclassroll, examtype, examyear, examsubjec, exammarks) VALUES (:studnettype, :studentsession, :studentdepartment, :studentclassroll, :examtype, :examyear, :examsubjec, :exammarks)");
$stmt->bindParam('studnettype', $type);
$stmt->bindParam('studentsession', $session);
$stmt->bindParam('studentdepartment', $department);
$stmt->bindParam('studentclassroll', $sclassroll);
$stmt->bindParam('examtype', $examtype);
$stmt->bindParam('examyear', $examyear);
$stmt->bindParam('examsubjec', $examsubject);
$stmt->bindParam('exammarks', $mark);
$stmt->execute();
}
header('Location: ../home.php');
?>
It is possible that your exammarks table definition on your live server contains a unique index that is not present on your local host server. If that were true some of your INSERT operations might fail.
The code you showed us doesn't check for errors. Obviously, when your program deals with high value data (such as the results of student examinations) you should check for errors.
Try this instead:
if( !$stmt->execute()) {
print_r( $arr = $stmt->errorInfo() );
}
else {
/* INSERT statement completed correctly */
}
A little help if possible. I have a Page that pulls from two data tables (MySQL) and one function is providing empty results.
function ShowClient() {
global $agent;
$sql = 'SELECT * FROM nuke_bulletins WHERE user=\'' . $agent . '\' AND isActive="Y" ORDER BY id';
$client = mysql_query($sql) or die('ERROR: OOPS Something went wrong' . mysql_error());
echo '<center><p><b>Current Campaigns</b></p>';
// Pull the loop and display the data
while($row = mysql_fetch_array($client)) {
$agent = stripslashes($row['user']);
$campaign = stripslashes($row['id']);
$title = stripslashes($row['title']);
echo '<p><b>' . $title . '</b></p>';
}
echo '<p>Click the Campaign Title to get the Bulletin Code</p><p> </p>';
echo '<p align="center"><b>Return to All Client\'s</p>';
}
The $agent variable is pulled from a main function that creates a url based on the user ($agent).
What am I doing wrong here?
$agent is a global variable. Using global variables is generally considered bad practice, as this could be getting set or unset somewhere before this function is called.
Have you checked the PHP Error Log to see if you are getting any errors?
If no errors in log I would look to see if $agent conatins a value either by echoing to screen (if dev environment) or dumping the value in the error log file to see if it actually contains anything. http://www.php.net/manual/en/function.error-log.php
Then I would look at the SQL itself; do the Column headings in your table nuke_bulletins match the $row array keys exactly for instance are they the same case?
$row['title']
or
$row['Title']
Here we go...
Don't use the mysql extension. It is unmaintained and officially deprecated
Don't use globals. Relying on external state makes for smelly code
You're overwriting said global variable ($agent) in a loop. Terrible idea.
or die must die ~ http://www.phpfreaks.com/blog/or-die-must-die
I wouldn't recommend using echo within a function. Makes for spaghetti code
Your HTML is a bit of a mess
Here's my suggestion using the mysqli extension
function getCampaigns(mysqli $con, $agent) {
if (!$stmt = $con->prepare("SELECT id, title FROM nuke_bulletins WHERE user = ? AND isActive = 'Y' ORDER BY id")) {
throw new Exception($con->error, $con->errno);
}
$stmt->bind_param('s', $agent); // if the user column is a integer, use 'i' instead
if (!$stmt->execute()) {
throw new Exception($stmt->error, $stmt->errno);
}
$stmt->bind_result($id, $title);
$campaigns = []; // or array() if you're on PHP < 5.4
while ($stmt->fetch()) {
$campaigns[$id] = $title;
}
return $campaigns;
}
Now you can call this function like this...
<?php
// assuming you have a mysqli instance in a $con variable, eg $con = new mysqli(...)
// and an $agent variable
$campaigns = getCampaigns($con, $agent);
?>
<p><strong>Current Campaigns</strong></p>
<?php foreach ($campaigns as $id => $title) : ?>
<p>
<a href="bullies2.php?op=ShowCampaign&id=<?= $id ?>">
<strong><?= htmlspecialchars($title) ?></strong>
</a>
</p>
<?php endforeach ?>
<p>Click the Campaign Title to get the Bulletin Code</p>
<p> </p>
<p align="center"><strong>Return to All Client's</strong></p>
And, as always, your development environment should have the following properties set in your php.ini file
display_errors = On
error_reporting = E_ALL
look at this code
<?
require_once("conn.php");
require_once("includes.php");
require_once("access.php");
if(isset($_POST[s1]))
{
//manage files
if(!empty($_FILES[images]))
{
while(list($key,$value) = each($_FILES[images][name]))
{
if(!empty($value))
{
$NewImageName = $t."_".$value;
copy($_FILES[images][tmp_name][$key], "images/".$NewImageName);
$MyImages[] = $NewImageName;
}
}
if(!empty($MyImages))
{
$ImageStr = implode("|", $MyImages);
}
}
$q1 = "insert into class_catalog set
MemberID = '$_SESSION[MemberID]',
CategoryID = '$_POST[CategoryID]',
Description = '$_POST[Description]',
images = '$ImageStr',
DatePosted = '$t',
DateExp = '$_SESSION[AccountExpDate]',
FeaturedStatus = '$_POST[sp]' ";
//echo $q1;
mysql_query($q1) or die(mysql_error());
}
//get the posted offers
$q1 = "select count(*) from class_catalog where MemberID = '$_SESSION[MemberID]' ";
$r1 = mysql_query($q1) or die(mysql_error());
$a1 = mysql_fetch_array($r1);
header("location:AddAsset.php");
exit();
?>
The mySql insert function isn't adding anything also it return success to me , I've tried using INSERT ... Values but what it done was overwtiting existing value ( i.e make 1 entry and overwties it everytime).
I am using PHP 4.4.9 and MySql 4
I tried to add from Phpmyadmin and it is working also it was working after installation but after i quit the browser and made a new account to test it it is not working but the old ones is working ! you can see it here http://bemidjiclassifieds.com/
try to login with usr:openbook pass:mohamed24 and you can see it will be working but any new account won't work!
Maybe $_POST[s1] is not set or you are inserting into a different database than you are watching.
if(isset($_POST[s1]))
should probably be
if(isset($_POST['s1']))
(note the quotes). Also, it's best to NOT depend on a field being present in the submitted data to check if you're doing a POSt. the 100% reliable method is
if ($_SERVER['REQUEST_METHOD'] == 'POST') { ... }
As well, you're not checking if the file uploads succeeded. Each file should be checked like this:
foreach($_FILES['images']['name'] as $key => $name) {
if ($_FILES['images']['error'][$key] !== UPLOAD_ERR_OK) {
echo "File #$key failed to upload, error code {$_FILES['images']['error'][$key]}";
}
...
}
Don't use copy() to move uploaded files. There's a move_uploaded_files() function for that, which does some extra sanity checking to make sure nothing's tampered with the file between the time the upload finished and your script tries to move it.
Here is my code relating to the question:
$theurl = trim($_POST['url']);
$md5file = md5_file($theurl);
if ($md5file != '96a0cec80eb773687ca28840ecc67ca1') { echo 'Hash doesn\'t match. Incorrect file. Reupload it and try again';
When I run this script, it doesn't even output an error. It just stops. It loads for a bit, and then it just stops.
Further down the script I implement it again, and it fails here, too:
while($row=mysql_fetch_array($execquery, MYSQL_ASSOC)){
$hash = #md5_file($row['url']);
$url = $row['url'];
mysql_query("UPDATE urls SET hash='" . $hash . "' WHERE url='" . $url . "'") or die("There was a problem: ".mysql_error());
if ($hash != '96a0cec80eb773687ca28840ecc67ca1'){
$status = 'down';
}else{
$status = 'up';
}
mysql_query("UPDATE urls SET status='" . $status . "' WHERE url='" . $url . "'") or die("There was a problem: ".mysql_error());
}
And it checks all the URL's just fine, until it gets to one with an IP instead of a domain, such as:
http://188.72.216.143/~waffle/udp.php
In which, again, the script then just loads for a bit, and then stops.
Any help would be much appreciated, if you need any more information just ask.
EDIT: It seems to work with SOME IP's, but not others
I thought that md5_file worked only with local files. The documentation certainly doesn't mention requests or anything. If you get the file manually you can use md5 to calculate the hash of the document. Try giving it a whirl.
<?php
$contents = file_get_contents('http://stackoverflow.com');
$md5file = md5($contents);
echo $md5file;
?>