Jump to content

Search the Community

Showing results for tags 'sqli'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • W3Schools
    • General
    • Suggestions
    • Critiques
  • HTML Forums
    • HTML/XHTML
    • CSS
  • Browser Scripting
    • JavaScript
    • VBScript
  • Server Scripting
    • Web Servers
    • Version Control
    • SQL
    • ASP
    • PHP
    • .NET
    • ColdFusion
    • Java/JSP/J2EE
    • CGI
  • XML Forums
    • XML
    • XSLT/XSL-FO
    • Schema
    • Web Services
  • Multimedia
    • Multimedia
    • FLASH

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Languages

Found 3 results

  1. Hello W3S - me again... So i have this little peace of code: if( isset($_POST['FORMNAME_submit_search']) ) { $qur = ""; @$SearchKeywords = mysqli_real_escape_string($dblink, $_POST['FORMNAME_SogProfilBar_Keywords']); // Search Bar Profil Keywords @$MinAlder = mysqli_real_escape_string($dblink, $_POST['FORMNAME_MinAlder']); // Minimum Alder @$MaxAlder = mysqli_real_escape_string($dblink, $_POST['FORMNAME_MaxAlder']); // Maximum Alder @$Landsdel = mysqli_real_escape_string($dblink, $_POST['FORMNAME_Landsdel']); // Landsdel @$Kon = mysqli_real_escape_string($dblink, $_POST['FORMNAME_Kon']); // Køn @$MinHojde = mysqli_real_escape_string($dblink, $_POST['FORMNAME_MinHojde']); // Minimum Højde @$MaxHojde = mysqli_real_escape_string($dblink, $_POST['FORMNAME_MaxHojde']); // Maximum Højde @$Etnicitet = mysqli_real_escape_string($dblink, $_POST['FORMNAME_Etnicitet']); // Etnicitet @$Sprog = mysqli_real_escape_string($dblink, $_POST['FORMNAME_Sprog']); // Sprog @$MinVaegt = mysqli_real_escape_string($dblink, $_POST['FORMNAME_MinVaegt']); // Minimum Vægt @$MaxVaegt = mysqli_real_escape_string($dblink, $_POST['FORMNAME_MaxVaegt']); // Maximum Vægt @$Tatoveringer = mysqli_real_escape_string($dblink, $_POST['FORMNAME_Tatoveringer']); // Tatoveringer @$Kategorier = mysqli_real_escape_string($dblink, $_POST['FORMNAME_Kategorier']); // Kategorier // Søgning af ALT starter her. $query = " SELECT users.users_id, any_value(users.users_fornavn), any_value(users.users_mellemnavn), any_value(users.users_efternavn), any_value(users.users_email), any_value(users.users_city), any_value(users.users_zipcode), any_value(users.users_birthday_date), any_value(users.users_address), any_value(users.users_tlf_telefon), any_value(users.users_tlf_mobil), users_info.usersinfo_FK_users_id, any_value(users_info.usersinfo_id), any_value(users_info.usersinfo_profilesearch_viewable), any_value(users_info.usersinfo_hojde_cm), any_value(users_info.usersinfo_vaegt_kg), any_value(users_info.usersinfo_ErfaringKvalifikationer), any_value(users_info.usersinfo_beskaeftigelse), any_value(users_info.usersinfo_FK_usersinfoHairColor_id), any_value(users_info.usersinfo_FK_usersinfoEyeColor_id), any_value(users_info.usersinfo_FK_usersinfoBukseBredde_id), any_value(users_info.usersinfo_FK_usersinfoBukseLaengde_id), any_value(users_info.usersinfo_FK_usersinfoBluseStorrelse_id), any_value(users_info.usersinfo_FK_usersinfoSkoStorrelse_id), any_value(users_info.usersinfo_FK_usersinfoLandsdel_id), any_value(users_info.usersinfo_FK_usersinfoEtnicitet_id), any_value(users_info.usersinfo_FK_usersinfoTatoveringer_id), any_value(users_info.usersinfo_FK_usersinfoKategorier_id), any_value(users_info.usersinfo_FK_usersinfoSprog_id) FROM users INNER JOIN users_info ON users.users_id = users_info.usersinfo_FK_users_id "; // Search patterns - needs editing! from old-original to my version so it fits! include_once("index.search_patterns_setup.php"); // fortsætter herunder $query .= " GROUP BY users_id, usersinfo_FK_users_id"; $result = mysqli_query($dblink, $query) or die(mysqli_error($dblink)); if( mysqli_num_rows($result) > 0 ) { while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) { //echo '<p>her er jeg!</p>'; // indsæt søge resultater her! (DET ING VIIIIRKER!) $output = '<p>'.$query.'</p>'; echo $output; echo '<p>'.$row['users_fornavn'].'</p>'; } } else { $row = '<p>Der var desværre ingen resultater på din søgning. Prøv igen.</p>'; echo $row; $output = '<p>'.$query.'</p>'; echo $output; die(); } } else { include_once("index.no_search_show_cards_profiles.php"); } The small code above is the main file. This code here is where i check for patterns and what has been checked in the form for searching etc... /////////////////////////// ALDER /////////////////////////// if( $MinAlder > 0 ) { echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; // dob = Date Of Birth $time = new DateTime('now'); $newtime = $time->modify('-'.$MinAlder.' year')->format('Y-m-d'); $query .= $clause." users_birthday_date <= '$newtime' "; } if( $MaxAlder > 0 ) { //echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; // dob = Date Of Birth $time = new DateTime('now'); $newtime = $time->modify('-'.$MaxAlder.' year')->format('Y-m-d'); $query .= $clause." users_birthday_date >= '$newtime' "; } /////////////////////////// KØN /////////////////////////// if( !empty($Kon) ) { echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; $query .= $clause." usersGender_id = '$Kon' "; } /////////////////////////// LANDSDEL /////////////////////////// if( !empty($Landsdel) ) { echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; $query .= $clause." usersinfoLandsdel_id = '$Landsdel' "; } /////////////////////////// ETNICITET /////////////////////////// if( !empty($Etnicitet) ) { echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; $query .= $clause." usersinfoEtnicitet_id = '$Etnicitet' "; } /////////////////////////// TATOVERINGER /////////////////////////// if( !empty($Tatoveringer) ) { // når jeg skifter til checkboxes, bruger jeg clauseCHECK_OR()! Som den bruges i de originale! Tjek for eksempler! echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; $query .= $clause." usersinfoTatoveringer_id = '$Tatoveringer' "; } /////////////////////////// SPROG /////////////////////////// if( !empty($Sprog) ) { // når jeg skifter til checkboxes, bruger jeg clauseCHECK_OR()! Som den bruges i de originale! Tjek for eksempler! echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; $query .= $clause." usersinfoSprog_id = '$Sprog' "; } /////////////////////////// KATEGORIER /////////////////////////// if( !empty($Kategorier) ) { // når jeg skifter til checkboxes, bruger jeg clauseCHECK_OR()! Som den bruges i de originale! Tjek for eksempler! echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; $query .= $clause." usersinfoKategorier_id = '$Kategorier' "; } /////////////////////////// VÆGT /////////////////////////// if( $MinVaegt>0 && $MaxVaegt<1 ) { $reg_vaegt_max="999"; } if( $MaxVaegt>0 && $MinVaegt<1 ) { $reg_vaegt_min="1"; } if( $MinVaegt>0 || $MinVaegt>0 ) { // når jeg skifter til checkboxes, bruger jeg clauseCHECK_OR()! Som den bruges i de originale! Tjek for eksempler! echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; $query .= $clause."userinfo_vaegt_kg BETWEEN $MinVaegt AND $MaxVaegt "; $clause = " OR "; } /////////////////////////// HØJDE /////////////////////////// if( $MinHojde>0 && $MaxHojde<1 ) { $reg_hoejde_max="999"; } if( $MaxHojde>0 && $MinHojde<1 ) { $reg_hoejde_min="1"; } if( $MinHojde>0 || $MinHojde>0 ) { // når jeg skifter til checkboxes, bruger jeg clauseCHECK_OR()! Som den bruges i de originale! Tjek for eksempler! echo clauseCHECK_AND(); //echo "<p>".clauseCHECK_AND()."</p>"; $query .= $clause."usersinfo_hojde_cm BETWEEN $MinHojde AND $MaxHojde "; $clause = " OR "; } /////////////////////////// KEYWORDS /////////////////////////// //if keyword set, goes here if( !$SearchKeywords=="" ) { echo clauseCHECK_AND(); // Initial clause //echo "<p>".clauseCHECK_AND()."</p>"; // Initial clause // search query $c = " users_id LIKE '%$SearchKeywords%' OR users_fornavn LIKE '%$SearchKeywords%' OR users_mellemnavn LIKE '%$SearchKeywords%' OR users_efternavn LIKE '%$SearchKeywords%' "; $query .= $clause." $c"; } Now, i have a little trouble with the latest version of MySQL installed, i always keep getting the error: Expression #12 of SELECT list is not in GROUP BY clause and contains nonaggregated column (...) which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by So i had to change my main SQL a little, which is why i added "any_value()" to my main sql as a temporary solution, and seems to work, only whenever i get an output, i cannot actually row out any output Oo? Whenever i try to output say "users_fornavn", which is Danish for first name... i get index undefined error... any ideas? I can only assume it it the sql that has the error? Hope you guys can help out a little. PS: Note that the "any_value()" part, was only supposed to be a temporary solution for a customer that want's the website up and running somewhere by next week, so i thought to add the any_value() sql function for now and at a later point be more specific about the code. I just need the rough ways for now so i am able to change that at a later point. Thanks in advance! Really hope you peepz can help me out!
  2. I am new to php and am having a real problem getting it to write to SQL tables from form input. I finally managed to get a 3 column test form to insert the data into a test table, so moved on to the next test of inserting a 10 column form that includes 4 check boxes following the script of the one I got to insert. But I cannot get it to insert the data. I also have the problem that my localhost is running php 7.1 while the SQL side of the server is using php 5.6, thus the many single quotes versus double quotes or no quotes. With the first test script, I debugged line by line, and figured out if I get a bunch of warnings in netbeans and my local server but no red flags it most likely will work on the server. But this script has me at a loss. I have stripped out anything superfluous such as the thank you html, the email send portion, and debugged it line by line with the server. The connection is good, it takes a second as if it is inserting, I get zero warnings or errors at this point, but in the end it has not inserted the data into the table. I have checked and rechecked the database name, table name, columns etc and nothing. I appreciate any ideas and help from anyone here. Thanks so much! This is the form portion of the html: <form class="contact-form" role="form" action="volunteers2remote.php" method="post" onsubmit="document.getElementById('updatesButton').disabled=true; document.getElementById('updatesButton').value='Submitting, please wait...';"> <div class="form-group"> <label for="firstname" class="hidden">First Name</label> <input type="text" class="form-control" name="firstname" id="firstname" value="" required="required" placeholder="First Name"> </div> <div class="form-group"> <label for="lastname" class="hidden">Last Name</label> <input type="text" class="form-control" id="lastname" name="lastname" value="" required="required" placeholder="Last Name"> </div> <div class="form-group"> <label for="email" class="hidden">Email</label> <input type="email" class="form-control" id="email" name="email" value="" required="required" placeholder="Email"> </div> <div class="form-group"> <label for="zip" class="hidden">ZIP</label> <input type="text" class="form-control field-half-width" id="zip" name="zip" placeholder="ZIP"> </div> <div class="form-group"> <label for="phone" class="hidden">Phone</label> <input type="text" class="form-control field-half-width" id="phone" name="phone" value="" required="required" placeholder="Phone"> </div> <div class="form-inline"> I will: (uncheck those which you prefer not to do)<br> <input type="checkbox" name="house_party" class="cbox" id="house_party" placeholder="House Party" value="yes" checked><label for="party" type="text" class="special">Host a house party</label> <input type="checkbox" name="canvass" class="cbox" id="canvass" placeholder="Canvass" value="yes" checked><label for="canvass" type="text" class="special">Knock on doors</label><br> <input type="checkbox" name="phonebank" class="cbox" id="phonebank" placeholder="Phonebank" value="yes" checked><label for="phonebank" class="special">Make phone calls</label> <input type="checkbox" name="anything" value="anything" class="cbox" id="any" placeholder="Anything" value="yes" checked><label for="any" class="special">Help with anything you need</label> </div> <div class="form-group"> <label for="comments" class="hidden">Comments</label> <textarea name="comments" id="comments" class="form-control" rows="5" placeholder="Comments"></textarea> </div> <button type="submit" class="btn btn-default" value="Send" id="sendButton">Send</button> </form> <!-- volunteer-form --> This is the stripped down php: <?php ini_set('display_errors', '1'); ?> <?php deleted connection info $link = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); if (!$link) { die('Could not connect to database: ' . mysqli_error()); } // define variables $firstname = $_POST[firstname]; $lastname = $_POST[lastname]; $email= $_POST; $zip= $_POST[zip]; $phone= $_POST[phone]; $house_party= $_POST[house_party]; $canvass= $_POST[canvass]; $phonebank= $_POST[phonebank]; $anything= $_POST[anything]; $comments= $_POST[comments]; if ($_SERVER[REQUEST_METHOD] == 'POST') if (empty($_POST[firstname])) { $nameErr = 'First name is required'; } else { $firstname = test_input($_POST[firstname]); } // check if name only contains letters and whitespace if (!preg_match('/^[a-zA-Z ]*$/',$firstname)) { $firstnameErr = 'Only letters and white space allowed'; } if ($_SERVER[REQUEST_METHOD] == 'POST') if (empty($_POST[lastname])) { $nameErr = 'Last name is required'; } else { $lastname = test_input($_POST[lastname]); } // check if name only contains letters and whitespace if (!preg_match('/^[a-zA-Z ]*$/',$lastname)) { $lastnameErr = 'Only letters and white space allowed'; } if ($_SERVER[REQUEST_METHOD] == 'POST') if (empty($_POST)) { $emailErr = 'Email is required'; } else { $email = test_input($_POST); } // check if e-mail address is well-formed if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $emailErr = 'Invalid email format'; } /* Check all form inputs using test_input function */ if ($_SERVER[REQUEST_METHOD] == 'POST') { $firstname = test_input($_POST[firstname]); $lastname = test_input($_POST[lastname]); $email = test_input($_POST); $phone = test_input($_POST[phone]); $comments = test_input($_POST[comments]); } if (isset($_POST['myCheckbox'])) { $checkBoxValue = "yes"; } else { $checkBoxValue = "no"; } if(!empty($_POST['check'])) { foreach($_POST['check'] as $value) { $check_msg .= "Checked:".$value."\n"; } } if (isset($_POST[house_party])) { $anything = 'yes'; } else { $anything = 'no'; } if (isset($_POST[canvass])) { $canvass = 'yes'; } else { $canvass = 'no'; } if (isset($_POST[phonebank])) { $anything = 'yes'; } else { $anything = 'no'; } if (isset($_POST[anything])) { $anything = 'yes'; } else { $anything = 'no'; } $check = isset($_POST[check]) ? $_POST[check] : ''; function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } //inserting data into database if (isset($_POST[firstname], $_POST[lastname], $_POST, $_POST[zip], $_POST[phone], $_POST[house_party], $_POST[canvass], $_POST[phonebank], $_POST[anything], $_POST[comments])){ if ($stmt = $link->prepare('INSERT INTO `volunteerstest`(`firstname`, `lastname`, `email`, `zip`, `phone`, `house_party`, `canvass`, `phonebank`, `anything`, `comments`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)')) { $stmt->bind_param('ssssssssss', $_POST[firstname], $_POST[lastname], $_POST, $_POST[zip], $_POST[phone], $_POST[house_party], $_POST[canvass], $_POST[phonebank], $_POST[anything], $_POST[comments]); if (!$stmt->execute()) { error_log('Execute failed '.$stmt->error); } else { echo 'Data successfully inserted! firstname '.$_POST[firstname].' lastname '.$_POST[lastname].' email '.$_POST.' ZIP '.$_POST[zip].' phone '.$_POST[phone].' house_party '.$_POST[house_party].' canvass '.$_POST[canvass].' phonebank '.$_POST[phonebank].' anything '.$_POST[anything].' and comments '.$_POST[comments].''; } $stmt->close(); } else { echo "data insertion failed"; } } ?>
  3. Hello W3S! It's been a while since i've been online here... sorry about that Anyways. I have some trouble with a dynamic menu i'm trying to make with MySQLI... not sure if that is the problem anyhow... Here is the code as a start, i will explain under the code below what i'm trying to do: // File that we are on (viewing / watching)$tab = pathinfo( $_SERVER['SCRIPT_NAME'], PATHINFO_FILENAME );$menu_res = query("SELECT * FROM menu WHERE menu_file_url = ".$tab);$menu_row = mysqli_fetch_row($menu_res);if( $tab == $menu_row['menu_file_url'] || $menu_row['menu_accessible'] == "no" ) stderr("Page Error", "We are currently working on this page! Go to another page to keep browsing! Thanks for your patience! :)");if(isset($CURUSER)){ $menu_while_res = query(" SELECT * FROM menu WHERE menu_accessible = 'yes' AND menu_view = 'user' OR menu_view = 'both' ORDER BY menu_order_id ASC");}else{ $menu_while_res = query(" SELECT * FROM menu WHERE menu_accessible = 'yes' AND menu_view = 'guest' OR menu_view = 'both' ORDER BY menu_order_id ASC");}$HTMLOUT .= "<ul class='nav_first'>"; while ($menu_while_row = mysqli_fetch_array($menu_while_res, MYSQLI_ASSOC)) { // Menu Items Loaded Here $tabarray = array( $menu_while_row['menu_array_id_name'] => "<li><a href='".$menu_while_row['menu_file_url']."'>".$menu_while_row['menu_name']."</a></li>", ); // K = Key // V = Value foreach($tabarray as $k => $v) { if( $tab == $k ) $HTMLOUT .= str_replace("<li>", "<li class='nav_active'>", $v); else $HTMLOUT .= $v; } // Unset Menu For re-load again unset($tabarray); }$HTMLOUT .= "</ul>"; Currently i'm trying to make a dynamic menu with MySQLI! It's working perfectly... but when i tried to "expand" the project a bit longer and try to make a dynamic menu with errors on pages if the users are not allowed to view a specific file, then i get nothing... What i'm trying to do is to controle in the database with "Enum" as my DB setup that is "no" is has been set on one of the menu items (menu_accessible).. then the item will NOT show on the menu! AND if the user still tries to enter that specific page by URL, he will then get an error message saying that we are working on the website page... The code i'm trying to insert into this project is this little peace of code here: // File that we are on (viewing / watching)$tab = pathinfo( $_SERVER['SCRIPT_NAME'], PATHINFO_FILENAME );$menu_res = query("SELECT * FROM menu WHERE menu_file_url = ".$tab);$menu_row = mysqli_fetch_row($menu_res);if( $tab == $menu_row['menu_file_url'] || $menu_row['menu_accessible'] == "no" ) stderr("Page Error", "We are currently working on this page! Go to another page to keep browsing! Thanks for your patience! :)"); However, i get no respond on the code! Even when i have checked if the "$tab" variable is real and related to the name inside the DB (which it is!)... so if possible, can anyone help and tell me what i'm doing wrong here Oo? Thanks alot by the way! And sorry for the long goodbye hehe ...studies and all, killing me! -.-' Anyways, hope some answers or good tips... really need this one Thanks in advance! Mr rootKID
×
×
  • Create New...