Sign In
Create Account
Follow Us on Twitter
Subscribe on Youtube
Thanks for taking your time to read through, would appreciate if you could help.
I need help with one of my PHP program, I have a form which writes to a database and the content of the database is displayed on website. This form has been working perfectly until recently when i tried to update someone's record and i couldn't see the record on the website.
Now the challenge i have is that sometimes, the form works, inputs data into the database and it shows immediately on the website but sometimes it doesn't. It inputs data into the database but doesn't show on the website, it would create spaces but no text would appear. I have checked all the links, each column and everything i know and i cant get this resolve.
If you have an idea of what could be wrong or if you would like to assist me, i could furnish you with more information. This is quiet urgent has the website has loads of hit with people entry more than 200 records daily which would not be displayed, if this is not resolved.
7 replies to this topic
Back to top|
|
|
#2
Posted 07 April 2010 - 04:43 AM
kalpana
-
- Members
-
- 2 posts
Newbie
please send your problem with written code in details
#3
Posted 07 April 2010 - 04:51 AM
zillonnaire
-
- Members
-
- 4 posts
Newbie
Thank you for your choice to help, here is a code i used to create the form.
<?
include ("include/db_connect.php");
include ("include/path.php");
$pk = $_GET['pk'];
$sql = "select * from listings_categories where pk = \"$pk\"";
$sql_result = mysql_query($sql, $connection) or die("Query 1 failed : " . mysql_error());
$row = mysql_fetch_array($sql_result);
$title = $row["title"];
$title_uc = strtoupper($title);
$meta_title = $row["meta_title"];
$meta_description = $row["meta_description"];
$meta_keywords = $row["meta_keywords"];
$topad1 = $row["topad1"];
if ($topad1 == "") $topad1 = "bansplit.gif";
$topad1_url = $row["topad1_url"];
$topad2 = $row["topad2"];
if ($topad2 == "") $topad2 = "bansplit.gif";
$topad2_url = $row["topad2_url"];
$bottomad1 = $row["bottomad1"];
if ($bottomad1 == "") $bottomad1 = "bansplit.gif";
$bottomad1_url = $row["bottomad1_url"];
$bottomad2 = $row["bottomad2"];
if ($bottomad2 == "") $bottomad2 = "bansplit.gif";
$bottomad2_url = $row["bottomad2_url"];
$leftad1 = $row["leftad1"];
if ($leftad1 == "") $leftad1 = "advertc.gif";
$leftad1_url = $row["leftad1_url"];
$leftad2 = $row["leftad2"];
if ($leftad2 == "") $leftad2 = "bannerb.jpg";
$leftad2_url = $row["leftad2_url"];
$rightad1 = $row["rightad1"];
if ($rightad1 == "") $rightad1 = "advert.jpg";
$rightad1_url = $row["rightad1_url"];
$rightad2 = $row["rightad2"];
if ($rightad2 == "") $rightad2 = "advert.jpg";
$rightad2_url = $row["rightad2_url"];
$rightad3 = $row["rightad3"];
if ($rightad3 == "") $rightad3 = "advert.jpg";
$rightad3_url = $row["rightad3_url"];
$rightad4 = $row["rightad4"];
if ($rightad4 == "") $rightad4 = "advert.jpg";
$rightad4_url = $row["rightad4_url"];
$rightad5 = $row["rightad5"];
if ($rightad5 == "") $rightad5 = "advert.jpg";
$rightad5_url = $row["rightad5_url"];
$rightad6 = $row["rightad6"];
if ($rightad6 == "") $rightad6 = "advert.jpg";
$rightad6_url = $row["rightad6_url"];
$Submit = $_POST['Submit'];
if ($Submit == "Submit") {
$dr_id = $_POST['dr_id'];
$action = $_POST['action'];
$confirm = $_POST['confirm'];
$dr_title = $_POST['dr_title'];
$dr_name = $_POST['dr_name'];
$dr_qualification = $_POST['dr_qualification'];
$dr_business = $_POST['dr_business'];
$catid1 = $_POST['catid1'];
$catid2 = $_POST['catid2'];
$catid3 = $_POST['catid3'];
$catid4 = $_POST['catid4'];
$catid5 = $_POST['catid5'];
$area_id = $_POST['area_id'];
$dr_address = trim($_POST['dr_address']);
$dr_telnum = $_POST['dr_telnum'];
$dr_faxnum = $_POST['dr_faxnum'];
$dr_cellnum = $_POST['dr_cellnum'];
$dr_ahnum = $_POST['dr_ahnum'];
$dr_email = $_POST['dr_email'];
$dr_website = $_POST['dr_website'];
$dr_officehours = trim($_POST['dr_officehours']);
$dr_notes = trim($_POST['dr_notes']);
$dr_focus = trim($_POST['dr_focus']);
$savename1_1 = $_POST['savename1_1'];
$listingtype = $_POST['listingtype'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="text/javascript" src="menu.js"></script>
<LINK HREF="default.css" TYPE="text/css" REL="stylesheet">
<title>List your practice</title>
<style type="text/css">
<!--
.style1 {
font-size: 10px
}
.style3 {font-size: 10px; font-family: Verdana, Arial, Helvetica, sans-serif; }
-->
</style>
</head>
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="100%" border="0" cellpadding="0" cellspacing="-1" background="http://forum.codecall.net/images/topbg1.jpg">
<tr>
<td height="134"> </td>
<td width="559" valign="top" background="http://forum.codecall.net/images/top2bg.jpg"><div align="right"><span class="logo"><img src="topimage.jpg" width="559" height="80" border="0" alt="" /></span></div>
<div align="right"></div></td>
</tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="-1">
<tr>
<td width="160" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td><div align="center">
<?
if ($leftad1_url <> "") {
?>
<a href="<?= $leftad1_url?>">
<?
}
?>
<img src="listings/<?= $leftad1?>" alt="" border="0" />
<?
if ($leftad1_url <> "") {
?>
</a>
<?
}
?>
</div></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>
<?
include ("menu.php");
?> </td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><div align="center">
<?
if ($leftad2_url <> "") {
?>
<a href="<?= $leftad2_url?>">
<?
}
?>
<img src="listings/<?= $leftad2?>" alt="" border="0" />
<?
if ($leftad2_url <> "") {
?>
</a>
<?
}
?>
</div></td>
</tr>
<tr>
<td> </td>
</tr>
</table></td>
<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td><table width="300" border="0" align="center" cellpadding="5" cellspacing="0">
<tr>
<td><div align="center">
<?
if ($topad1_url <> "") {
?>
<a href="<?= $topad1_url?>">
<?
}
?>
<img src="listings/<?= $topad1?>" alt="" border="0" />
<?
if ($topad1_url <> "") {
?>
</a>
<?
}
?>
</div></td>
<td><div align="center">
<?
if ($topad2_url <> "") {
?>
<a href="<?= $topad2_url?>">
<?
}
?>
<img src="listings/<?= $topad2?>" alt="" border="0" />
<?
if ($topad2_url <> "") {
?>
</a>
<?
}
?>
</div></td>
</tr>
</table></td>
</tr>
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="-1">
<tr>
<td valign="top"><h1>List your Practice</h1> <div align="center"></div></td>
</tr>
</table></td>
</tr>
<tr>
<td><?
if ($Submit == "Submit") {
if (isset($uploaded)) unset ($uploaded);
//Image 1
if (isset($_FILES['logofile'])) {
if ($_FILES['logofile']['name'] != '' && $_FILES['logofile']['tmp_name'] != 'none')
$uploaded = $_FILES['logofile'];
}
if (isset($uploaded)) {
if ($fp = @fopen($uploaded['tmp_name'], "rb")) {
$uploaded['buffer'] = @fread($fp, @filesize($uploaded['tmp_name']));
@fclose ($fp);
}
$image = $uploaded['buffer'];
$ext = substr($uploaded['name'], strrpos($uploaded['name'], "."));
switch (strtolower($ext)) {
case '.jpeg': $uploaded['contenttype'] = 'jpeg'; break;
case '.jpg': $uploaded['contenttype'] = 'jpeg'; break;
case '.png': $uploaded['contenttype'] = 'png'; break;
case '.gif': $uploaded['contenttype'] = 'gif'; break;
}
$image_type = $uploaded['contenttype'];
srand ((double) microtime() * 100000000);
$savename = rand(100000000, 999999999) . $ext;
srand ((double) microtime() * 100000000);
$savename1_1 = rand(100000000, 999999999) . $ext;
$filename = $savepath . $savename;
if (!$handle = fopen($filename, 'w')) {
echo "Cannot open file ($filename)";
exit;
}
else {
fwrite($handle, $image);
}
fclose($handle);
$imginfo = getimagesize("../listings/$savename");
$width = $imginfo[0];
$height = $imginfo[1];
$limit = 100;
$ratio = $width / $height;
if (($width > $limit) || ($height > $limit)) {
if ($width > $height) {
$width = $limit;
$height = $width / $ratio;
}
else if ($height > $width) {
$height = $limit;
$width = $height * $ratio;
}
else {
$width = $limit;
$height = $width / $ratio;
}
$rimg=new RESIZEIMAGE("../listings/$savename");
echo $rimg->error();
$rimg->resize_limitwh($width,$height,"../listings/$savename1_1");
$rimg->close();
chmod ("$savepath$savename1_1", 0777);
unlink("$savepath$savename");
}
else {
rename("$savepath$savename","$savepath$savename1_1");
// unlink("$savepath$savename");
}
}
if ($dr_title == "Select One") {
$dr_title = "";
}
$sql = "insert into listings (dr_title, dr_name, dr_qualification, dr_business, dr_area, dr_logo, dr_address, dr_telnum, dr_faxnum,
dr_cellnum, dr_ahnum, dr_email, dr_website, dr_officehours, dr_notes, dr_focus) values
(\"$dr_title\", \"$dr_name\", \"$dr_qualification\", \"$dr_business\", \"$area_id\", \"$savename1_1\", \"$dr_address\", \"$dr_telnum\", \"$dr_faxnum\",
\"$dr_cellnum\", \"$dr_ahnum\", \"$dr_email\", \"$dr_website\", \"$dr_officehours\", \"$dr_notes\", \"$dr_focus\")";
$sql_result = mysql_query($sql, $connection) or die("Query 3 failed : " . mysql_error());
$sql = "select dr_id from listings order by dr_id desc";
$sql_result = mysql_query($sql, $connection) or die("Query 15 failed : " . mysql_error());
$row = mysql_fetch_array($sql_result);
$dr_id = $row["dr_id"];
if ($catid1 <> "0") {
$sql = "insert into listings_2_categories (catid, listing_id) values (\"$catid1\", \"$dr_id\")";
$sql_result = mysql_query($sql, $connection) or die("Query 15 failed : " . mysql_error());
}
if ($catid2 <> "0") {
$sql = "insert into listings_2_categories (catid, listing_id) values (\"$catid2\", \"$dr_id\")";
$sql_result = mysql_query($sql, $connection) or die("Query 16 failed : " . mysql_error());
}
$FromName = $dr_name;
if ($dr_email == "") {
$FromEmail = "sales@askthedoctonline.co.za";
}
else {
$FromEmail = $dr_email;
}
$sql = "select title from listings_categories where pk = \"$catid1\"";
$sql_result = mysql_query($sql, $connection) or die("Query 15 failed : " . mysql_error());
$row = mysql_fetch_array($sql_result);
$dr_category1 = $row["title"];
$sql = "select title from listings_categories where pk = \"$catid2\"";
$sql_result = mysql_query($sql, $connection) or die("Query 15 failed : " . mysql_error());
$row = mysql_fetch_array($sql_result);
$dr_category2 = $row["title"];
$sql = "select area_name from listings_areas where area_id = \"$area_id\"";
$sql_result = mysql_query($sql, $connection) or die("Query 15 failed : " . mysql_error());
$row = mysql_fetch_array($sql_result);
$dr_area = $row["area_name"];
$subject = "New Listing Order Received";
$sendmessage = "Name: $dr_title $dr_name\n";
$sendmessage .= "Business Name: $dr_business\n";
$sendmessage .= "Qualifications: $dr_qualification\n";
$sendmessage .= "Category 1: $dr_category1\n";
$sendmessage .= "Category 2: $dr_category2\n";
$sendmessage .= "Province: $dr_area\n";
$sendmessage .= "Address: $dr_address\n";
$sendmessage .= "Telephone: $dr_telnum\n";
$sendmessage .= "Fax: $dr_faxnum\n";
$sendmessage .= "Cellphone: $dr_cellnum\n";
$sendmessage .= "A/H Number: $dr_ahnum\n";
$sendmessage .= "Email: $dr_email\n";
$sendmessage .= "Website: $dr_website\n";
$sendmessage .= "Office Hours: $dr_email\n";
$sendmessage .= "Notes: $dr_notes\n";
$sendmessage .= "Focus Areas: $dr_focus\n";
$sendmessage .= "Listing Type: $listingtype\n";
$ToEmail = "webmaster@estart.co.za";
mail("Doctors Online <".$ToEmail.">",$subject, $sendmessage, "From: ".$FromName." <".$FromEmail.">");
$ToEmail = "medical.passport@worldonline.co.za";
mail("Doctors Online <".$ToEmail.">",$subject, $sendmessage, "From: ".$FromName." <".$FromEmail.">");
?>
<table width="600" border="0" align="center" cellpadding="5" cellspacing="0">
<tr>
<td>
<div align="center">
<p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Thank you for submitting your details. </font></p>
<p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">The details have been added to our database and you will be sent an invoice</font> </p>
</div></td>
</tr>
</table>
<?
}
else {
?>
<form id="form1" name="form1" method="post" action="<?= $PHP_SELF?>">
<br />
<table width="600" border="0" align="center" cellpadding="5" cellspacing="0">
<tr>
<td colspan="2"><div>
<table width="100%" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="6%"><div>
<label>
<input name="listingtype" type="radio" id="radio" value="350" checked="checked" />
</label>
</div> </td>
<td width="94%"><div>
<font size="2" face="Verdana, Arial, Helvetica, sans-serif">
<label> </label>
</font>
<div align="left">Simple listing (name , surname and contact details only) R 450-00 for a full 12 months</div>
</div>
<div></div> </td>
</tr>
<tr>
<td><input type="radio" name="listingtype" id="radio2" value="450" /></td>
<td><div class="style1">
<div align="left">Detailed listing( name, surname, contact details, e-mail, website and focus areas) R 850-00 for a full 12 months</div>
</div>
<div></div></td>
</tr>
<tr>
<td><input type="radio" name="listingtype" id="radio4" value="650" /></td>
<td><div align="left">Detailed listing with logo R 1200-00 for a full 12 months</div></td>
</tr>
<tr>
<td><input type="radio" name="listingtype" id="radio5" value="1200" /></td>
<td><div align="left"><span class="style3">Listing of your practice with detailed listing of *up to 5 practitioners* R 1800-00 for a full 12 months</span></div></td>
</tr>
<tr>
<td><input type="radio" name="listingtype" id="radio3" value="2800" /></td>
<td><div align="left" class="style1">Banner with link to your site and detailed listing R 2800-00 for a full 12 months</div></td>
</tr>
</table>
<label></label>
</div>
</td>
</tr>
<tr>
<td width="220"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Title:</font></td>
<td width="360"><label>
<select name="dr_title" id="dr_title">
<option selected="selected">Select One</option>
<option>Dr.</option>
<option>Prof.</option>
<option>Mr.</option>
<option>Mrs.</option>
<option>Ms.</option>
</select>
</label></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Name:</font></td>
<td><label>
<input name="dr_name" type="text" id="dr_name" size="40" />
</label></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Qualifications/ Areas of Expertise:</font></td>
<td><input name="dr_qualification" type="text" id="dr_qualification" value="" size="40" /></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Business Name:</font></td>
<td><input name="dr_business" type="text" id="dr_business" size="40" /></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Category 1:</font></td>
<td>
<select name="catid1" id="catid1">
<option value="0" selected="selected">Select One</option>
<?
$sql = "select * from listings_categories order by title asc";
$sql_result = mysql_query($sql, $connection) or die("Query 4 failed : " . mysql_error());
while ($row = mysql_fetch_array($sql_result)) {
$pk = $row["pk"];
$category = $row["title"];
?>
<option value="<?= $pk?>"><?= $category?></option>
<?
}
?>
</select> </td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Category 2:</font></td>
<td><select name="catid2" id="catid2">
<option value="0" selected="selected">Select One</option>
<?
$sql = "select * from listings_categories order by title asc";
$sql_result = mysql_query($sql, $connection) or die("Query 4 failed : " . mysql_error());
while ($row = mysql_fetch_array($sql_result)) {
$pk = $row["pk"];
$category = $row["title"];
?>
<option value="<?= $pk?>">
<?= $category?>
</option>
<?
}
?>
</select></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Area:</font></td>
<td><select name="area_id" id="area_id">
<option value="0" selected="selected">Select One</option>
<?
$sql = "select * from listings_areas order by area_name asc";
$sql_result = mysql_query($sql, $connection) or die("Query 4 failed : " . mysql_error());
while ($row = mysql_fetch_array($sql_result)) {
$area_id = $row["area_id"];
$area_name = $row["area_name"];
?>
<option value="<?= $area_id?>">
<?= $area_name?>
</option>
<?
}
?>
</select></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Logo (optional):</font></td>
<td><input name="logofile" type="file" id="logofile" /></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Address:</font></td>
<td><textarea name="dr_address" cols="50" rows="4" id="dr_address"></textarea></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Telephone:</font></td>
<td><input name="dr_telnum" type="text" id="dr_telnum" /></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Fax:</font></td>
<td><input name="dr_faxnum" type="text" id="dr_faxnum" /></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Cellphone:</font></td>
<td><input name="dr_cellnum" type="text" id="dr_cellnum" /></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">After Hours Number:</font></td>
<td><input name="dr_ahnum" type="text" id="dr_ahnum" /></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">E-mail:</font></td>
<td><input name="dr_email" type="text" id="dr_email" size="40" /></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Website:</font></td>
<td><input name="dr_website" type="text" id="dr_website" size="40" /></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Office hours:</font></td>
<td><textarea name="dr_officehours" cols="50" rows="4" id="dr_officehours"></textarea></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Notes / Special Features:</font></td>
<td><textarea name="dr_notes" cols="50" rows="4" id="dr_notes"></textarea></td>
</tr>
<tr>
<td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Focus Areas:</font></td>
<td><textarea name="dr_focus" cols="50" rows="4" id="dr_focus"></textarea></td>
</tr>
</table>
<p align="center">
<label>
<input type="submit" name="Submit" id="button" value="Submit" />
</label>
</p>
</form>
<?
}
?>
</td>
</tr>
<tr>
<td><table width="300" border="0" align="center" cellpadding="5" cellspacing="0">
<tr>
<td><div align="center">
<?
if ($bottomad1_url <> "") {
?>
<a href="<?= $bottomad1_url?>">
<?
}
?>
<img src="listings/<?= $bottomad1?>" alt="" border="0" />
<?
if ($bottomad1_url <> "") {
?>
</a>
<?
}
?>
</div></td>
<td><div align="center">
<?
if ($bottomad2_url <> "") {
?>
<a href="<?= $bottomad2_url?>">
<?
}
?>
<img src="listings/<?= $bottomad2?>" alt="" border="0" />
<?
if ($bottomad2_url <> "") {
?>
</a>
<?
}
?>
</div></td>
</tr>
</table></td>
</tr>
</table>
</td>
<td width="160" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td><div align="center">
<?
if ($rightad1_url <> "") {
?>
<a href="<?= $rightad1_url?>">
<?
}
?>
<img src="listings/<?= $rightad1?>" alt="" border="0" />
<?
if ($rightad1_url <> "") {
?>
</a>
<?
}
?>
</div></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><div align="center">
<?
if ($rightad2_url <> "") {
?>
<a href="<?= $rightad2_url?>">
<?
}
?>
<img src="listings/<?= $rightad2?>" alt="" border="0" />
<?
if ($rightad2_url <> "") {
?>
</a>
<?
}
?>
</div></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><div align="center">
<?
if ($rightad3_url <> "") {
?>
<a href="<?= $rightad3_url?>">
<?
}
?>
<img src="listings/<?= $rightad3?>" alt="" border="0" />
<?
if ($rightad3_url <> "") {
?>
</a>
<?
}
?>
</div></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><div align="center">
<?
if ($rightad4_url <> "") {
?>
<a href="<?= $rightad4_url?>">
<?
}
?>
<img src="listings/<?= $rightad4?>" alt="" border="0" />
<?
if ($rightad4_url <> "") {
?>
</a>
<?
}
?>
</div></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><div align="center">
<?
if ($rightad5_url <> "") {
?>
<a href="<?= $rightad1_ur5?>">
<?
}
?>
<img src="listings/<?= $rightad5?>" alt="" border="0" />
<?
if ($rightad5_url <> "") {
?>
</a>
<?
}
?>
</div></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><div align="center">
<?
?>
<a href="<?= $rightad6_url?>">
<?
?>
<img src="listings/<?= $rightad6?>" alt="" border="0" />
<?
?>
</a>
<?
?>
</div></td>
</tr>
<tr>
<td> </td>
</tr>
</table></td>
</tr>
</table>
<table width="700" border="0" align="center" cellpadding="5" cellspacing="0">
<tr>
<td>
<div class="center">
<p class="foot">
Note: Dear users, prescribing medications online or giving a diagnosis contradicts medical ethics, which is why our Doctors can only offer opinions and clarify various symptoms and diseases, give you a second opinion on your problem and advise on what medical professional to consult or what tests to have done.
</p>
</div>
</td>
</tr>
</table>
<?
include("footertext.php");
?>
</body>
</html>
Edited by Vswe, 07 April 2010 - 09:12 AM.
#4
Posted 07 April 2010 - 08:55 AM
SoN9ne
-
- Members
-
- 129 posts
Programmer
Please use code tags so this can be easily read. Thanks! :cool:
Also, from a quick glance, you have SQL injection vulnerabilities. You should checkout mysql_real_escape_string on php.net. This may help fix your issue. IF someone is using ' or " it could break your SQL query. I would try mysql_real_escape_string first and see if the problem persist.
I only took a quick glance and this is what I noticed immediately. If this isn't the problem, it is still a major issue that needs to be addressed. ;)
Remember, you should always escape/filter your input and your output. Trust no one.
Also, from a quick glance, you have SQL injection vulnerabilities. You should checkout mysql_real_escape_string on php.net. This may help fix your issue. IF someone is using ' or " it could break your SQL query. I would try mysql_real_escape_string first and see if the problem persist.
I only took a quick glance and this is what I noticed immediately. If this isn't the problem, it is still a major issue that needs to be addressed. ;)
Remember, you should always escape/filter your input and your output. Trust no one.
"Life would be so much easier if we only had the source code."
#5
Posted 07 April 2010 - 09:13 AM
zillonnaire
-
- Members
-
- 4 posts
Newbie
@ Son9ne
Thank you so much.
I am a new PHP developer and i am still learning the ropes, i however inherited this codes. I would appreciate if you could tell me specifically what to do and where to insert that line of code.
Thank you.
Thank you so much.
I am a new PHP developer and i am still learning the ropes, i however inherited this codes. I would appreciate if you could tell me specifically what to do and where to insert that line of code.
Thank you.
#6
Posted 07 April 2010 - 10:26 AM
SoN9ne
-
- Members
-
- 129 posts
Programmer
Thanks, now it is much easier to read :)
The proper place to use the escape string is
You should replace
Also, you should filter
Looking at your code, it seems that ternary conditionals would work better for you.
Something like:
On a side note, all update/insert queries should be using mysql_real_escape_string. Also, you should have some fail-safes in place. I noticed that the script depends one variables but there is no checks to ensure these variables are in fact initiated or they are the correct type. If security isn't a concern of yours, which it should be, then perhaps checking your log will show you why it's a bad idea not to have fail-safes. I am more picky than most when it comes to clean code but I still feel these are practices to get use to.
To help and clear some confusion. For fail-safes, I am simply referring to using
There is no security on this script at all. Someone could easily perform SQL injection and possibly even hijack your emailer and send out spam from your server.
The proper place to use the escape string is
$sql = "select * from listings_categories where pk = '".mysql_real_escape_string($pk)."'";
You should replace
$sql = "select * from listings_categories where pk = \"$pk\"";with the code above.
Also, you should filter
$_GET['pk']depending on your needs,
htmlentities($_GET['pk'])should suffice.
if ($bottomad1 == "")is redundant, you can easily use
if ($bottomad1)
Looking at your code, it seems that ternary conditionals would work better for you.
Something like:
$bottomad1 = ($row["bottomad1"]) ? $row["bottomad1"] : "bansplit.gif";which is exactly the same as
$bottomad1 = $row["bottomad1"]; if ($bottomad1 == "") $bottomad1 = "bansplit.gif";
On a side note, all update/insert queries should be using mysql_real_escape_string. Also, you should have some fail-safes in place. I noticed that the script depends one variables but there is no checks to ensure these variables are in fact initiated or they are the correct type. If security isn't a concern of yours, which it should be, then perhaps checking your log will show you why it's a bad idea not to have fail-safes. I am more picky than most when it comes to clean code but I still feel these are practices to get use to.
To help and clear some confusion. For fail-safes, I am simply referring to using
isset($varName)Don't go crazy with it, use it only when necessary. This code snippet alone can resolve many of your warnings and notices in your log.
There is no security on this script at all. Someone could easily perform SQL injection and possibly even hijack your emailer and send out spam from your server.
"Life would be so much easier if we only had the source code."
#7
Posted 07 April 2010 - 10:41 AM
zillonnaire
-
- Members
-
- 4 posts
Newbie
Thanks i did that but i got this error
Parse error: syntax error, unexpected T_VARIABLE in /home/askthedo/public_html/listings.php on line 14
thats this line
$sql = "select * from listings_categories where pk = '".mysql_real_escape_string($pk)."'";
This is really huge, more huge than i had thought. Amazingly the form was working perfectly well until now, perhaps the lack of security you mentioned could have been responsible.
I would appreciate ur further help, if so wish i could email you the files and the database structure and show u the ones that have refuse to show up on the website tables.
Parse error: syntax error, unexpected T_VARIABLE in /home/askthedo/public_html/listings.php on line 14
thats this line
$sql = "select * from listings_categories where pk = '".mysql_real_escape_string($pk)."'";
This is really huge, more huge than i had thought. Amazingly the form was working perfectly well until now, perhaps the lack of security you mentioned could have been responsible.
I would appreciate ur further help, if so wish i could email you the files and the database structure and show u the ones that have refuse to show up on the website tables.
#8
Posted 07 April 2010 - 10:49 AM
SoN9ne
-
- Members
-
- 129 posts
Programmer
I am curious as to what the data would look like that is having difficulties in being properly inserted into the DB.
What line is line 14? Better yet, what are the 3 surrounding lines? This error can be caused by missing a ; or curly brace or something minor missing. Double check the code.
What line is line 14? Better yet, what are the 3 surrounding lines? This error can be caused by missing a ; or curly brace or something minor missing. Double check the code.
"Life would be so much easier if we only had the source code."
