PHP - Problem Json_encode($results) With Data Like
If i run data that has HTML entities such as ( ) though json_encode($results) it seems to produce NULL any ideas?
Similar TutorialsHi All I got some help to write this code and it is not working because i get the error ( ! ) Parse error: syntax error, unexpected '{' in C:\wamp\www\blackrain\Resources\json-gen.php on line 14 Here is the php code Code: [Select] <?php error_reporting(-1); ini_set('display_errors',1); $link = mysql_connect('localhost', 'root', ''); if (!$link) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully<br />'; mysql_select_db("php"); $arr = array(); $rs =mysql_query("SELECT `id`, `title`, `author`, `date`, `imageUrl`, `text` FROM `items`"); while($obj = mysql_fetch_array($rs,MYSQL_ASSOC) { $arr[0] = $obj['id']; $arr[1] = $obj['title']; $arr[2] = $obj['author']; $arr[3] = $obj['date']; $arr[4] = $obj['imageUrl']; $arr[5] = $obj['text']; } //numbering the array indexes, will only return 5 array indexes EVER. All indexes will be over written on each loop. echo json_encode($arr); ?> the sql data is below please put in a db named php and a table named items -- phpMyAdmin SQL Dump -- version 3.3.9 -- http://www.phpmyadmin.net -- -- Host: localhost -- Generation Time: Sep 10, 2011 at 11:49 AM -- Server version: 5.5.8 -- PHP Version: 5.3.5 SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8 */; -- -- Database: `php` -- -- -------------------------------------------------------- -- -- Table structure for table `items` -- CREATE TABLE IF NOT EXISTS `items` ( `id` int(11) NOT NULL AUTO_INCREMENT, `title` text NOT NULL, `author` text NOT NULL, `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `imageUrl` text NOT NULL, `text` text NOT NULL, `catagory` text NOT NULL, KEY `id` (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=25 ; -- -- Dumping data for table `items` -- INSERT INTO `items` (`id`, `title`, `author`, `date`, `imageUrl`, `text`, `catagory`) VALUES (2, 'some random title', 'me', '0000-00-00 00:00:00', 'http://forums.mysql.com/read.php?45,55300,56787#msg-56787', 'fvsdhlihldj sdfjvhduolh dvjichis', '0'), (4, '', '', '0000-00-00 00:00:00', '', '', '0'), (5, 'yet another trial', 'me', '0000-00-00 00:00:00', 'http://www.gaj-it.com/wp-content/uploads/apple5.jpg', ' nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnn', '0'), (6, 'yet another trial', 'me', '0000-00-00 00:00:00', 'http://www.gaj-it.com/wp-content/uploads/apple5.jpg', ' nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnf nnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnn nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnnnnnnn', '0'), (7, '', '', '0000-00-00 00:00:00', '', ' ', '0'), (8, '', '', '0000-00-00 00:00:00', '', '', '0'), (9, 'n', '', '0000-00-00 00:00:00', '', '', '0'), (10, 'n', 'me', '0000-00-00 00:00:00', '0000', 'me', '0'), (11, 'n', 'me', '0000-00-00 00:00:00', '0000', 'me1', '0'), (12, 'M', 'Me', '0000-00-00 00:00:00', 'url', 'jdoiheouhfviuehvuiohbeuiofhvuiheiufhvuiehuifvheio uhfvoiuhrovheovhuhfvbuohouifhbouehouhbveiouhfbveb hsousuobv ousiuodfbvibfuibvousdubfdfbfbuvbbfdbufvbjjbfvdjfj fvdjfbfbfdfbbfbbfkbjkbjbfdjbjfkbjkbjbjnbjnnbdnbnj jnbdnjkbfdjknbdnjkbdnjkbdnjkbfdnjkbdnjkbfdnjkbnjk bfdnjkgbnjkgbnjknknknbngbbbd', '0'), (13, 'M', 'Me', '0000-00-00 00:00:00', 'url', 'jdoiheouhfviuehvuiohbeuiofhvuiheiufhvuiehuifvheio uhfvoiuhrovheovhuhfvbuohouifhbouehouhbveiouhfbveb h0pvipjfvoejnv oaiehnfvolijeaofvihn olan', '0'), (14, 'M', 'Me', '0000-00-00 00:00:00', 'url', 'jdoiheouhfviuejnjfnfviejnfvienfivnloidfhnvvihn olan', '0'), (15, 'hhikuh', 'h', '0000-00-00 00:00:00', 'j', ' uhuhiuhuhuiohuoiho', '0'), (16, '', '', '0000-00-00 00:00:00', '', '', '0'), (17, 'brenton', 'me', '0000-00-00 00:00:00', 'http://www.gaj-it.com/wp-content/uploads/apple5.jpg', 'hi all ', '0'), (18, '', '', '0000-00-00 00:00:00', '', '', '0'), (19, 'something', 'me', '0000-00-00 00:00:00', 'http://www.gaj-it.com/wp-content/uploads/apple5.jpg', 'ihfdvuikhavh\r\n ', '0'), (20, '', '', '0000-00-00 00:00:00', '', '', '0'), (21, '', '', '0000-00-00 00:00:00', '', '', '0'), (22, '', '', '0000-00-00 00:00:00', '', '', '0'), (23, 'cd', 'fg', '0000-00-00 00:00:00', 'srf', 'dfsf ', '0'), (24, 'cd', 'fg', '0000-00-00 00:00:00', 'srf', 'dfsf ', 'audi'); thanks matt when trying to decode a array of rows taken from my database I found that the json_encode function doesn't allow you to present you array as (with brackets [ ])
[{"name":"Destramic"}]but returns the array as (without brackets [ ]) {"name":"Destramic"}I looked into the documentation and it doesn't seem as if php offer such a way of having bracket which Is a bit of a problem with passing to jquery (which I've found using their autocomplete plugin) this has resulted in me having to add brackets myself $data = "[" . json_encode($rows2) . "]";does anyone know if you can encode it with the brackets or readable for jquery...thank you hi i have this code: Code: [Select] //sql $sql -> bind_param('s',$offer); $sql -> execute(); $sql -> bind_result($oferta, $cargo, $conteudo, $tipo_oferta, $local); $arr = array(); while ($sql -> fetch()) { $arr[] = array($oferta, $cargo, $conteudo, $tipo_oferta, $local); }; return $arr; then i make this in ajax (jquery) Code: [Select] data: 'all=<?php echo json_encode($arr); ?>', and in other page i make: Code: [Select] $editar = $_POST['all']; $e = json_decode($editar, true); echo $e[0][0]; the problem is: if i only do : Code: [Select] $arr[] = array($oferta); this echo $e[0][0]; outputs: designer (is the value of $oferta) but if i do Code: [Select] $arr[] = array($oferta, $cargo, $conteudo, $tipo_oferta, $local); echo $e[0][0]; simply doesn't show anything. the question is why ? and how can be solved? Hey everyone. So i'm trying to json_encode one of my arrays like such:
heres an example of how the array is being created (From the array results, everything seems to be fitting OK into the actual array creation) but it's just the actual array creating a multi demension after each result.
$num = 1; $num2 = 1; $i = 0; if ($num > 0) { $array[$i][1] = 40; } if ($num2 > 0) { $array[$i][2] = 50; } ++$i;I'm trying to achive this: var array_one_results = new Array(); array_one[1][0] = 40; array_one[1][0] = 50; array_one[2][1] = 40; array_one[2][1] = 50;right now, this is my results: var array_name = new Array(); array_name["0"] = new Array();array_taken["0"]["0"] = "10"; array_taken["0"]["1"] = "20"; array_name["1"] = new Array();array_taken["1"]["0"] = "10"; array_taken["1"]["1"] = "20"; array_name["2"] = new Array();array_taken["2"]["0"] = "10"; array_taken["2"]["1"] = "20"; array_name["3"] = new Array();array_taken["3"]["0"] = "10"; array_taken["3"]["1"] = "20"; array_name["4"] = new Array();array_taken["4"]["0"] = "10"; array_taken["4"]["1"] = "20";It's creating a new array for each. If anyone could help me through this, i'd really appreciate it. I'm encoding it with this: function js_str($s) { return '"'.addcslashes($s, "\0..\37\"\\").'"'; } function js_array($array, $keys_array) { foreach ($array as $key => $value) { $new_keys_array = $keys_array; $new_keys_array[] = $key; if(is_array($value)) { echo 'array_name'; foreach($new_keys_array as $key) { echo '["'.$key.'"]'; } echo ' = new Array();'; js_array($value, $new_keys_array); } else { echo 'array_taken'; foreach($new_keys_array as $key) { echo '["'.$key.'"]'; } echo ' = '.js_str3($value).";\n"; } } } I have been given a task, and I gotta say it is kicking my butt.
Here is what I have to do.
1. Have user fill out and submit a form.
2. Data gets sent to: http://www.ffiec.gov...de/Default.aspx
3. Data is set as values for input fields in the sites form.
4. Form executes.
5. Retrieve result data.
6. Display data back to my site.
I have no idea how to do this.
Usually when I have done something like this I use an API.
Hope my question is clear.
Thanks for the help.
Reasons to use json_last_error() is obvious when decoding, but was not so to me when encoding. Looking at the documents, malformed UTF-8 characters will result in an error. The examples given show encoding a string, however, an array with an index value which is malformed UTF-8 characters will result in the same error. Are there other cases which json_encode() will result in error? Why would one actually want to use json_encode() on a string? Hi, having problems getting checkboxes to display all reuslts when a user selects more than one check box say in the category section and one in the location section - see page http://www.partyco.co.uk/event-and-party-venues/ - submit to see reults page: I managed to get it to display reults if the user only seletc either a right or left column option OR one of each - BUT not when thet select multiple categories and one location - and ideas how to do this ? putting it into an array perhaps - but how - new to some of this.... here is the code for the reults page: Code: [Select] <?php $location = $_POST[location]; $category = $_POST[category]; ?> <?php $Link = mysql_connect("xxxxxxxxx", "xxxxxxxxx", "xxxxxxxx") or die(mysql_error()); mysql_select_db("xxxxxxxx") or die(mysql_error()); // selects db listings when location not given if (empty($location)) { $query = "SELECT * FROM venues WHERE category = '$category' order by title"; $result = mysql_query($query) or die(mysql_error()); // selects db listings when category not given } elseif(empty($category)) { $query = "SELECT * FROM venues WHERE location = '$location' order by title"; $result = mysql_query($query) or die(mysql_error()); // selects db listings when both given }else { $query = "SELECT * FROM venues WHERE category = '$category' and location = '$location' order by title"; $result = mysql_query($query) or die(mysql_error()); } while($row = mysql_fetch_array($result)){ echo "<div class=\"resultsShort\" style=\"margin-bottom:10px;\">"; echo "<h2 id=\"resultsHeading\">"; echo $row['title']; echo "</h2>"; echo "<p class\"resultspara\">". nl2br($row['description']). "</p>"; echo "<h4 style=\"margin:5px 0 0 0; padding:0;\">Contact details</h4>"; echo "<p class\"resultspara\">". nl2br($row['contact']). "</p>"; echo "<div style=\"float:left; width:124px; height:40px; margin:10px 15px 0 0;\">"; echo "<a href=\"/party-supplier-resources/email-supplier.php?title=". $row['title']. "&email=" . $row['email']. "&location=" . $row['location']. "&category=" . $row['category']. "\" title=\"contact this venue here\">"; echo "<img src=\"/images/email-supplier.jpg\" width=\"124\" align=\"right\" height=\"35\" alt=\"contact this supplier button\" border=\"0\" /></a>"; echo "</div>"; echo "</div>"; } ?> <?php include("../include/shareLinks.php"); ?> <div id="popupContact"> <a id="popupContactClose" title="close this window">close x</a> <h1>Supplier Directory Enquiry Form</h1> <?php include("../include/enquiryform.php"); ?> </div> <div id="backgroundPopup"></div> <?php mysql_close ($Link); ?> Any help appreciated! Aaron MOD EDIT: [code] . . . [/code] BBCode tags added. Hi guys, I need to know how to json_encode a mysql output, so far the PHP ref manual for json_encode is not proving very helpful. Any help is much appreciated. I have a function where I am returning a few different arrays into one return json_encode(); but how would I do this? I'm bulling an array from 2 different database tables, and I can't join or union these, because I am actually going to have quite a few different calls that needs to call into other areas. Anyway, My 2 variables are,' $names and $posts If I put one of these in the return json_encode($posts); like that, then the $posts show up fine while the names of course display Undefined, and if I put in return json_encode($names); then my code works for the names to be displayed but anything in the posts of course is undefined, how do I put these two together? Thanks Good morning,
I am trying to convert a mssql query into json format so that I can then later pass this through google's visualisation api. The query and encoding seems to be working but the encode returns NULL.
I have checked the normal gotcha's of making sure its utf8 encoded and that I have used a version of PHP that has the encode (using php 5.3.19).
Can any one help me with getting the encode to work.
PHP CODE:
<?php Dear all hello. I am facing a major issue with greek characters. Here is the php script: Code: [Select] <?php $connect = mssql_connect($db_server,$db_username,$db_password) or die("0001"); mssql_select_db($wf_db) or die("0002"); $sql_a = "SELECT [ID],[WASTE_SN] FROM [Webforms].[dbo].[Waste_Types] ORDER BY [WASTE_SN] ASC"; $waste_name = array(); $waste_id = array(); $query_a = mssql_query($sql_a) or die("0003"); while ($row = mssql_fetch_assoc($query_a)){ $waste_name[] = $row['WASTE_SN']; $waste_id[] = $row['ID']; } mssql_close($connect); $final_array = array( "waste_name" => $waste_name, "waste_id" => $waste_id ); $json = json_encode($final_array); echo $json; ?> Json_encode returns null for all values of array $waste_name when greek words are found. When I use print_r($waste_name), i can see all words fine. I've tried almost everything, including utf8_encode without results. Any help will be really appreciated! Hello, I am new to pHp and javascript languages and I am trying to do some math calculations in pHp, then display the results with google charts. However, I got stuck with inserting data from pHp using json_encode. It works for the most simple array, with using 2 values. When using array of arrays, it does not work. I believe it could be a syntax errors with all those brackets but I could not figure it out. Thanks for any ideas! <?php // some arrays with dim 2x2 $testarr0 = array( 0.1, 2.5); $testarr = array( 1.0, 3.5); $testarr = array( $testarr0, $testarr ) ; // this is how it looks in pHp $json = json_encode($testarr); echo($json); echo '<br/>'; echo json_encode($json); ?> <html> <head> <script type="text/javascript" src="https://www.gstatic.com/charts/loader.js"> </script> <script type="text/javascript"> google.charts.load('current', {'packages':['line']}); google.charts.setOnLoadCallback(drawChart); function drawChart() { var data = new google.visualization.DataTable(); data.addColumn('number', 'x values'); data.addColumn('number', 'y1 '); //var dataArray = <?php echo json_encode($testarr);?>; //document.body.innerHTML = " Data Array with json: " + dataArray ; // defining array here works well /* data.addRows( [ [0.1 ,2.5], [1.0 ,3.5] ] ); */ // this here does not work: data.addRow( <?php echo json_encode($testarr);?> ); // some options for the chart var options = { chart: { title: 'Points over time', }, width: 600, height: 400, axes: { x: { 0: {side: 'top'} } } }; var chart = new google.charts.Line(document.getElementById('line_top_x')); chart.draw(data, google.charts.Line.convertOptions(options)); } </script> </head> <body> <div id="line_top_x" style="width: 900px; height: 500px"></div> </body> </html>
Hello
I am having an issue with encoding an array to JSON, my array seems to be formed correctly but when I try and echo the json_encode version I get "null". I echo the JSON error code and it is "0" indicating no issue..
I have read that non UTF-8 characters can be an issue, but this is simple data, no strange characters... but I added the utf8_encode anyway....
Here is my code:
$dataArray = array( 'title' => 'Test Item', 'icon_url' => 'http://url/api/testimage.jpg', 'item_id' => '12345', 'expiration' => 600 ); utf8_encode($dataArray); $responsArray = array( 'success' => '1', 'data' => $dataArray ); utf8_encode($responsArray); header('Content-type: application/json'); echo print_r($responsArray); echo json_encode ($responseArray); echo json_last_error(); I have a piece of code that outputs json as you can see from the example below it add \ / in front of urls & for ' it turns it into ' is there something i can do to correct this? Code: [Select] if (mysqli_num_rows($r) > 0) { // Available. while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) { $results[] = array( 'blog_id' => ($row['ID']), 'post_date' => ($row['pd']), 'post_title' => ($row['post_title']), 'article_img' => ('http://www.socialnewsoffice.com/uploads/'.$row['article_img']), 'post_content' => ($row['post_content']), 'tags' => ($row['tags']), 'views' => ($row['views']), 'categorie_id' => ($row['categorie_id']), 'post_url' => ($row['post_url'])); } echo $json = Pretty_JSON(json_encode($results)); it outputs Code: [Select] [{ "blog_id":"3", "post_date":"Thu, 1 March 2012", "post_title":"Facebook's New Fan Page Learn How To Use Features", "article_img":"http:\/\/www.socialnewsoffice.com\/uploads\/17963.jpg", "post_content":"<p>This week saw the release of Facebook's latest functionality changes (Timeline for Businesses) that will shape the future of how businesses will market their campaigns, through the social media giant Facebook. A number of marketers are wondering how they will incorporate the new features in an attempt to progress and move forward with their online social media presence.<\/p>\r\n<p>Taking all the key changes in to consideration we have managed to create a guide on how to smoothly move with the times and embrace the new Facebook layout.<\/p>\r\n<p>Please read on below for helpful tips and tricks on how to excel with 'Timeline for Brands'<\/p>\r\n<h2>New Features Announced at the Facebook Marketing Conference:<\/h2>\r\n<p><strong>View and Apps:<\/strong> What was once known as Application pages has changed to 'Tabs'. These can now have customizable images linked with them and the order of them can be changed too. Below you can see from the screenshot what a customized Facebook Timeline looks like.<\/p>\r\n<p><strong>Pinning Content:<\/strong> With this new feature you can 'pin' a post to the very top of your Facebook Timeline. This is Very effective when working on a new campaign and is a great way to entice increased traffic to your tab or application page.<\/p>\r\n<p><strong>Featured 'Starred' Content:<\/strong> This feature allows you to select key content or imagery and extend it so it fits across your entire page. Therefore giving you featured content on your Facebook Timeline and making it more visible.<\/p>\r\n<p><strong>Cover Photos:<\/strong> Cover Photos are another great new feature that allow you to announce your latest campaign, welcome your following community or just simply show visitors to your timeline what you can do. There are some slight flaws with this feature though and will be addressed below.<\/p>\r\n<p><strong>Page Dimensions:<\/strong> Dimensions of application pages has now changed with the release of Facebook Timeline. If you happen to be an SML user then you have all the tools necessary to update your page on your own. If your using Involvers App Suite then those applications will be updated soon.<\/p>\r\n<p><strong>Removal of Default Landing Pages:<\/strong> The commonly used Facebook landing pages have been removed and replaced with various options to allow brands to drive content to application pages. These options allow you to use your cover photo and pinned content to attract users to your personal application pages. Despite the changes it is however still possible to link directly to application pages from ads, posts and outside of Facebook.<\/p>\r\n<h2>Getting Started with Timeline For Brand:<\/h2>\r\n<p>Firstly when accessing and logging in to your New Facebook Brand Page, you will see this admin message displayed below:<\/p>\r\n<p>When will my Page change to the latest design?<\/p>\r\n<p>To see a preview of what your new pages will look like, simply click on the green button at the top of your current pages. A second option is to wait until March 30th 2012 when all pages will be upgraded automatically.<\/p>\r\n<p>Where can I visit to learn more about how to use the new Pages?<\/p>\r\n<p><strong>There are a number of places you can visit to learn all you need to know about Pages:<\/strong><\/p>\r\n<ul>\r\n<li>To find out more about new features, download the Pages Overview guide by clicking here.<\/li>\r\n<li>If your wondering how to get started with Pages then download Facebook's full Pages Product Guide by clicking here.<\/li> \r\n<li>The Pages Learning video allows you to walk through the key features with Facebook's product experts.<\/li> \r\n<li>If you need answers to specific questions, visit Facebook's Help Centre. <\/li>\r\n<\/ul>\r\n<h2>How should I choose a cover photo for my Page?<\/h2>\r\n<p>Firstly select a unique image that represents your page. Facebook itself recommends using a photo of a popular menu item, album artwork or an image of your product being used by someone. You need to experiment with a number of different images that your audience responds positively to. \r\nFew key elements of Cover Images:\r\n<\/p>\r\n<p><strong>Each Cover image must be at least 399 pixels wide and must not contain the following:<\/strong><\/p>\r\n<ul>\r\n<li>Prices \/ Purchase information and displaying offers such as \"60% off this month\" are not permitted. Also 'Download this from our website' is not allowed.<\/li> \r\n<li>No email addresses, web addresses and any other contact information.<\/li>\r\n<li>References to clicking on or the use of Facebook interface elements such as Like or Share or any other Facebook Features.<\/li>\r\n<li>\"Tell your friends\" or \"Get it now\" or any other calls to action are not allowed in the latest version of Facebook Timeline.<\/li>\r\n<\/ul>\r\n<p>All Timeline cover imagery is public and therefore means anyone visiting your Page will be able to see exactly which image you have chosen. The photos you display must not be deceptive, false or misleading any way that infringes on third party intellectual property. You must also not encourage of incentivize other fellow users, friends or business associates to display the same cover image as yours on personal Timelines.<\/p>\r\n<p>To sum up we are extremely excited about the latest Facebook feature release this week. They constantly deliver new services that are amazing and incredibly innovative to the market place.<\/p>\r\n<p>Here at Northplanet we are commited to provide you with the latest information on the hottest online topics around, to keep you ahead in the game. We would love to hear some feedback from you on the brand new Facebook 'Timeline for Brands' release and invite you to visit our very own <a href=\"https:\/\/www.facebook.com\/northplanet\">Northplanet Facebook Timline page by clicking here.<\/a><\/p>", "tags":"facebook, new fan page", "views":"253", "categorie_id":"2", "post_url":"facebooks-new-fan-page-learn-how-to-use-features" } Since there have been some debates about how to safely pass PHP values to JavaScript, I hope I can clarify a few things.
One suggestion that kept recurring was to simply run the value through json_encode() and then inject the result into a script element. The JSON-encoding is supposed to (magically?) prevent cross-site scripting vulnerabilities. And indeed it seemingly works, because naïve attacks like trying to inject a double quote will fail.
Unfortunately, this approach doesn't work at all and is fundamentally wrong for several reasons:
json_encode() was never intended to be a security function. It simply builds a JSON object from a value. And the JSON specification doesn't make any security promises either. So even if the function happens to prevent some attack, this is implementation-specific and may change at any time.
JSON doesn't know anything about HTML entities. The encoder leaves entities like " untouched, not realizing that this represents a double quote which is dangerous in a JavaScript context.
The json_encode() function is not encoding-aware, which makes it extremely fragile and unsuitable for any security purposes. Some of you may know this problem from SQL-escaping: There used to be a function called mysql_escape_string() which was based on a fixed character encoding instead of the actual encoding of the database connection. This quickly turned out to be a very bad idea, because a mismatch could render the function useless (e. g. the infamous GBK vulnerability). So back in 2002(!), the function was abandoned in favor of mysql_real_escape_string(). Well, json_encode() is like the old mysql_escape_string() and suffers from the exact same issues.
Any of those issues can be fatal and enable attackers to perform cross-site scripting, as demonstrated below.
1)
The entire “security” of json_encode() is based on side-effects. For example, the current implementation happens to escape forward slashes. But the JSON standard doesn't mandate this in any way, so this feature could be removed at any time (it can also be disabled at runtime). If it does get disabled, then your application is suddenly wide open to even the most trivial cross-site scripting attacks:
<?php header('Content-Type: text/html; charset=UTF-8'); $input = '</script><script>alert(String.fromCharCode(88, 83, 83));</script><script>'; ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>XSS</title> </head> <body> <script> var x = <?= json_encode($input, JSON_UNESCAPED_SLASHES) ?>; </script> </body> </html>2) In XHTML, a script element works like any other element, so HTML entities like " are replaced with their actual characters (in this case a double quote). But JSON does not recognize HTML entities, so an attacker can use them to bypass json_encode() and inject arbitrary characters: <?php header('Content-Type: application/xhtml+xml; charset=UTF-8'); $input = "";alert('XSS');""; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>XSS</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> </head> <body> <script type="text/javascript"> var x = <?= json_encode($input) ?>; </script> </body> </html>3) json_encode() blindly assumes that the input and the output should always be UTF-8. If you happen to use a different encoding, or if an attacker manages to trigger a specific encoding, you're again left with no protection at all: <?php header('Content-Type: text/html; charset=UTF-7'); $input = '+ACIAOw-alert(+ACI-XSS+ACI)+ADsAIg-'; ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-7"> <title>XSS</title> </head> <body> <script> var x = <?= json_encode($input) ?>; </script> </body> </html>(This particular example only works in Internet Explorer.) I hope this makes it very clear that json_encode() is not a security feature in any way. Relying on it is conceptually wrong and simply a very bad idea. It's generally not recommended to inject code directly into a script element, because any mistake or bug will immediately lead to a cross-site scripting vulnerability. It's also very difficult to do it correctly, because there are special parsing rules and differences between the various flavors of HTML. If you try it, you're asking for trouble. So how should one pass PHP values to JavaScript? By far the most secure and robust approach is to simply use Ajax: Since Ajax cleanly separates the data from the application logic, the value can't just “leak” into a script context. This is essentially like a prepared statement. If you're into micro-optimization and cannot live with the fact that Ajax may need an extra request, there's an alternative approach by the OWASP: You can JSON-encode the data, HTML-escape the result, put the escaped content into a hidden div element and then parse it with JSON.parse(): <?php header('Content-Type: text/html; charset=UTF-8'); $input = 'bar'; ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>XSS</title> <style> .hidden { display: none; } </style> </head> <body> <div id="my-data" class="hidden"> <?php $json_object = json_encode(array( 'foo' => $input, )); // HTML-escape the JSON object echo htmlspecialchars($json_object, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8'); ?> </div> <script> var data = JSON.parse(document.getElementById('my-data').innerHTML); alert('The following value has been safely passed to JavaScript: ' + data.foo); </script> </body> </html> I am getting repeat results, need help to stop this Code: [Select] $sqlgb ="SELECT * FROM `guestbook`JOIN `obituaries` ON (guestbook.obits_id = '$id') "; $results=mysql_query($sqlgb) or die("Error: ". mysql_error(). " with query ". $sqlgb); $num = mysql_num_rows($results); if ($num > 0 ) { $i=0; while ($i < $num) { $id = mysql_result($results,$i,"id"); $obits_id = mysql_result($results, $i, "obits_id"); $name = mysql_result($results,$i,"name"); $email = mysql_result($results,$i,"email"); $message = mysql_result($results, $i, "message"); $postdate = mysql_result($results,$i,"postdate"); //$deceased = mysql_result($results, $i "fname"); $date = convertdate($postdate); ?> <p class="ptext">Message From: <a href="mailto:<?php echo $email; ?>"><?php echo $name; ?></a></p> <p class="ptext"><?php echo $postdate; ?></p> <p class="ptext"><?php echo $message; ?></p> <p> <div align="center"><h2> <a href="gbview.php?id=<?php echo($id); ?>">View Guestbook</a> | <a href="gbpost.php?id=<?php echo($id); ?>">Sign the Guestbook</a></h2></div> </p> <?php ++$i; } } else { echo($results['obituaries.fname']); } mysql_close(); ?> I've been trying to fix this piece of script so i can query the results from a database. What i want to do is to display the results from the database like below: Product Heading price Subproduct - $price Each item would have a check box next to them. I have managed to display the items but not the prices. I've looked over the code several times but i'm lost on what i should do. Anyway here's the code, i hope someone here can view it and let me know what i'm doing wrong or what i'm not doing. <?php $get_cats = "SELECT * FROM sub_service WHERE industry='$industry'"; $run_get = mysql_query($get_cats) or die(mysql_error()); $tmp = array(); $x=1; while($rw = mysql_fetch_assoc($run_get)){ if (!array_key_exists($rw['service'],$tmp)) { $tmp[$rw['service']] = array(); } $tmp[$rw['service']][] = $rw['sub_service']; } foreach ($tmp as $service => $items) { ?> <div id="industry_wrapper"> <h2><?php echo $service ?></h2> </div> <div id="select_all_holder"> <div id="select_all_input"> <input type="checkbox" class="toggleElement" name="toggle" onchange="toggleStatus()" /> </div> <div id="select_all_txt"> <p>Select All Services - $</p> </div> </div> <?php echo' <div class="service_holder"> <table width="650" cellpadding="0" cellspacing="5"> '; foreach ($items as $cat) { ?> <tr> <td width="28" align="center"><input type="checkbox" /></td> <td width="605"><p><?php echo $cat ?> - $<?php echo $tmp['price']; ?></p></td> </tr> <?php } echo'</table></div>'; } ?> Search not functioning. The drop down box to search on Club_Name and Email is blank, clicking search results unchanged ... all suggestions appreciated ... newbie at php. Thanks. <!-- Code below is not functional, trying to query search results, search box with drop down box for two fields--> <table width="50%"> <tr> <td height="30" align="left" bgcolor="#FFFFFF" class="form1" > {$letter_links} </td> <td height="30" align="right" bgcolor="#FFFFFF" class="form1" > <input type=hidden name="sorter" value="{$sorter}"> <table><tr> <form name="search_form" action="{$form.action}" method="post"> <td class="form1" ><input type="text" name="search" value="{$search}"></td> <td class="form1" ><select name="s_type" style=""> {section name=s loop=$types} <option value="{$smarty.section.s.index_next}" {if $types .sel}selected{/if}>{$types .value}</option> {/section} </select></td> <td class="form1"><input type="button" value="{$button.search}" class="button" onclick="javascript: document.search_form.submit();" name="search_submit"></td> </form> </tr></table> </td> </tr> </table> <!-- Code below successfully displays query results --> <form method="post" action="{$file_name}?sel=approve" enctype="multipart/form-data" name="form1" onsubmit="foo(); return false;"> <table cellspacing="2" cellpadding="10" border="1"> <tr align="center"><td>Num</td><td>Club Name</td><td>Login</td><td>Country</td><td>Region</td><td>City</td><td>Address</td><td>Web site</td><td>Email</td><td>Contact Name</td><td>Contact Phone</td><td>Swinging</td><td>Alcohol</td><td>Food</td><td>Entertainment</td><td>Fees</td><td>Approved/<br/>Rejected</td><td>Actions</td></tr> {foreach item=item from=$contest key=key name=foo} <tr align="center"><td><input type="hidden" name="all_approves[{$item.id}]" value="{$item.id}"/>{$key+1}</td><td>{$item.name}</td><td>{$item.login}</td><td>{$item.country_name}</td><td>{$item.region_name}</td><td>{$item.city_name}</td><td>{$item.address}</td><td>{$item.web_site}</td><td>{$item.email}</td><td>{$item.contact_name}</td><td>{$item.contact_phone}</td> <td> {math equation="x - 1" x=$item.swinging assign=index_pos} {$xml_swing[$index_pos].value}</td> <td>{math equation="x - 1" x=$item.alcohol assign=index_pos}{$xml_alco[$index_pos].value}</td> <td>{math equation="x - 1" x=$item.foot assign=index_pos}{$xml_foot[$index_pos].value}</td> <td>{math equation="x - 1" x=$item.entertainment assign=index_pos}{$xml_entertainment[$index_pos].value}</td> <td>{math equation="x - 1" x=$item.fees assign=index_pos}{$xml_fees[$index_pos].value}</td><td> <span> {if $item.is_approved eq '1'} Approved {else} Rejected {/if}</span></td><td align="center"><a href="{$file_name}?sel=edit&id_content={$item.id}">[ Edit ]</a><br/><a href="{$file_name}?sel=delete&id_content={$item.id}">[ Delete ]</a><br/><a href="{$file_name}?sel=approve&id_content={$item.id}">[ Approve ]</a><br/><a href="{$file_name}?sel=reject&id_content={$item.id}">[ Reject ]</a></tr> {/foreach} </table> </form> My error happens on line #81 Hi... I create a payroll system and now I have an issue or problem in saving data before I save data using save button now i want to save data when clicking the employee name at the navigalist list from the left side. Here is my code for the searching and displaying employee name at navigation list: Here is my code for search.php: Code: [Select] <?php session_start(); include 'config.php'; $queryString = $_GET["query"]; if ($queryString == "" || $queryString == null) { $sql = "SELECT EMP_ID, CONCAT(LNAME, ', ', FNAME, ' ', MI, '.') AS FULLNAME FROM PERSONAL ORDER BY FULLNAME ASC"; } else { $sql = "SELECT EMP_ID, CONCAT(LNAME, ', ', FNAME, ' ', MI, '.') AS FULLNAME FROM PERSONAL WHERE CONCAT(LNAME, ', ', FNAME, ' ', MI, '.') LIKE '" . $queryString . "%' ORDER BY FULLNAME ASC"; } $recPersonalQuery = $conn->Execute($sql); if (!$recPersonalQuery->BOF) { $recPersonalQuery->MoveFirst(); } echo "<hr />"; echo "<ul>"; while (!$recPersonalQuery->EOF) { $empID = $recPersonalQuery->fields["EMP_ID"]; $empFullName = $recPersonalQuery->fields["FULLNAME"]; echo "<li onclick=changeEmployeePay('$empID'); >$empFullName</li>"; //echo "<li onkeyup=changeEmployeePay('$empID'); >$empFullName</li>"; echo "<hr />"; $recPersonalQuery->MoveNext(); } echo "</ul>"; $recPersonalQuery->Close(); exit(); ?> here is the javascript code and the template for displaying employee name list: Code: [Select] <html> <head> <title></title> <script> function searchemppay(queryString) { var ajaxRequest = remoteRequestObject(); ajaxRequest.onreadystatechange = function() { if (ajaxRequest.readyState == 4 && ajaxRequest.status == 200) { var result = ajaxRequest.responseText; document.getElementById('searchpayroll').innerHTML = result; } } var url = "search.php?query=" + queryString; ajaxRequest.open("GET", url, true); ajaxRequest.setRequestHeader("If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT"); ajaxRequest.send(null); } function changeEmployeePay(queryID) { window.location = "SearchData.php?queryEmpID=" + queryID; } </script> </head> <body> <div id="Search"> <form> <p class="serif"><b>Search Lastname:</b></p> <input type="text" name="search_" size="20" onkeyup="searchemppay(this.value);"> <div id="searchpayroll" style="overflow:auto; height:390px; width:auto; margin-left:2px" > <hr /> <ul> {section name=co_emp loop=$personalAll} <li onclick="changeEmployeePay('{$personalAll[co_emp].EMP_ID}')">{$personalAll[co_emp].FULLNAME}</li> <!--<li onkeyup="changeEmployeePay('{$personalAll[co_emp].EMP_ID}')">{$personalAll[co_emp].FULLNAME}</li>--> <hr /> {sectionelse} <li>No records found</li> {/section} </ul> </div> </div> </body> </html> and here is the code for displaying employee data Code: [Select] <?php include 'config.php'; $currentEmpID = $_SESSION['empID']; $sql = "SELECT EMP_ID, CONCAT(LNAME, ', ' , FNAME, ' ', MI) AS FULLNAME FROM PERSONAL ORDER BY LNAME ASC"; $recPersonalNav = $conn->GetAll($sql); $smarty->assign('personalAll', $recPersonalNav); $EMP_NO = $_POST['EMP_NO']; $sql = "SELECT em.EMP_NO, p.EMP_ID, CONCAT(LNAME, ', ', FNAME, ' ', MI, '.') AS FULLNAME FROM PERSONAL p, EMPLOYMENT em WHERE p.EMP_ID='$currentEmpID' AND em.EMP_ID = '$currentEmpID'"; $recPersonalHead = $conn->Execute($sql); $fullName = $recPersonalHead->fields["FULLNAME"]; $empno = $recPersonalHead->fields["EMP_NO"]; $smarty->assign('empid', $currentEmpID); $smarty->assign('fullname', $fullName); $smarty->assign('empno', $empno); $sql = "SELECT EMP_ID, RATE FROM wage WHERE EMP_ID = '$currentEmpID'"; $rsWage = $conn->Execute($sql); $Rate = $rsWage->fields['RATE']; $sql = "SELECT EMP_ID,EMP_NO, STATUS FROM employment WHERE EMP_ID = '$currentEmpID'"; $rsStatus = $conn->Execute($sql); $STATUS = $rsStatus->fields['STATUS']; $EMP_ID = $rsStatus->fields['EMP_ID']; $sql = "SELECT em.EMP_NO, em.STATUS, w.RATE, r.Hours, o.OT_Hours FROM $ADODB_DB.employment AS em INNER JOIN $ADODB_DB.wage AS w ON em.EMP_ID = w.EMP_ID LEFT JOIN $PAYROLL.regular_sum_hours AS r ON em.EMP_NO = r.EMP_NO LEFT JOIN $PAYROLL.ot_data AS o ON r.EMP_NO = o.EMP_NO WHERE em.EMP_ID = '$currentEmpID' AND o.STATUS = 'Offset'"; $RsEarnings = $conn2->Execute($sql); $Rate = $RsEarnings->fields['RATE']; $Hours = $RsEarnings->fields['Hours']; $Offset = $RsEarnings->fields['OT_Hours']; $Hours = substr($Hours, 0, 5); $Hours = str_replace(':', '.', $Hours); $Hours = ($Hours + $Offset); $Amount = $_POST["Amount"]; $Amount = round(($Hours/8)* $Rate, 2); $smarty->assign('Rate', $Rate); $smarty->assign('Hours', $Hours); $smarty->assign('Amount', $Amount); $sql = "SELECT em.EMP_NO, o.OT_Category, SUM(OT_Hours) AS OT_Hours, o.STATUS FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category = 'RegularOvertime' AND o.STATUS = 'Overtime' AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $OTReg_Hours = $rsOTData->fields['OT_Hours']; $OTReg_Hours = round($OTReg_Hours, 2); $OTReg_Amt = round((($Rate / 8 * 1.3) * $OTReg_Hours), 2); $smarty->assign('OTReg_Hours', $OTReg_Hours); $smarty->assign('OTReg_Amt', $OTReg_Amt); $sql = "SELECT em.EMP_NO, o.OT_Category, SUM(OT_Hours) AS OT_Hours FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category = 'SundayRegular' AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $SunReg_Hours = $rsOTData->fields['OT_Hours']; $SunReg_Hours = round($SunReg_Hours, 2); $SunReg_Amt = round((($Rate / 8 * 1.35) * $SunReg_Hours), 2); $smarty->assign('SunReg_Hours', $SunReg_Hours); $smarty->assign('SunReg_Amt', $SunReg_Amt); $sql = "SELECT em.EMP_NO, o.OT_Category, SUM(OT_Hours) AS OT_Hours FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category = 'SundayOvertime' AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $OTSun_Hours = $rsOTData->fields['OT_Hours']; $OTSun_Hours = round($OTSun_Hours, 2); $OTSun_Amt = round((($Rate / 8 * 1.35 * 1.35) * $OTSun_Hours), 2); $smarty->assign('OTSun_Hours', $OTSun_Hours); $smarty->assign('OTSun_Amt', $OTSun_Amt); $sql = "SELECT em.EMP_NO, o.OT_Category, SUM(OT_Hours) AS OT_Hours FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category = 'HolidayRegular' AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $HolReg_Hours = $rsOTData->fields['OT_Hours']; $HolReg_Hours = round($HolReg_Hours, 2); $HolReg_Amt = round((($Rate / 8 * 1.5) * $HolReg_Hours), 2); $smarty->assign('HolReg_Hours', $HolReg_Hours); $smarty->assign('HolReg_Amt', $HolReg_Amt); $sql = "SELECT em.EMP_NO, o.OT_Category, SUM(OT_Hours) AS OT_Hours FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category = 'HolidayRegularOvertime' AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $HolRegOT_Hours = $rsOTData->fields['OT_Hours']; $HolRegOT_Hours = round($HolRegOT_Hours, 2); $HolRegOT_Amt = round((($Rate / 8 * 2.05 * 1.35) * $HolRegOT_Hours), 2); $smarty->assign('HolRegOT_Hours', $HolRegOT_Hours); $smarty->assign('HolRegOT_Amt', $HolRegOT_Amt); $sql = "SELECT em.EMP_NO, SUM(l.HOURS_LEAVE) AS HOURS_LEAVE FROM $PAYROLL.leave_data l, $ADODB_DB.employment em WHERE em.EMP_NO = l.EMP_NO AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $HolLeave_Hours = $rsOTData->fields['HOURS_LEAVE']; $HolLeave_Hours = round($HolLeave_Hours, 2); $HolLeave_Amt = round((($Rate) * $HolLeave_Hours), 2); $smarty->assign('HolLeave_Hours', $HolLeave_Hours); $smarty->assign('HolLeave_Amt', $HolLeave_Amt); $sql = "SELECT em.EMP_NO, o.OT_Category, SUM(OT_Hours) AS OT_Hours FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category = 'NightPremiumRegular' AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $NPReg_Hours = $rsOTData->fields['OT_Hours']; $NPReg_Hours = round($NPReg_Hours, 2); $NPReg_Amt = round((($Rate / 8 * 0.15) * $NPReg_Hours), 2); $sql = "SELECT em.EMP_NO, o.OT_Category, SUM(OT_Hours) AS OT_Hours FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category = 'NightPremiumSunday' AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $NPSun_Hours = $rsOTData->fields['OT_Hours']; $NPSun_Hours = round($NPSun_Hours, 2); $NPSun_Amt = round((($Rate / 8 * 1.35 * 0.15) * $NPSun_Hours), 2); $sql = "SELECT em.EMP_NO, o.OT_Category, SUM(OT_Hours) AS OT_Hours FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category = 'NightPremiumHoliday' AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $NPHol_Hours = $rsOTData->fields['OT_Hours']; $NPHol_Hours = round($NPHol_Hours, 2); $NPHol_Amt = round((($Rate / 8 * 2.05 * 0.15) * $NPHol_Hours), 2); $NP_Hours = round(($NPReg_Hours + $NPSun_Hours + $NPHol_Hours), 2); $NP_Hours = round($NP_Hours, 2); $NP_Amt = round(($NPReg_Amt + $NPSun_Amt + $NPHol_Amt), 2); $smarty->assign('NP_Hours', $NP_Hours); $smarty->assign('NP_Amt', $NP_Amt); $sql = "SELECT COUNT(o.EMP_NO) AS EMP_NO, o.OT_Category, o.OT_Hours, o.STATUS FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category IN ('RegularOvertime', 'HolidayRegular', 'HolidayRegularOvertime') AND o.OT_Hours > 2 AND em.EMP_ID = '$currentEmpID' AND o.STATUS = 'Overtime' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $MealReg_Hours = $rsOTData->fields['EMP_NO']; $MealReg_Hours = round($MealReg_Hours, 2); $MealReg_Amt = round(($MealReg_Hours * 23), 2); $sql = "SELECT COUNT(o.EMP_NO) AS EMP_NO, o.OT_Category, o.OT_Hours FROM $PAYROLL.ot_data o, $ADODB_DB.employment em WHERE em.EMP_NO = o.EMP_NO AND o.OT_Category IN ('SundayRegular', 'SundayOvertime') AND o.OT_Hours > 2 AND em.EMP_ID = '$currentEmpID' GROUP BY em.EMP_NO"; $rsOTData = $conn2->Execute($sql); $MealSun_Hours = $rsOTData->fields['EMP_NO']; $MealSun_Hours = round($MealSun_Hours, 2); $MealSun_Amt = round(($MealSun_Hours * 30), 2); $Meal_Hours = round(($MealReg_Hours + $MealSun_Hours), 2); $Meal_Amt = round(($MealReg_Amt + $MealSun_Amt), 2); $smarty->assign('Meal_Hours', $Meal_Hours); $smarty->assign('Meal_Amt', $Meal_Amt); $sql = "SELECT COUNT(a.EMP_NO) AS EMP_NO, w.RATE FROM $ADODB_DB.wage w, $ADODB.employment em, $PAYROLL.attendance a WHERE em.EMP_NO = a.EMP_NO AND w.RATE = 302 AND em.EMP_ID = '$currentEmpID' GROUP BY w.RATE"; $rsOTData = $conn2->Execute($sql); $Cola_Hours = $rsOTData->fields['EMP_NO']; $Cola_Hours = round($Cola_Hours, 2); $Cola_Amt = round(($Cola_Hours * 28), 2); $smarty->assign('Cola_Hours', $Cola_Hours); $smarty->assign('Cola_Amt', $Cola_Amt); $TotEarn = $_POST['TotEarn']; $TotEarn = round(($Amount + $OTReg_Amt + $SunReg_Amt + $OTSun_Amt + $HolReg_Amt + $HolRegOT_Amt + $HolLeave_Amt + $NP_Amt + $Meal_Amt + $Cola_Amt), 2); $smarty->assign('TotEarn', $TotEarn); $HDMF = $_POST['HDMF']; $sql = "SELECT Ref_No, Range FROM $PAYROLL.hdmf, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID'"; $rs = $conn2->Execute($sql); $Range = $rs->fields['Range']; if ($TotEarn <= $Range) { $HDMF = round(($TotEarn * 0.01), 2); } else { $HDMF = round(($TotEarn * 0.02), 2); } $smarty->assign('HDMF', $HDMF); $SSS = $_POST['SSS']; $sql = "SELECT Ref_No, From_Range, To_Range, Employee_Share FROM $PAYROLL.sss, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID' AND $TotEarn BETWEEN From_Range AND To_Range"; $rs = $conn2->Execute($sql); $SSS = $rs->fields['Employee_Share']; $smarty->assign('SSS', $SSS); $PCHL = $_POST['PCHL']; $sql = "SELECT Ref_No, From_Range, To_Range, Employee_Share FROM $PAYROLL.pchl, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID' AND $TotEarn BETWEEN From_Range AND To_Range"; $rs = $conn2->Execute($sql); $PCHL = $rs->fields['Employee_Share']; $smarty->assign('PCHL', $PCHL); $TAX = $_POST['TAX']; $sql = "SELECT EMP_ID, EMP_NO, W4_STATUS, DEPENDENTS FROM employment WHERE EMP_ID = '$currentEmpID'"; $rsTax = $conn->Execute($sql); $W4_STATUS = $rsTax->fields['W4_STATUS']; $DEPENDENTS = $rsTax->fields['DEPENDENTS']; if($W4_STATUS == 1 AND $DEPENDENTS == 0 AND $TotEarn >= 0 AND $TotEarn <= 2083){ $TAX = round($TotEarn * .05); } elseif($W4_STATUS == 2 AND $DEPENDENTS == 0 AND $TotEarn >= 0 AND $TotEarn <= 2083){ $TAX = round($TotEarn * .05); } elseif($W4_STATUS == 1 AND $DEPENDENTS == 0 AND $TotEarn >= 2083 AND $TotEarn <= 2500) { $TAX = round($TotEarn - 2083); $TAX = round(20.83 + ($TAX * .10)); } elseif($W4_STATUS == 2 AND $DEPENDENTS == 0 AND $TotEarn >= 2083 AND $TotEarn <= 2500) { $TAX = round($TotEarn - 2083); $TAX = round(20.83 + ($TAX * .10)); } elseif($W4_STATUS == 1 AND $DEPENDENTS == 0 AND $TotEarn >= 2500 AND $TotEarn <= 3333) { $TAX = round($TotEarn - 2500); $TAX = round(104.17 + ($TAX * .15)); } else{ $TAX = round(0); } $smarty->assign('TAX', $TAX); $sql = "SELECT s.EMP_NO, s.SSSAmor FROM $PAYROLL.sssloan s, $ADODB_DB.employment em WHERE em.EMP_NO = s.EMP_NO AND em.EMP_ID = '$currentEmpID'"; $RsDed = $conn2->Execute($sql); $SSSAmor = round($RsDed->fields['SSSAmor']); $sql = "SELECT h.EMP_NO, h.HDMFAmor FROM $PAYROLL.hdmfloan h, $ADODB_DB.employment em WHERE em.EMP_NO = h.EMP_NO AND em.EMP_ID = '$currentEmpID'"; $RsHDMF = $conn2->Execute($sql); $HDMFAmor = round($RsHDMF->fields['HDMFAmor']); $sql = "SELECT u.EMP_NO, u.UDTAmor FROM $PAYROLL.udtloan u, $ADODB_DB.employment em WHERE em.EMP_NO = u.EMP_NO AND em.EMP_ID = '$currentEmpID'"; $RsUDT = $conn2->Execute($sql); $UDTAmor = round($RsUDT->fields['UDTAmor']); $TotalDed = $_POST['TotalDed']; $sql = "SELECT o.EMP_NO, o.BurialSeparationCont, o.TaxAjt, o.CashAdvance, o.AdvanceShirt, o.AdvanceMed, o.AdvanceOther FROM $PAYROLL.other_deductions o, $ADODB_DB.personal p, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID' AND em.EMP_NO = o.EMP_NO"; $rsOtherDed = $conn2->Execute($sql); $BurialSep = round($rsOtherDed->fields['BurialSeparationCont']); $TaxAjt = round($rsOtherDed->fields['TaxAjt']); $CashAdvance = round($rsOtherDed->fields['CashAdvance']); $AdvancesShirt = round($rsOtherDed->fields['AdvanceShirt']); $AdvancesMed = round($rsOtherDed->fields['AdvanceMed']); $AdvancesOthers = round($rsOtherDed->fields['AdvanceOther']); $smarty->assign('BurialSep', $BurialSep); $smarty->assign('TaxAjt', $TaxAjt); $smarty->assign('CashAdvance', $CashAdvance); $smarty->assign('AdvancesShirt', $AdvancesShirt); $smarty->assign('AdvancesMed', $AdvancesMed); $smarty->assign('AdvancesOthers', $AdvancesOthers); $TotalDed = round(($SSS + $HDMF + $PCHL + $TAX + $SSSAmor + $HDMFAmor + $UDTAmor + $BurialSep + $TaxAjt + $CashAdvance + $AdvancesShirt + $AdvancesMed + $AdvancesOthers), 2); $smarty->assign('SSSAmor', $SSSAmor); $smarty->assign('HDMFAmor', $HDMFAmor); $smarty->assign('UDTAmor', $UDTAmor); $smarty->assign('TotalDed', $TotalDed); $THP = $_POST["TakeHomePay"]; $THP = round($TotEarn - $TotalDed, 2); $smarty->assign('THP', $THP); $sql = "SELECT EMP_NO, OTReg_Amt, SunReg_Amt, OTSun_Amt, HolReg_Amt, HolRegOT_Amt, HolLeave_Amt, NP_Amt, Meal_Amt, Cola_Amt FROM other_earnings WHERE EMP_NO = '$empno'"; $RsOtherEarnings = $conn2->Execute($sql); $numrowsOtherEarnings = $RsOtherEarnings->RecordCount(); if($numrowsOtherEarnings > 0){ $saverec['EMP_NO'] = $empno; $saverec['OTReg_Amt'] = $OTReg_Amt; $saverec['SunReg_Amt'] = $SunReg_Amt; $saverec['OTSun_Amt'] = $OTSun_Amt; $saverec['HolReg_Amt'] = $HolReg_Amt; $saverec['HolRegOT_Amt'] = $HolRegOT_Amt; $saverec['HolLeave_Amt'] = $HolLeaveAmt; $saverec['NP_Amt'] = $NP_Amt; $saverec['Meal_Amt'] = $Meal_Amt; $saverec['Cola_Amt'] = $Cola_Amt; $updateOtherEarnings = $conn2->GetUpdateSQL($RsOtherEarnings, $saverec); $conn2->Execute($updateOtherEarnings); } else{ $sql = "SELECT o.EMP_NO, o.OTReg_Amt, o.SunReg_Amt, o.OTSun_Amt, o.HolReg_Amt, o.HolRegOT_Amt, o.HolLeave_Amt, o.NP_Amt, o.Meal_Amt, o.Cola_Amt FROM $PAYROLL.other_earnings o, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID'"; $RsOtherEarnings = $conn2->Execute($sql); $saverec['EMP_NO'] = $empno; $saverec['OTReg_Amt'] = $OTReg_Amt; $saverec['SunReg_Amt'] = $SunReg_Amt; $saverec['OTSun_Amt'] = $OTSun_Amt; $saverec['HolReg_Amt'] = $HolReg_Amt; $saverec['HolRegOT_Amt'] = $HolRegOT_Amt; $saverec['HolLeave_Amt'] = $HolLeaveAmt; $saverec['NP_Amt'] = $NP_Amt; $saverec['Meal_Amt'] = $Meal_Amt; $saverec['Cola_Amt'] = $Cola_Amt; $insertOtherEarnings = $conn2->GetInsertSQL($RsOtherEarnings, $saverec); $conn2->Execute($insertOtherEarnings); } $sql = "SELECT EMP_NO, SSS, TAX, PCHL, HDMF FROM deductions WHERE EMP_NO = '$empno'"; $RsDeduction = $conn2->Execute($sql); $numrowsDeduction = $RsDeduction->RecordCount(); if($numrowsDeduction > 0){ $saverec['EMP_NO'] = $empno; $saverec['SSS'] = $SSS; $saverec['TAX'] = $TAX; $saverec['PCHL'] = $PCHL; $saverec['HDMF'] = $HDMF; $updateDeductionSQL = $conn2->GetUpdateSQL($RsDeduction, $saverec); $conn2->Execute($updateDeductionSQL); } else{ $sql = "SELECT d.EMP_NO, d.SSS, d.TAX, d.PCHL, d.HDMF FROM $PAYROLL.deductions d, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID'"; $RsDeduction = $conn2->Execute($sql); $saverec['EMP_NO'] = $empno; $saverec['SSS'] = $SSS; $saverec['TAX'] = $TAX; $saverec['PCHL'] = $PCHL; $saverec['HDMF'] = $HDMF; $insertSQL = $conn2->GetInsertSQL($RsDeduction, $saverec); $conn2->Execute($insertSQL); } $sql = "SELECT EMP_NO, SSSLoan, HDMFLoan, UDTLoan FROM loan_deductions WHERE EMP_NO = '$empno'"; $RsLoan = $conn2->Execute($sql); $numrowsRsLoan = $RsLoan->RecordCount(); if($numrowsRsLoan > 0){ $saverec['EMP_NO'] = $empno; $saverec['SSSLoan'] = $SSSAmor; $saverec['HDMFLoan'] = $HDMFAmmor; $saverec['UDTLoan'] = $UDTAmor; $updateLoanSQL = $conn2->GetUpdateSQL($RsLoan, $saverec); $conn2->Execute($updateLoanSQL); } else{ $sql = "SELECT l.EMP_NO, l.SSSLoan, l.HDMFLoan, l.UDTLoan FROM $PAYROLL.loan_deductions l, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID'"; $RsLoan = $conn2->Execute($sql); $saverec['EMP_NO'] = $empno; $saverec['SSSLoan'] = $SSSAmor; $saverec['HDMFLoan'] = $HDMFAmor; $saverec['UDTLoan'] = $UDTAmor; $insertSQL = $conn2->GetInsertSQL($RsLoan, $saverec); $conn2->Execute($insertSQL); } $sql = "SELECT EMP_NO, Amount, TotalEarnings, TotalDeductions, TakeHomePay FROM totalpay WHERE EMP_NO = '$empno'"; $rsTotal = $conn2->Execute($sql); $numrows = $rsTotal->RecordCount(); if($numrows > 0){ $saverec['EMP_NO'] = $empno; $saverec['Amount'] = $Amount; $saverec['TotalEarnings'] = $TotEarn; $saverec['TotalDeductions'] = $TotalDed; $saverec['TakeHomePay'] = $THP; $updateSQL = $conn2->GetUpdateSQL($rsTotal, $saverec); $conn2->Execute($updateSQL); } else{ $sql = "SELECT t.EMP_NO, t.Amount, t.TotalEarnings, t.TotalDeductions, t.TakeHomePay FROM $PAYROLL.totalpay t, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID'"; $rsTotal = $conn2->Execute($sql); $saverec['EMP_NO'] = $empno; $saverec['Amount'] = $Amount; $saverec['TotalEarnings'] = $TotEarn; $saverec['TotalDeductions'] = $TotalDed; $saverec['TakeHomePay'] = $THP; $insertSQL = $conn2->GetInsertSQL($rsTotal, $saverec); $conn2->Execute($insertSQL); } $smarty->display('header.tpl'); $smarty->display('left.tpl'); $smarty->display('empPayrollData.tpl'); $smarty->display('footer.tpl'); ?> I have a problem in saving data from other deductions and the total deductions and takehomepay, because other deductions is insertable textfield and when I add other deductions the total deductions will change also the Take Home Pay. Idon't know where Can I add this code for saving data of other deductions and updating the changes if Total Deductions and Take Home Pay. Code: [Select] $sql = "SELECT EMP_NO, BurialSeparationCont, TaxAjt, CashAdvance, AdvanceShirt, AdvanceMed, AdvanceOther FROM other_deductions WHERE EMP_NO = '$empno'"; $rsOtherDed = $conn2->Execute($sql); $numrows1 = $rsOtherDed->RecordCount(); if($numrows1 > 0){ $saverec['EMP_NO'] = $empno; $saverec['BurialSeparationCont'] = $BurialSep; $saverec['TaxAjt'] = $TaxAjt; $saverec['CashAdvance'] = $CashAdvance; $saverec['AdvanceShirt'] = $AdvancesShirt; $saverec['AdvanceMed'] = $AdvancesMed; $saverec['AdvanceOther'] = $AdvancesOthers; $updateSQL = $conn2->GetUpdateSQL($rsOtherDed, $saverec); $conn2->Execute($updateSQL); } else{ $sql = "SELECT o.EMP_NO, o.BurialSeparationCont, o.TaxAjt, o.CashAdvance, o.AdvanceShirt, o.AdvanceMed, o.AdvanceOther FROM $PAYROLL.other_deductions o, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID'"; $rsOtherDed = $conn2->Execute($sql); $saverec['EMP_NO'] = $empno; $saverec['BurialSeparationCont'] = $BurialSep; $saverec['TaxAjt'] = $TaxAjt; $saverec['CashAdvance'] = $CashAdvance; $saverec['AdvanceShirt'] = $AdvancesShirt; $saverec['AdvanceMed'] = $AdvancesMed; $saverec['AdvanceOther'] = $AdvancesOthers; $insert = $conn2->GetInsertSQL($rsOtherDed, $saverec); $conn2->Execute($insert); } $Amount = $_POST["Amount"]; $TotEarn = $_POST["TotEarn"]; $TotalDed = $_POST["TotalDed"]; $THP = $_POST["TakeHomePay"]; $sql = "SELECT EMP_NO, Amount, TotalEarnings, TotalDeductions, TakeHomePay FROM totalpay WHERE EMP_NO = '$empno'"; $rsTotal = $conn2->Execute($sql); $numrows = $rsTotal->RecordCount(); if($numrows > 0){ $saverec['EMP_NO'] = $empno; $saverec['Amount'] = $Amount; $saverec['TotalEarnings'] = $TotEarn; $saverec['TotalDeductions'] = $TotalDed; $saverec['TakeHomePay'] = $THP; $updateSQL = $conn2->GetUpdateSQL($rsTotal, $saverec); $conn2->Execute($updateSQL); } else{ $sql = "SELECT t.EMP_NO, t.Amount, t.TotalEarnings, t.TotalDeductions, t.TakeHomePay FROM $PAYROLL.totalpay t, $ADODB_DB.employment em WHERE em.EMP_ID = '$currentEmpID'"; $rsTotal = $conn2->Execute($sql); $saverec['EMP_NO'] = $empno; $saverec['Amount'] = $Amount; $saverec['TotalEarnings'] = $TotEarn; $saverec['TotalDeductions'] = $TotalDed; $saverec['TakeHomePay'] = $THP; $insertSQL = $conn2->GetInsertSQL($rsTotal, $saverec); $conn2->Execute($insertSQL); } I don't know where I can put this code to save the data that i inserted in other deductions |