|
PHP - Mysql Database Error Disclosure Vulnerability
Hello my mcafee secure gave me a MySQL Database Error Disclosure Vulnerability error found in this code i installed here is the code in question maybe someone can help me find a fix for it thanks
pfrom=From pto=To refine=Refine+your+results categories_id=334 search_in_description=1 subsearch=0 max_pages=x%27%3B%22%2C%29%60 THE SINGLE BEST WAY TO FIX THIS VULNERABILITY IS TO IDENTIFY THE ACCEPTABLE INPUT FOR EACH FORM PARAMETER AND REJECT INPUT THAT DOES NOT MEET THAT CRITERIA. The following is an acceptable solution however it is not optimal. Implement content parsing on data input fields including URL parameters. Remove the following characters from any user or dynamic database input: (examples in VBScript) ' (escape the single quote) input = replace( input, "'", "''" ) " (double quote) input = replace( input, """", "" ) ) (close parenthesis) input = replace( input, ")", "" ) ( (open parenthesis) input = replace( input, "(", "" ) ; (semi-colon) input = replace( input, ";", "" ) - (dash) input = replace( input, "-", "" ) | (pipe) input = replace( input, "|", "" ) On text input it is recommended to append quotes around the user supplied input. Please contact ScanAlert Support if you need further instructions. Code: [Select] <?php require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADVANCED_SEARCH); ?> <script language="javascript" src="includes/general.js"></script> <script language="javascript" src="includes/jquery1.2.6.js"></script> <script language="javascript"> <!-- function check_form() { var error_message = "<?php echo JS_ERROR; ?>"; var error_found = false; var error_field; var keywords = document.adv_filter.refine.value; var pfrom = document.adv_filter.pfrom.value; var pto = document.adv_filter.pto.value; var pfrom_float; var pto_float; if (((keywords == '') || (keywords.length < 1)) && ((pfrom == '') || (pfrom.length < 1)) && ((pto == '') || (pto.length < 1))) { error_message = error_message + "* <?php echo ERROR_AT_LEAST_ONE_INPUT; ?>\n"; error_field = document.advanced_search.keywords; error_found = true; } if (pfrom.length > 0) { pfrom_float = parseFloat(pfrom); if (isNaN(pfrom_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_FROM_MUST_BE_NUM; ?>\n"; error_field = document.advanced_search.pfrom; error_found = true; } } else { pfrom_float = 0; } if (pto.length > 0) { pto_float = parseFloat(pto); if (isNaN(pto_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_TO_MUST_BE_NUM; ?>\n"; error_field = document.advanced_search.pto; error_found = true; } } else { pto_float = 0; } if ((pfrom.length > 0) && (pto.length > 0)) { if ((!isNaN(pfrom_float)) && (!isNaN(pto_float)) && (pto_float < pfrom_float)) { error_message = error_message + "* <?php echo ERROR_PRICE_TO_LESS_THAN_PRICE_FROM; ?>\n"; error_field = document.advanced_search.pto; error_found = true; } } if (error_found == true) { alert(error_message); error_field.focus(); return false; } else { return true; } } function popupWindow(url) { window.open(url,'popupWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no,width=450,height=280,screenX=150,screenY=150,top=150,left=150') } //Search Box controls $(document).ready( function() { searchBox(); } ); function searchBox() { $("#refine").focus( function() { if(this.value=='<?php echo REFINE_RESULTS; ?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#refine").val()=='<?php echo REFINE_RESULTS; ?>') { $("#refine").val(''); } } ); $("#refine").blur( function() { if(this.value=='') { this.value='<?php echo REFINE_RESULTS; ?>'; }; } ); $("#pfrom").focus( function() { if(this.value=='<?=PRICE_FROM?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#pfrom").val()=='<?=PRICE_FROM?>') { $("#pfrom").val(''); } } ); $("#pfrom").blur( function() { if(this.value=='') { this.value='<?=PRICE_FROM?>'; }; } ); $("#pto").focus( function() { if(this.value=='<?=PRICE_TO?>') { this.value=''; } } ); $("#subsearch").click( function() { if($("#pto").val()=='<?=PRICE_TO?>') { $("#pto").val(''); } } ); $("#pto").blur( function() { if(this.value=='') { this.value='<?=PRICE_TO?>'; }; } ); } //--> </script> <?php $hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS; if ($HTTP_POST_VARS['max_pages']) { $hold_max_pages = $HTTP_POST_VARS['max_pages']; } else { $hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS; } $error = false; if ( (isset($HTTP_POST_VARS['refine']) && empty($HTTP_POST_VARS['refine'])) && (isset($HTTP_POST_VARS['pfrom']) && !is_numeric($HTTP_POST_VARS['pfrom'])) && (isset($HTTP_POST_VARS['pto']) && !is_numeric($HTTP_POST_VARS['pto'])) ) { $error = true; $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT); } else { $pfrom = ''; $pto = ''; $keywords = ''; if (isset($HTTP_POST_VARS['pfrom']) && $HTTP_POST_VARS['pfrom'] !== PRICE_FROM) { $pfrom = $HTTP_POST_VARS['pfrom']; } if (isset($HTTP_POST_VARS['pto']) && $HTTP_POST_VARS['pto'] !== PRICE_TO) { $pto = $HTTP_POST_VARS['pto']; } if (isset($HTTP_POST_VARS['refine']) && $HTTP_POST_VARS['refine'] !== REFINE_RESULTS) { $keywords = $HTTP_POST_VARS['refine']; } $price_check_error = false; if (tep_not_null($pfrom)) { if (!settype($pfrom, 'double')) { $error = true; $price_check_error = true; $messageStack->add_session('search', ERROR_PRICE_FROM_MUST_BE_NUM); } } if (tep_not_null($pto)) { if (!settype($pto, 'double')) { $error = true; $price_check_error = true; $messageStack->add_session('search', ERROR_PRICE_TO_MUST_BE_NUM); } } if (($price_check_error == false) && is_float($pfrom) && is_float($pto)) { if ($pfrom >= $pto) { $error = true; $messageStack->add_session('search', ERROR_PRICE_TO_LESS_THAN_PRICE_FROM); } } if (tep_not_null($keywords)) { if (!tep_parse_search_string($keywords, $search_keywords)) { $error = true; $messageStack->add_session('search', ERROR_INVALID_KEYWORDS); } } } if (empty($pfrom) && empty($pto) && empty($keywords)) { $error = true; $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT); } if ((isset($HTTP_POST_VARS['refine']) && (!empty($HTTP_POST_VARS['refine']) || ($HTTP_POST_VARS['refine'] !== REFINE_RESULTS))) || (isset($HTTP_POST_VARS['pfrom']) && is_numeric($HTTP_POST_VARS['pfrom'])) || (isset($HTTP_POST_VARS['pto']) && is_numeric($HTTP_POST_VARS['pto']))) { // create column list $define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_MODEL, 'PRODUCT_LIST_NAME' => PRODUCT_LIST_NAME, 'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_MANUFACTURER, 'PRODUCT_LIST_PRICE' => PRODUCT_LIST_PRICE, 'PRODUCT_LIST_QUANTITY' => PRODUCT_LIST_QUANTITY, 'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_WEIGHT, 'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_IMAGE, 'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_BUY_NOW); asort($define_list); $column_list = array(); reset($define_list); while (list($key, $value) = each($define_list)) { if ($value > 0) $column_list[] = $key; } $select_column_list = ''; for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { switch ($column_list[$i]) { case 'PRODUCT_LIST_MODEL': $select_column_list .= 'p.products_model, '; break; case 'PRODUCT_LIST_MANUFACTURER': $select_column_list .= 'm.manufacturers_name, '; break; case 'PRODUCT_LIST_QUANTITY': $select_column_list .= 'p.products_quantity, '; break; case 'PRODUCT_LIST_IMAGE': $select_column_list .= 'p.products_image, '; break; case 'PRODUCT_LIST_WEIGHT': $select_column_list .= 'p.products_weight, '; break; } } $select_str = "select distinct " . $select_column_list . " m.manufacturers_id, p.products_id, pd.products_name, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price "; if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { $select_str .= ", SUM(tr.tax_rate) as tax_rate "; } $from_str = "from ((" . TABLE_PRODUCTS . " p) left join " . TABLE_MANUFACTURERS . " m using(manufacturers_id), " . TABLE_PRODUCTS_DESCRIPTION . " pd) left join " . TABLE_SPECIALS . " s on p.products_id = s.products_id, " . TABLE_CATEGORIES . " c, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c"; if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { if (!tep_session_is_registered('customer_country_id')) { $customer_country_id = STORE_COUNTRY; $customer_zone_id = STORE_ZONE; } $from_str .= " left join " . TABLE_TAX_RATES . " tr on p.products_tax_class_id = tr.tax_class_id left join " . TABLE_ZONES_TO_GEO_ZONES . " gz on tr.tax_zone_id = gz.geo_zone_id and (gz.zone_country_id is null or gz.zone_country_id = '0' or gz.zone_country_id = '" . (int)$customer_country_id . "') and (gz.zone_id is null or gz.zone_id = '0' or gz.zone_id = '" . (int)$customer_zone_id . "')"; } $where_str = " where p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p.products_id = p2c.products_id and p2c.categories_id = c.categories_id "; if (isset($HTTP_POST_VARS['categories_id']) && tep_not_null($HTTP_POST_VARS['categories_id'])) { if (isset($HTTP_POST_VARS['inc_subcat']) && ($HTTP_POST_VARS['inc_subcat'] == '1')) { $subcategories_array = array(); tep_get_subcategories($subcategories_array, $HTTP_POST_VARS['categories_id']); $where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and (p2c.categories_id = '" . (int)$HTTP_POST_VARS['categories_id'] . "'"; for ($i=0, $n=sizeof($subcategories_array); $i<$n; $i++ ) { $where_str .= " or p2c.categories_id = '" . (int)$subcategories_array[$i] . "'"; } $where_str .= ")"; } else { $where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$HTTP_POST_VARS['categories_id'] . "'"; } } if (isset($HTTP_POST_VARS['manufacturers_id']) && tep_not_null($HTTP_POST_VARS['manufacturers_id'])) { $where_str .= " and m.manufacturers_id = '" . (int)$HTTP_POST_VARS['manufacturers_id'] . "'"; } if (isset($search_keywords) && (sizeof($search_keywords) > 0)) { $where_str .= " and ("; for ($i=0, $n=sizeof($search_keywords); $i<$n; $i++ ) { switch ($search_keywords[$i]) { case '(': case ')': case 'and': case 'or': $where_str .= " " . $search_keywords[$i] . " "; break; default: $keyword = tep_db_prepare_input($search_keywords[$i]); $where_str .= "(pd.products_name like '%" . tep_db_input($keyword) . "%' or p.products_model like '%" . tep_db_input($keyword) . "%' or m.manufacturers_name like '%" . tep_db_input($keyword) . "%'"; if (isset($HTTP_POST_VARS['search_in_description']) && ($HTTP_POST_VARS['search_in_description'] == '1')) $where_str .= " or pd.products_description like '%" . tep_db_input($keyword) . "%'"; $where_str .= ')'; break; } } $where_str .= " )"; } if (tep_not_null($pfrom)) { if ($currencies->is_set($currency)) { $rate = $currencies->get_value($currency); $pfrom = $pfrom / $rate; } } if (tep_not_null($pto)) { if (isset($rate)) { $pto = $pto / $rate; } } if (DISPLAY_PRICE_WITH_TAX == 'true') { if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) >= " . (double)$pfrom . ")"; if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) <= " . (double)$pto . ")"; } else { if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) >= " . (double)$pfrom . ")"; if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) <= " . (double)$pto . ")"; } if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) { $where_str .= " group by p.products_id, tr.tax_priority"; } if ( (!isset($HTTP_POST_VARS['sort'])) || (!ereg('[1-8][ad]', $HTTP_POST_VARS['sort'])) || (substr($HTTP_POST_VARS['sort'], 0, 1) > sizeof($column_list)) ) { for ($i=0, $n=sizeof($column_list); $i<$n; $i++) { if ($column_list[$i] == 'PRODUCT_LIST_NAME') { $HTTP_POST_VARS['sort'] = $i+1 . 'a'; $order_str = ' order by pd.products_name'; break; } } } else { $sort_col = substr($HTTP_POST_VARS['sort'], 0 , 1); $sort_order = substr($HTTP_POST_VARS['sort'], 1); $order_str = ' order by '; switch ($column_list[$sort_col-1]) { case 'PRODUCT_LIST_MODEL': $order_str .= "p.products_model " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_NAME': $order_str .= "pd.products_name " . ($sort_order == 'd' ? "desc" : ""); break; case 'PRODUCT_LIST_MANUFACTURER': $order_str .= "m.manufacturers_name " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_QUANTITY': $order_str .= "p.products_quantity " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_IMAGE': $order_str .= "pd.products_name"; break; case 'PRODUCT_LIST_WEIGHT': $order_str .= "p.products_weight " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; case 'PRODUCT_LIST_PRICE': $order_str .= "final_price " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name"; break; } } $listing_sql = $select_str . $from_str . $where_str . $order_str; } $listing_split = new splitPageResults($listing_sql, $hold_max_pages, 'p.products_id'); if (($listing_split->number_of_rows > 0) && ((PREV_NEXT_BAR_LOCATION == '1') || (PREV_NEXT_BAR_LOCATION == '3'))) { ?> <div class="infoBoxContents" style="padding:0.5em; text-align:center;"> <form name="filter" action="<?php echo tep_href_link(basename($PHP_SELF),tep_get_all_get_params(array('pfrom', 'pto', 'refine', 'page', 'info', 'x', 'y', 'manufacturers_id'))); ?>" method="post"> <label for="pfrom" class="fieldKey"><?=PRICE_RANGE?></label> <input id="pfrom" name="pfrom" value="<?=PRICE_FROM?>" class="fieldValue" style="width:5em" /> - <input id="pto" name="pto" value="<?=PRICE_TO?>" class="fieldValue" style="width:5em" /> <input id="refine" type='text' name='refine' value="<?=REFINE_RESULTS?>" style='width:42%;' class="fieldValue" /> <?php echo tep_draw_hidden_field('categories_id', (int)$current_category_id) . tep_draw_hidden_field('search_in_description', '1') . tep_image_submit('button_search.gif', IMAGE_BUTTON_SEARCH, "id='subsearch' name='subsearch' style='margin:0 5px;'"); ?> <div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;"> <?php // optional Product List Filter if (PRODUCT_LIST_FILTER > 0) { $filterlist_sql = "select distinct m.manufacturers_id as id, m.manufacturers_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_MANUFACTURERS . " m where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$current_category_id . "' order by m.manufacturers_name"; $filterlist_query = tep_db_query($filterlist_sql); if (tep_db_num_rows($filterlist_query) > 1) { echo tep_draw_hidden_field('cPath', $cPath); $options = array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS)); echo tep_draw_hidden_field('sort', $HTTP_POST_VARS['sort']); while ($filterlist = tep_db_fetch_array($filterlist_query)) { $options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']); } echo tep_draw_pull_down_menu('manufacturers_id', $options, (isset($HTTP_POST_VARS['manufacturers_id']) ? $HTTP_POST_VARS['manufacturers_id'] : ''), 'onchange="this.form.submit()"'); } } ?> </div><div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;"> <?php $all = $listing_split->number_of_rows; $page_options = array(array('id' => $hold_max_pages, 'text' => sprintf(SHOWING_RESULTS, $hold_max_pages))); $page_options[] = array('id' => $all, 'text' => sprintf(SHOW_RESULTS, 'All') . " ($all)"); $page_options[] = array('id' => 5, 'text' => sprintf(SHOW_RESULTS, 5)); $page_options[] = array('id' => 15, 'text' => sprintf(SHOW_RESULTS, 15)); $page_options[] = array('id' => 25, 'text' => sprintf(SHOW_RESULTS, 25)); $page_options[] = array('id' => 50, 'text' => sprintf(SHOW_RESULTS, 50)); echo tep_hide_session_id(); echo tep_draw_pull_down_menu('max_pages', $page_options, '', 'onchange="this.form.submit()"'); ?> </div> </form> <div> <?php // Sort columns by ??? You may need to rearrange the numbers in order of your columns in product listing echo SORT_BY . tep_create_sort_heading($HTTP_GET_VARS['sort'], 1, TABLE_HEADING_MODEL) . ' | ' . tep_create_sort_heading($HTTP_GET_VARS['sort'], 4, TABLE_HEADING_PRODUCTS) . ' | ' . tep_create_sort_heading($HTTP_GET_VARS['sort'], 2, TABLE_HEADING_MANUFACTURER) . ' | ' . tep_create_sort_heading($HTTP_GET_VARS['sort'], 5, TABLE_HEADING_PRICE); ?> </div> </div> <div class="smallText" style="display:inline-block; width:49%;"><?php echo $listing_split->display_count(TEXT_DISPLAY_NUMBER_OF_PRODUCTS); ?></div> <div class="smallText" style="display:inline-block; width:49%; text-align:right;"><?php echo TEXT_RESULT_PAGE . ' ' . $listing_split->display_links(MAX_DISPLAY_PAGE_LINKS, tep_get_all_get_params(array('page', 'info', 'x', 'y'))); ?></div> <?php } ?> Similar TutorialsDoes this code have mySQL Injection vulnerability?
$query = "DELETE FROM `$table` WHERE `$column` IN('".implode("','",$array)."')";
using php5, would this make the code more safe...
foreach($array as $key=>$a){
$array[$key] = mysql_real_escape_string($a);}
$query = "DELETE FROM `$table` WHERE `$column` IN('".implode("','",$array)."')";
or is there another way to make the code safe?
Im building a list of offers and adding them to a table in a database. Pretty much all it is is HTML. Im inserting an ahref link that has a php echo in it. So it looks like this: <div class="offerlinks"><a href="http://website.com/offer/blahblah&blah=blah&sid=<?php echo $_SESSION['uid'];?>">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div> When I insert this (through my form) I get mysql error 1064 which is syntax error. I tested it without the php & it gives me 0, which worked fine. I need the php code so I can append userid to the SID var. Am I doing something wrong? Well I guess I obviously am so the real question is what am I doing wrong & how could I do it the right way? Thanks guys Hi, Im getting this error with my script that im using to try and echo content for my website: Parse error: syntax error, unexpected T_ECHO in /home/a9855336/public_html/test.php on line 16 my php code is <?php $host="mysql12.000webhost.com"; // Host name $username="a9855336_root"; // Mysql username $password="n4th4n%"; // Mysql password $db_name="a9855336_mail"; // Database name // Connect to server and select databse. mysql_connect($host, $username, $password); mysql_select_db($db_name); $query = "SELECT title, content, FROM members where ID = 1"; $result = mysql_query($query); $row = mysql_fetch_array($result) echo $row['title']; ?> html stuff <?php echo $row['content']; ?> If anyone can help me fix this problem or sugguest a dfiferent way to go about this it would be greatly appriciated. Thanks, Blink359 I opened a thread yesterday about an XSS vulnerability when the user is logged in. I'll summarize is in a short quote: Quote http://host/editText.php?fieldname=slogan&content=slogan<img src=x onerror=alert("XSS")> This vulnerability only works if the user is logged in. I want to secure it anyway to give the security companies contacting me about this a break. xyph solved my problem with this: Code: [Select] foreach( $_REQUEST as $key => $val ) $_REQUEST[$key] = htmlentities($val); He warned me it was a risky but I didn't take him that seriously. Well guess he was right. The foreach loop he gave me does protect me from the XSS attack, but it also disables the users to use any kind of code in the pages. Next time xyph warns me its risky, I'll know he means it. Now to my problem, how do I use this foreach loop without disabling the user of using simple html tags? Here's the file (editText.php) where the foreach loop was used: Code: [Select] <?php session_start(); // THE LOOP WAS USED HERE BUT I REMOVED IT DUE TO THE USERS PROBLEM. function getSlug( $page ) { $page = strip_tags( $page ); preg_match_all( "/([a-z0-9A-Z-_]+)/", $page, $matches ); $matches = array_map( "ucfirst", $matches[0] ); $slug = implode( "-", $matches ); return $slug; } $fieldname = $_REQUEST['fieldname']; $encrypt_pass = @file_get_contents("files/password"); if ($_COOKIE['wondercms']!=$encrypt_pass) { echo "You must login before using this function!"; exit; } $content = rtrim(stripslashes($_REQUEST['content'])); // if to only allow specified tags if($fieldname=="title") $content = strip_tags($content); else $content = strip_tags($content,"<audio><source><embed><iframe><p><h1><h2><h3><h4><h5><h6><a><img><u><i><em><strong><b><strike><center><pre>"); $content = trim($content); $content = nl2br($content); if(!$content) $content = "Please be sure to enter some content before saving. Just type anything in here."; $content = preg_replace ("/%u(....)/e", "conv('\\1')", $content); if($fieldname>0 && $fieldname<4) $fname = "attachment$fieldname"; else $fname = $fieldname; $file = @fopen("files/$fname.txt", "w"); if(!$file) { echo "<h2 style='color:red'>*** ERROR *** unable to open content_$fieldname</h2><h3>But don't panic!</h3>". "Please set the correct read/write permissions to the files folder.<br/> Find the /files/ folder and CHMOD it to 751.<br /><br /> If this still gives you problems, open up the /files/ folder, select all files and CHMOD them to 640.<br /><br /> If this doesn't work, contact me <a href='http://krneky.com/en/contact'>right here</a>."; exit; } fwrite($file, $content); fclose($file); echo $content; // convert udf-8 hexadecimal to decimal function conv($hex) { $dec = hexdec($hex); return "&#$dec;"; } ?> i just want to ask this simple question let say i have this basic query $place=$_GET['place']; mysql_query("SELECT * FROM table WHERE place='$place'"); this is a nice target for sql injection.. but what if i replace the whole special characters that could be added $replacethis=array("-","`"); $withthis=array("",""); $place=str_replace($replacethis,$withthis,$_GET['place']); mysql_query("SELECT * FROM table WHERE place='$place'"); Are they still able to do the basic sql injection by trying to get the error by adding special character although i didn't use mysql_real_escape_string() ?? then what if i protect the file by changing the setting of the permission to either 644 or 755? thanks in advance At the moment I am creating a search function for my website. The approach I have in mind is a pseudo-PHP database. To give an example: A HTML form will submit the results to a PHP file. HTML FORM - Colour: Black PHP RESULT PAGE - if ($_POST['color'] == 'Black') {readfile("./products/black/*.html");} HTML FORM - Price: <$50 PHP RESULT PAGE - if ($_POST['Price'] == '<$50') {readfile("./products/less50/*.html");} The problem here is if there is an item that is black and costs less than $50, then its going to be listed twice. There is probably some code I can write to ommit the listing of duplicate entries, but it is probably going to be messy, so I am wondering if its better to use a centralized MySQL database, rather than a pseudo-PHP database? I've never used MySQL and don't know much about it and this is my first real attempt at using PHP. Does anyone already fix the bug. I found something interesting in the error_log file this morning
x.x.x.x - - [25/Sep/2014:01:12:34 -0500] "GET /cgi-bin/defaul_p.cgi HTTP/1.0" 404 312 "-" "() { :;}; /bin/ping -c 5 "209.126.230.74"
I have a problem which I've been trying to fix for a while now with htmlentities. I've written my own small cms which is available for the public, and recently I recieved a report that it's vulnerable to an XSS attack: http://host/editText.php?fieldname=slogan&content=slogan<img src=x onerror=alert("XSS")> This vulnerability only works if the user is logged in. I want to secure it anyway to give the security companies contacting me about this a break. I've been rolling around the internet trying to find a simple answer how to prevent this XSS attack with HTMLENTITIES. I've even tried writing my own solutions with the htmlentities and it doesn't seem to solve the problem/stop the attack. I'm thinking something like htmlEntities($content); //but again, this won't do the job. Here's the editText.php Code: [Select] <?php session_start(); function getSlug( $page ) { $page = strip_tags( $page ); preg_match_all( "/([a-z0-9A-Z-_]+)/", $page, $matches ); $matches = array_map( "ucfirst", $matches[0] ); $slug = implode( "-", $matches ); return $slug; } $fieldname = $_REQUEST['fieldname']; $encrypt_pass = @file_get_contents("files/password"); if ($_COOKIE['wondercms']!=$encrypt_pass) { echo "You must login before using this function!"; exit; } $content = rtrim(stripslashes($_REQUEST['content'])); // if to only allow specified tags if($fieldname=="title") $content = strip_tags($content); else $content = strip_tags($content,"<audio><source><embed><iframe><p><h1><h2><h3><h4><h5><h6><a><img><u><i><em><strong><b><strike><center><pre>"); $content = trim($content); $content = nl2br($content); if(!$content) $content = "Please be sure to enter some content before saving. Just type anything in here."; $content = preg_replace ("/%u(....)/e", "conv('\\1')", $content); if($fieldname>0 && $fieldname<4) $fname = "attachment$fieldname"; else $fname = $fieldname; $file = @fopen("files/$fname.txt", "w"); if(!$file) { echo "<h2 style='color:red'>*** ERROR *** unable to open content_$fieldname</h2><h3>But don't panic!</h3>". "Please set the correct read/write permissions to the files folder.<br/> Find the /files/ folder and CHMOD it to 751.<br /><br /> If this still gives you problems, open up the /files/ folder, select all files and CHMOD them to 640.<br /><br /> If this doesn't work, contact me <a href='http://krneky.com/en/contact'>right here</a>."; exit; } fwrite($file, $content); fclose($file); echo $content; // convert udf-8 hexadecimal to decimal function conv($hex) { $dec = hexdec($hex); return "&#$dec;"; } ?> There are only 3 files altogether, if someone needs index I'll post that too. I have been pulling my hair out for the lasy 3 hours i am trying to update a MySql table but i cant get it too work, i just keep getting MySql error #1064 - You have an error in your SQL syntax; if i just update 1 field it works fine but if i try to update more than 1 field it dosent work, Help Please! <?php $root = $_SERVER['DOCUMENT_ROOT']; require("$root/include/mysqldb.php"); require("$root/include/incpost.php"); $con = mysql_connect("$dbhost","$dbuser","$dbpass"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("$dbame", $con); mysql_query("UPDATE Reg_Profile_p SET build='$build' col='$col' size='$size' WHERE uin = '$uinco'"); ?> does anyone know who to resolve this issue of importing a CSV file from excel into sql? I get this error when I do. LOAD DATA LOCAL INFILE '/tmp/phpq2aAbU' INTO TABLE `Events` FIELDS TERMINATED BY ',' ENCLOSED BY '\\"' ESCAPED BY '\\\\' LINES TERMINATED BY '\r\n' A friend of mine must of changed something on the site while I was asleep last night and now all the site says when you go to it is: Error Database query error Warning: mail() [function.mail]: SMTP server response: 530 SMTP authentication is required. in C:\xampp\htdocs\inc\utils.inc.php on line 449 I'm not exactly sure what he did since I can't contact him. Can anyone help me fix this? okay this sounds strange I know but but apart from html code in pure php the database values display correctly but when I combine with HTML code i get an offset error when retrieving certain values example results from database file no HTML coding: February10 2012 5pm MY EVENT NEW YORK ERROR when combined with HTML: February MYEVENT 2012 NewYork Hey guys, I am using this script to connect to mysql database. Here it is the code: <?php define('DB_HOST', 'localhost'); define('DB_USER', 'myusername'); define('DB_PASSWORD', 'mypassword'); define('DB_DATABASE', 'mydatabase'); session_start(); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $login = clean($_GET['login']); $password = clean($_GET['password']); if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'PS ID missing'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); echo "ERROR"; exit(); } $qry="SELECT level FROM users WHERE login='$login' AND passwd='$password'"; if($result) { $result=mysql_query($qry); echo $result; exit(); }else { die("Query failed"); } ?> However, I have received an error which I catch from this line: echo "ERROR"; I have input the correct username, password and the name of the database. Do you have any idea why I have received an error, guess if I have missing something? Hi, I've uploaded my website to the server and I'm getting this error:- Code: [Select] Parse error: syntax error, unexpected T_VARIABLE in /home/c/h/chichesterag/public_html/Connections/gary.php on line 9 This is the first 9 lines of code:- Code: [Select] <?php session_start(); ?> <?php require_once('Connections/gary.php'); ?> <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); $gary = mysql_connect("localhost", "root") or die("Error connecting to database<br /><br />".mysql_error()); mysql_select_db("people") or die("Error selecting database<br /><br />".mysql_error()); This is my connecting code:- Code: [Select] <?php # FileName="Connection_php_mysql.htm" # Type="MYSQL" # HTTP="true" $hostname_gary = "localhost"; $database_gary = "chichesterag"; $username_gary = "chichesterag"; $password_gary = "xxxxxx"; $gary = mysql_pconnect($hostname_localhost, $username_chichesterag, $password_xxxxxx) or trigger_error(mysql_error(),E_USER_ERROR); ?> The server's owner doesn't know what the problem is so I'm hoping someone here can help. Thanks, Gary How would I go about doing the following: I have a csv like this Quote "Division","Section","Group","Product Code","Description","Description + Secondary Description" "Division 1","Section 1","Group 1","BMSLPL25","Test Name","Test Description" "Division 1","Section 1","Group 2","BMSLPL26","Test Name 2","Test Description 2" "Division 2","Section 2","Group 2","BMSLPL27","Test Name 3","Test Description 3" I have a database structured like this Quote Divisions --- id name parent_id Groups --- id name division_id Products --- id code description secondary_description Section is a sub division. What is the best way to get the information from CSV into this database? Should I have another table and store the CSV data as is and then query that to make the other tables. Any help much appreciated. Hey guys I keep getting the error "Database not selected" with this script <?php session_start(); if ($_SESSION['adminlogin'] == 1){ //Run } else { header('Location: Log-In.php'); exit; } ?> <!DOCTYPE HTML> <html lang="en-GB"> <head> <meta charset="utf-8"> <!--Search Engine Meta Tags--> <meta name="author" content="Worldwide Lighthouses"> <meta name="keywords" content="Lighthouses,Lightships,Trinity House,Fog Signals,Fog Horns,Fresnel"> <meta name="description" content="Worldwide Lighthouses is the number 1 source of information, pictures and videos on the Subject of Lighthouses and Lightships"> <!--Stylesheets/Javascript--> <link rel="stylesheet" href="../../Page-Layout.css" media="screen and (min-width: 481px)"> <link rel="stylesheet" href="../../Mobile-Page-Layout.css" media="only screen and (max-width:480px)"> <!--Mobile Browser Support--> <meta name="viewport" content="width=320; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;"> <!--IE Support--> <!--[if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <link rel="stylesheet" href="../Page-Layout.css"><![endif]--> <meta name="application-name" content="Worldwide Lighthouses"> <meta name="msapplication-starturl" content="http://worldwidelighthouses.com/"> <meta name="msapplication-tooltip" content="Worldwide Lighthouses: Your number one source of Lighthouse Information, Videos and Pictures"> <meta name="msapplication-task" content="name=Lighthouses;action-uri=http://worldwidelighthouses.com/Lighthouses.php;icon-uri=http://worldwidelighthouses.com/IE9/Lighthouses.ico"> <meta name="msapplication-task" content="name=Lightships;action-uri=http://worldwidelighthouses.com/Lightships.php;icon-uri=http://worldwidelighthouses.com/IE9/Lightships.ico"> <meta name="msapplication-task" content="name=Fog Signals;action-uri=http://worldwidelighthouses.com/Fog-Signals.php;icon-uri=http://worldwidelighthouses.com/IE9/Fog-Signals.ico"> <meta name="msapplication-task" content="name=Glossary;action-uri=http://worldwidelighthouses.com/Glossary.php;icon-uri=http://worldwidelighthouses.com/IE9/Glossary.ico"> <title>Mailing List Administration | Worldwide Lighthouses</title> </head> <body> <header> <h1 id="WWLH">Worldwide Lighthouses</h1> <form method="get" action="http://www.worldwidelighthouses.com/Search/search.php" id="Search-Box"> <input type="search" placeholder="Search Worldwide Lighthouses" name="query" id="query" size="30" value="" autocomplete="off"> <input type="submit" value="Search"> <input type="hidden" name="search" value="1"> </form> </header> <nav> <ul id="Nav"> <li class="MenuButton" id="Index"><a href="../Index.php"><p class="Nav">Home</p></a></li> <li class="MenuButton" id="Lighthouses"><a href="../Lighthouses.php"><p class="Nav">Lighthouses</p></a></li> <li class="MenuButton" id="Lightships"><a href="../Lightships.php"><p class="Nav">Lightships</p></a></li> <li class="MenuButton" id="FogSignals"><a href="../Fog-Signals.php"><p class="Nav">Fog Signals</p></a></li> <li class="MenuButton" id="Daymarks"><a href="../Daymarks.php"><p class="Nav">Daymarks</p></a></li> <li class="MenuButton" id="Buoys"><a href="../Buoys.php"><p class="Nav">Buoys</p></a></li> <li id="MenuButtonLast"><a href="../Glossary.php"><p class="Nav">Glossary</p></a></li> </ul> </nav> <?php if ($_SESSION['adminlogin']==1) { echo '<div id="logout"> <div style="float:left; width:30%; text-align:left;!important"> <a href="Log-In-Accept-Deny.php">Back to Admin Home</a> </div> <div style="float:right; width:70%;"> <a href="Logout.php">Log Out of Admin</a> <p style="font-size:10px;">Always Sign Out when Finished!</p> </div></div>';} ?> <article> <h1 class="Title">Update Contact Record</h1> <div class="Textbox"> <? $id=$_GET['id']; $username="worldw44_php"; $password="c@rtmeldrive41"; $database="worldw44_newsemail"; mysql_connect(localhost,$username,$password); $query="SELECT * FROM contacts WHERE id='$id'"; $result=mysql_query($query) or die( 'Error: ' . mysql_error() ); $num = mysql_num_rows($result); $i=0; while ($i < $num) { $name=mysql_result($result,$i,"name"); $email=mysql_result($result,$i,"email"); ?> <form action="updated.php" method="post"> <input type="hidden" name="ud_id" value="<? echo $id; ?>"> Name: <input type="text" name="ud_first" value="<? echo $name; ?>"><br> E-mail: <input type="text" name="ud_email" value="<? echo $email; ?>"><br> <input type="Submit" value="Update"> </form> <? ++$i; } mysql_close(); ?> <?php if ($_SESSION['adminlogin'] == 1){ echo "Logged in on server side."; }?> </div> </article> <footer> <ul> <li><a href="http://www.worldwidelighthouses.com/About.php">About</a></li> <li><a href="http://www.worldwidelighthouses.com/Contact-us.php">Contact</a></li> <li><a href="http://www.worldwidelighthouses.com/Use-Our-Media.php">Use our media</a></li> <li><a href="http://www.worldwidelighthouses.com/Search/search.php">Search</a></li> <li><a href="http://www.worldwidelighthouses.com/Social-Networking.php">Social</a></li> <li><a href="#Top">Back to top</a></li> </ul> <br> <br> &#169; Worldwide Lighthouses <?php echo date("Y"); ?> </footer> </body> I have no idea why? Any help? AS far as my understanding i have selected it as "Contactinfo"? Thanks Danny well i got a few checbox (look below for code) i want to make it so that if i click the checkbox's it sends all the check box value to one column with "," in between them Code: [Select] <input type="checkbox" name="genre" value="fighting" id="genre"/>fighting <input type="checkbox" name="genre" value="school life" id="genre" />school life <input name="genre" type="checkbox" id="genre" value="king" id="genre" />king <input name="genre" type="checkbox" id="genre" value="him" />him here's the class im using Code: [Select] <?php # Name: Database.singleton.php # File Description: MySQL Singleton Class to allow easy and clean access to common mysql commands # Author: ricocheting # Web: http://www.ricocheting.com/ # Update: 2010-07-19 # Version: 3.1.4 # Copyright 2003 ricocheting.com /* This program is free softwa you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ //require("config.inc.php"); //$db = Database::obtain(DB_SERVER, DB_USER, DB_PASS, DB_DATABASE); //$db = Database::obtain(); ################################################################################################### ################################################################################################### ################################################################################################### class Database{ // debug flag for showing error messages public $debug = true; // Store the single instance of Database private static $instance; private $server = ""; //database server private $user = ""; //database login name private $pass = ""; //database login password private $database = ""; //database name private $error = ""; ####################### //number of rows affected by SQL query public $affected_rows = 0; private $link_id = 0; private $query_id = 0; #-############################################# # desc: constructor private function __construct($server=null, $user=null, $pass=null, $database=null){ // error catching if not passed in if($server==null || $user==null || $database==null){ $this->oops("Database information must be passed in when the object is first created."); } $this->server=$server; $this->user=$user; $this->pass=$pass; $this->database=$database; }#-#constructor() #-############################################# # desc: singleton declaration public static function obtain($server=null, $user=null, $pass=null, $database=null){ if (!self::$instance){ self::$instance = new Database($server, $user, $pass, $database); } return self::$instance; }#-#obtain() #-############################################# # desc: connect and select database using vars above # Param: $new_link can force connect() to open a new link, even if mysql_connect() was called before with the same parameters public function connect($new_link=false){ $this->link_id=@mysql_connect($this->server,$this->user,$this->pass,$new_link); if (!$this->link_id){//open failed $this->oops("Could not connect to server: <b>$this->server</b>."); } if(!@mysql_select_db($this->database, $this->link_id)){//no database $this->oops("Could not open database: <b>$this->database</b>."); } // unset the data so it can't be dumped $this->server=''; $this->user=''; $this->pass=''; $this->database=''; }#-#connect() #-############################################# # desc: close the connection public function close(){ if(!@mysql_close($this->link_id)){ $this->oops("Connection close failed."); } }#-#close() #-############################################# # Desc: escapes characters to be mysql ready # Param: string # returns: string public function escape($string){ if(get_magic_quotes_runtime()) $string = stripslashes($string); return @mysql_real_escape_string($string,$this->link_id); }#-#escape() #-############################################# # Desc: executes SQL query to an open connection # Param: (MySQL query) to execute # returns: (query_id) for fetching results etc public function query($sql){ // do query $this->query_id = @mysql_query($sql, $this->link_id); if (!$this->query_id){ $this->oops("<b>MySQL Query fail:</b> $sql"); return 0; } $this->affected_rows = @mysql_affected_rows($this->link_id); return $this->query_id; }#-#query() #-############################################# # desc: does a query, fetches the first row only, frees resultset # param: (MySQL query) the query to run on server # returns: array of fetched results public function query_first($query_string){ $query_id = $this->query($query_string); $out = $this->fetch($query_id); $this->free_result($query_id); return $out; }#-#query_first() #-############################################# # desc: fetches and returns results one line at a time # param: query_id for mysql run. if none specified, last used # return: (array) fetched record(s) public function fetch($query_id=-1){ // retrieve row if ($query_id!=-1){ $this->query_id=$query_id; } if (isset($this->query_id)){ $record = @mysql_fetch_assoc($this->query_id); }else{ $this->oops("Invalid query_id: <b>$this->query_id</b>. Records could not be fetched."); } return $record; }#-#fetch() #-############################################# # desc: returns all the results (not one row) # param: (MySQL query) the query to run on server # returns: assoc array of ALL fetched results public function fetch_array($sql){ $query_id = $this->query($sql); $out = array(); while ($row = $this->fetch($query_id)){ $out[] = $row; } $this->free_result($query_id); return $out; }#-#fetch_array() #-############################################# # desc: does an update query with an array # param: table, assoc array with data (not escaped), where condition (optional. if none given, all records updated) # returns: (query_id) for fetching results etc public function update($table, $data, $where='1'){ $q="UPDATE `$table` SET "; foreach($data as $key=>$val){ if(strtolower($val)=='null') $q.= "`$key` = NULL, "; elseif(strtolower($val)=='now()') $q.= "`$key` = NOW(), "; elseif(preg_match("/^increment\((\-?\d+)\)$/i",$val,$m)) $q.= "`$key` = `$key` + $m[1], "; else $q.= "`$key`='".$this->escape($val)."', "; } $q = rtrim($q, ', ') . ' WHERE '.$where.';'; return $this->query($q); }#-#update() #-############################################# # desc: does an insert query with an array # param: table, assoc array with data (not escaped) # returns: id of inserted record, false if error public function insert($table, $data){ $q="INSERT INTO `$table` "; $v=''; $n=''; foreach($data as $key=>$val){ $n.="`$key`, "; if(strtolower($val)=='null') $v.="NULL, "; elseif(strtolower($val)=='now()') $v.="NOW(), "; else $v.= "'".$this->escape($val)."', "; } $q .= "(". rtrim($n, ', ') .") VALUES (". rtrim($v, ', ') .");"; if($this->query($q)){ return mysql_insert_id($this->link_id); } else return false; }#-#insert() #-############################################# # desc: frees the resultset # param: query_id for mysql run. if none specified, last used private function free_result($query_id=-1){ if ($query_id!=-1){ $this->query_id=$query_id; } if($this->query_id!=0 && !@mysql_free_result($this->query_id)){ $this->oops("Result ID: <b>$this->query_id</b> could not be freed."); } }#-#free_result() #-############################################# # desc: throw an error message # param: [optional] any custom error to display private function oops($msg=''){ if(!empty($this->link_id)){ $this->error = mysql_error($this->link_id); } else{ $this->error = mysql_error(); $msg="<b>WARNING:</b> No link_id found. Likely not be connected to database.<br />$msg"; } // if no debug, done here if(!$this->debug) return; ?> <table align="center" border="1" cellspacing="0" style="background:white;color:black;width:80%;"> <tr><th colspan=2>Database Error</th></tr> <tr><td align="right" valign="top">Message:</td><td><?php echo $msg; ?></td></tr> <?php if(!empty($this->error)) echo '<tr><td align="right" valign="top" nowrap>MySQL Error:</td><td>'.$this->error.'</td></tr>'; ?> <tr><td align="right">Date:</td><td><?php echo date("l, F j, Y \a\\t g:i:s A"); ?></td></tr> <?php if(!empty($_SERVER['REQUEST_URI'])) echo '<tr><td align="right">Script:</td><td><a href="'.$_SERVER['REQUEST_URI'].'">'.$_SERVER['REQUEST_URI'].'</a></td></tr>'; ?> <?php if(!empty($_SERVER['HTTP_REFERER'])) echo '<tr><td align="right">Referer:</td><td><a href="'.$_SERVER['HTTP_REFERER'].'">'.$_SERVER['HTTP_REFERER'].'</a></td></tr>'; ?> </table> <?php }#-#oops() }//CLASS Database ################################################################################################### ?> here's what im trying to do. Code: [Select] $sql="SELECT * FROM rpg_announcements ORDER BY id desc"; $result = $db->query($sql); $row = $db->fetch_array($result); echo $row[1]; here's my error: Database Error Message: MySQL Query fail: Resource id #7 Notice: Undefined offset: 1 What am i doing wrong? Hi I am struggling to connect to my database and was wondering if someone could please help me. I am not sure what I need to put on line 10 in this code
<?php
define('DB_HOST', 'localhost');
define('DB_USER', 'root');
define('DB_PASS', '');
define('DB_NAME', 'tonyruttle');
define("PERPAGE", 10);
$mydb = (DB_HOST, DB_USER, DB_PASS, DB_NAME);
/***********************************************
** SEARCH FOR MATCHING PRODUCTS
************************************************/
$showResults = 0;
$search = '';
if (isset($_GET['srch'])) {
$search = $_GET['srch'];
$showResults = 1;
$srch = array_filter(array_unique(explode(' ', trim($_GET['srch']))));
array_walk($srch, function(&$v, $k) { // add the +'s to the search tags
$v = '+'.$v;
});
$tagparam = join(' ', $srch);
//
// FINDTOTAL RECORDS IN SEARCH RESULTS
//
$params[] = $tagparam;
$res = $db->prepare("SELECT COUNT(*) as tot
FROM television p
WHERE MATCH(title,keywords) AGAINST(? IN BOOLEAN MODE)
");
$res->execute( $params );
$total = $res->fetchColumn();
$page = $_GET['page'] ?? 1;
$params[] = ($page-1)*PERPAGE; // append parameters offset
$params[] = PERPAGE; // and number of records for limit clause
//
// GET A PAGEFUL OF RECORDS
//
$sql = "SELECT
id
, title
, active
FROM television p
WHERE MATCH(title,keywords) AGAINST(? IN BOOLEAN MODE)
ORDER BY TITLE
LIMIT ?,? ";
$stmt = $db->prepare($sql);
$stmt->execute($params);
if ($stmt->rowCount()==0) {
$results = "<h3>No matching records</h3>";
} else {
$results = "<tr><th>Product Id</th><th>Title</th><th>Active</th><th colspan='2'>Action</th></tr>\n";
foreach ($stmt as $rec) {
$cls = $rec['active']==0 ? "class='inactive'" : '';
$results .= "<tr $cls><td>{$rec['id']}</td><td>{$rec['title']}</td><td class='ca'>{$rec['active']}</td>
<td class='ca'><a href='?action=edit&id={$rec['id']}'><img src='images/edit-icon.png' alt='edit'></a></td>
</tr>\n";
}
}
}
?>
<div id='title'>Product List</div>
<form id='form1' ">
<fieldset>
<legend>Search titles and tags</legend>
<input type='text' name='srch' id='srch' size='50' value='<?=$search?>' placeholder='Search for...' >
<input type="hidden" name="page" id="page" value="1">
<input type="hidden" name="action" value="search">
<input type="submit" name="btnSub" value="Search">
</fieldset>
<div id='formfoot'></div>
</form>
<?php if ($showResults) { ?>
<div class="paginate_panel">
<?=page_selector($total, $page, PERPAGE)?>
</div>
<table border='1'>
<?=$results?>
</table>
<?php } ?>
|
|||||||