mac_gyver

you would explode the search term on the space characters, then dynamically build an expression for each word, that get ORed together to build the WHERE ... term. you need to use a prepared query, so that nothing in a value can break the sql query syntax, which is how sql injection is accomplished.

forget the word sanitize when dealing with data. also forget about using stripslashes(). when it was needed, it was conditionally applied. the need to do this was removed from php long ago. other than trimming user submitted data, mainly so that you can detect if a value is all white-space characters, you should NOT modify data. you should validate the data to make sure that it meets the business needs of your application. is a required value not empty. is a value that must have a specific format, character range, length, or magnitude valid? if it's valid, use it. if it isn't valid, let the user know what was wrong with it, let them fix it, and resubmit it. security is accomplished by using the data correctly in whatever context it is being used in, e.g. sql, html, mail header, ... in a html context (web page, email body), apply htmlentities/htmlspecialchars to a value right before outputting it, to help prevent cross site scripting.

do you have php's error_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your development system, so that php will help you by reporting and displaying all the errors it detects? are you using php8+, where exceptions are the default setting for database statement errors, or if using < php8, have you enabled exceptions for errors for the database extension you are using? when your code/data doesn't work, you need to find at what point they are doing what you expect and at what point they are not. the problem lies between those two points. if all you have done is run your code and notice that it doesn't insert the expected data, you haven't narrowed down the problem to a single line of code. you need to use debugging techniques, such as using var_dump() on data, to both determine which exaction path your code is taking and what data values it is using, to find out exactly where your code/data stops doing what you expect. well written code, with sufficient error handling and validation logic, should either work or it should tell you (display/log) why it doesn't work. every data validation error should get handled. your if (Token::check(Input::get('token'))) validation doesn't do anything if the token check is a false value, indicating either a programming mistake or someone/something hasn't visited/requested the form to generate a token. you need to add an else conditional branch to display (during development) or log (when on a live server) relevant information when this occurs. finally, you have some problems in the posted form/form processing - your user ->create() method is using a surname field, that doesn't exist in the form your form has a status field, that isn't being used if you want the user to be required to make a specific choice for the status field, the first <option ...> needs to be a prompt to make a choice, with an empty value attribute the email field is not being validated both the username and email fields must be defined as unique indexes in the database table. you must then have exception error handling for the insert query that tests for a duplicate index error (number), determines which or both of the submitted values where duplicates, and sets up user error(s) for the duplicate values. the foreach() loop displaying the validation errors, is concatenating each error onto the existing $response. when there is more than one error, the $response will get echoed multiple times, with a growing number of errors in it. i recommend that you just implode() the array of errors using a '<br>' tag and output the result. the form is submitting to insert/user.php. that doesn't correspond to the filename of the posted code.

when using named prepared query place-holders, the name must match between what you use in the sql query and the binding. in your code, they don't. e.g. :LogID is not the same as :LOGIN_ID. ... i recommend that you use simple positional ? place-holders. there's less to type and keep track of. regardless of the place-holder type, you can simply supply an array of the input values to the ->execute([...]) call, saving more typing. you should not manage the id value yourself in code. this is not concurrent safe. instead, use an autoincrement primary index. the database engine will perform the necessary table locking to insure that concurrent queries will generate unique values. your database must enforce uniqueness, it is the last step in the process. the username column must be defined as a unique index. you would then attempt to insert a row of data, and test in the exception handling catch block for that query if an duplicate index error (number) occurred. if it did, setup a message for the user letting them know that the username is already in use. for all other error numbers, rethrow the exception and let php handle it. there's also nothing to fetch from an insert query. why are you doing that?

what does the 'view source' of the page in the browser show? do any other .php pages work? either the code starts with a short-opening php tag <? or php isn't working on the web server.

let's start at the beginning. why was your account moved to a different server? next, you need to create a .php script file with a phpinfo(); statement in it, e.g. <?php phpinfo(); ?> , in your document root folder, and browse to the URL of this file, e.g. https//your_domain.com/the_file_you_just_created.php in the resulting web page, you/we need to know what is shown for the Loaded Configuration File setting and the session.save_path setting (both the local and master values.)

the session.save_path setting in the php.ini is pointing to a now non-existent/non-accessible folder. you need to see of there is already an appropriate folder within your account's directory tree /home/rgxb6tc5wk5q/... for session data files and set the session.save_path setting to point to it, and if a folder doesn't exist, create it and set the session.save_path setting to point to it. when your account was created/moved they should have had templates setup to do this automatically.

i recommend that you make a new file with the code necessary to load the phpmailer script and with your sendEmailNotification() function in it, setup some test data, and call the sendEmailNotification() function and get the email to work. once you get the email to work on its own, then make sure that your full code is actually calling the sendEmailNotification() function, by echoing/logging a value at the completion of the email code. you are performing a redirect right after the INSERT query. it's possible that the sms code will take enough time to make the curl request that the browser can abort the current request and halt code execution before your code gets to the email code. it's also possible that the curl code is throwing an error and your code never gets to the email code. any such redirect needs to be at the end of the post method form processing code, it should only occur if there are no user/validation errors, and it should be to the exact same URL of the current page to cause a get request for that page. here's a list of things that will simplify the code, making it easier to see what the code is trying to do - you should only catch and handle database exceptions for user recoverable errors, such as when inserting/updating duplicate user submitted data. for all other insert/update query error numbers, just rethrow the exception and let php handle it and for all other type of queries, let php catch and handle any database exception. for the INSERT query you should be catching and testing for a duplicate index error number. if an applicant can only register once, the applicant_id column should be defined as a unique index, so that only one record per applicant_id can be inserted. if an applicant can only register for a single exam_date_id, the combined applicant_id and exam_date_id columns need to be defined as a composite unique index. if you set the default fetch mode to assoc when you make the database connection, you won't have to specify it in each fetch statement. don't copy variables to other variables for nothing. just use the original variables that data is in.

if you use this, you must specifically set the request header, between the .open() and .send() calls - xhttp.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); If the only POST method request made to the page will be via an ajax request, then simply testing for a post method request will work. all data submitted to your site can come from anywhere, not just your form, links, cookies, ajax requests, ..., can be set to anything, and cannot be trusted. you must validate all input data to make sure it meets the business needs of your application and use all data securely in whatever context it is being used in.

provided the code for the page is laid out in this general order - initialization post method form processing get method business logic - get/produce data needed to display the page html document at the end of item #2, if the request was an AJAX request, you would build and output the response to the ajax request, then exit/die, so that the rest of the code on the page isn't executed. here's a snippet of code to detect an AJAX request - define('IS_AJAX_REQUEST', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'); you can then conditionally run AJAX request only code using - if(IS_AJAX_REQUEST) { // build and output the response to the AJAX request // typeically json_encode([some meaningful error or success data]); // stop php code execution die; }

where are you getting $value from and how are you building the SELECT ... list in the data query? if they are in the same order, you don't need to do anything else, the rows of fetched data will match the csv columns/headings in $value.

you likely have a single ...fetch() statement somewhere between where you have executed the sql query and the code you did post. btw - the mysql_ extension has been removed from php for a very long time. you should both update your php version to 8+ and switch to the PDO extension.

except, that's only the last field definition, not all of them, because you are reassigning $fieldSelection each pass through the loop. you want to add a new array entry to $fieldSelection each pass through the loop. you have a typo/spelling mistake in the :fieldSection place-holder in the sql vs :fieldSelection in the execute() call.

if you name the sets of fields differently, with the same root name, an incrementing numerical index, then the element name, the submitted data will already be in a format that you can json_encode(). assuming these are all text fields, the markup would look like - <input type='text' name='fieldSelection[0][field]'> <input type='text' name='fieldSelection[0][fieldName]'> <input type='text' name='fieldSelection[0][fieldLabel]'> <input type='text' name='fieldSelection[0][fieldType]'> <input type='text' name='fieldSelection[0][fieldWidth]'> <input type='text' name='fieldSelection[1][field]'> <input type='text' name='fieldSelection[1][fieldName]'> <input type='text' name='fieldSelection[1][fieldLabel]'> <input type='text' name='fieldSelection[1][fieldType]'> <input type='text' name='fieldSelection[1][fieldWidth]'> you can then simply loop over $_POST['fieldSelection'] and use each set of values - foreach($_POST['fieldSelection'] as $row) { echo '<pre>'; print_r($row); echo '</pre>'; echo json_encode($row); echo '<br>'; }

OR you can use the complement - select count(*) as CustomerActual, Month from sbms.customerdata WHERE EmpID='83201858' AND (VisitType = 'No Due' OR VisitDate !='') group by Month