Fermac
-
Posts
17 -
Joined
-
Last visited
Posts posted by Fermac
-
-
Hi all, this has now been sorted, thanks.
-
Hi all, thanks for your help, this has now been resolved.
-
I dropped you a private message Muddy.
-
Hi I've taken over a website which worked on the previous hosting but has a specific part of the site no longer working on my host. I have posted about it here:
http://forums.phpfreaks.com/topic/281566-possible-sql-injection-error/
so you might be able to get at least a sense of how much work is involved.
Would appreciate anyone contacting me by Skype: john_ferris or by email: john@fermacconsulting.com and let me know you're hourly rate.
Thanks
-
Guru, this was a copy and paste from the original source code. I'm happy to pay someone to have a look at this, so maybe best I post on the freelance page.
-
Okay, here's the shopping cart page in its entirety:
<?php include 'include/functions.php'; $colname_rsOrderInformation = "-1"; if (isset($_SESSION['cartId'])) { $colname_rsOrderInformation = $_SESSION['cartId']; } mysql_select_db($database_conDB, $conDB); $query_rsCartInformation = sprintf("SELECT * FROM tabCart WHERE cartId = %s", GetSQLValueString($colname_rsOrderInformation, "int")); $rsCartInformation = mysql_query($query_rsCartInformation, $conDB) or die(mysql_error()); $row_rsCartInformation = mysql_fetch_assoc($rsCartInformation); $totalRows_rsCartInformation = mysql_num_rows($rsCartInformation); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link rel="shortcut icon" href="favicon.ico" /> <link href="main.css" rel="stylesheet" type="text/css"/> <style type="text/css"> .slideshow { height:319px; width:476px; margin-right:0px; margin-bottom:0px; z-index:0; background-color: #fff;} .slideshow img { height: 319px !important; width: 476px !important; padding-left: 0px; } </style> <!-- include jQuery library --> <script type="text/javascript" src="include/jquery.min.js"></script> <!-- include Cycle plugin --> <script type="text/javascript" src="include/java.js"></script> <script type="text/javascript"> $(document).ready(function() { $('.slideshow').cycle({ fx: 'fade' // choose your transition type, ex: fade, scrollUp, shuffle, etc... }); }); </script><?php if (!isset($_SESSION['memUsername'])) {?> <script type="text/javascript"> function changeToPassword(){ document.getElementById("txtLogPassword").type = "password"; document.getElementById("txtLogPassword").value = "" } function resetPassword() { if (document.getElementById("txtLogPassword").value == "") { document.getElementById("txtLogPassword").type = "text"; document.getElementById("txtLogPassword").value = "Password"; } } </script> <?php }?> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-9218136-12']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </head> <body> <div id="head"> <div id="header"><img src="images/logo.png" alt="" title="" /> <a href="http://www.hgffghghf.com" target="_blank"><img src="images/aaa.png" alt="ghffgh" class="jhghjj" border="0" /></a> <div id="nav"> <a href="index.php">Home</a> <a href="about.php">About Us</a> <a href="chefs.php">Chefs</a> <a href="classes.php">Cookery Classes</a> <span class="brown">Gift Vouchers</span> <a href="testimonials.php">Testimonials</a> <a href="faqs.php">FAQ's</a> <a href="contact.php">Contact Us</a></div> <div id="contact"><p>T: 02890 234 722<br />E: <a href="mailto:info@belfastcookeryschool.com">info@belfastcookeryschool.com</a></p> <?php include 'include/memberstuff.php';?> </div> </div> </div> <div id="content"> <div class="contentholder"> <div class="contentleft"> <h1>shopping cart</h1> <p>Your current shopping cart is shown below.</p> <?php include 'include/shopping-cart.php';?> </div> <div class="contentright"> <div class="slideshow"> <img src="images/homeimg1.jpg" alt="" /> <img src="images/homeimg2.jpg" alt="" /> <img src="images/homeimg3.jpg" alt="" /> </div> </div> </div> </div> <div id="content2"> <div class="contentholder"> <div class="contentleft2"> <?php include("include/classes.php"); ?> <br style="clear:both;" /> <?php include("include/chefs.php"); ?> </div> <div class="contentright2"> <?php include("include/twitter.php"); ?> </div> </div> </div> <?php include("include/footer.php"); ?> </body> </html>Next is the /includes/functions.php
<?php require_once('Connections/conDB.php'); session_start(); date_default_timezone_set('Europe/Belfast'); if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } if (!isset($_SESSION['cartId'])) { @$_SESSION['cartId'] = date('U').rand(1000,9999); } mysql_select_db($database_conDB, $conDB); $query_rsSite = "SELECT * FROM tabSite"; $rsSite = mysql_query($query_rsSite, $conDB) or die(mysql_error()); $row_rsSite = mysql_fetch_assoc($rsSite); $totalRows_rsSite = mysql_num_rows($rsSite); $url = $row_rsSite['siteURL']; $colname_rsMemberDetails = "-1"; if (isset($_SESSION['memUsername'])) { $colname_rsMemberDetails = $_SESSION['memUsername']; } mysql_select_db($database_conDB, $conDB); $query_rsMemberDetails = sprintf("SELECT * FROM tabMembers WHERE cusEmail = %s", GetSQLValueString($colname_rsMemberDetails, "text")); $rsMemberDetails = mysql_query($query_rsMemberDetails, $conDB) or die(mysql_error()); $row_rsMemberDetails = mysql_fetch_assoc($rsMemberDetails); $totalRows_rsMemberDetails = mysql_num_rows($rsMemberDetails); if ($totalRows_rsMemberDetails>0 AND $row_rsMemberDetails['cusMedical']!='Y' AND !isset($_SESSION['promptdisplayed'])) { $_SESSION['mustsign']="true"; } $customerCredits = @$row_rsMemberDetails['cusCredit']; // WHO'S ONLINE if (!isset($_SESSION['cartId'])) { $_SESSION['cartId']=date('U').rand(1000,9999); } $colname_rsBooking = "-1"; if (isset($_SESSION['cartId'])) { $colname_rsBooking = $_SESSION['cartId']; } mysql_select_db($database_conDB, $conDB); $query_rsBooking = sprintf("SELECT * FROM tabBookings WHERE bookBookingReference = %s", GetSQLValueString($colname_rsBooking, "text")); $rsBooking = mysql_query($query_rsBooking, $conDB) or die(mysql_error()); $row_rsBooking = mysql_fetch_assoc($rsBooking); $totalRows_rsBooking = mysql_num_rows($rsBooking); $colname_rsOpenOrder = "-1"; if (isset($_SESSION['cartId'])) { $colname_rsOpenOrder = $_SESSION['cartId']; } mysql_select_db($database_conDB, $conDB); $query_rsOpenOrder = sprintf("SELECT * FROM tabOrders WHERE orderId = %s", GetSQLValueString($colname_rsOpenOrder, "text")); $rsOpenOrder = mysql_query($query_rsOpenOrder, $conDB) or die(mysql_error()); $row_rsOpenOrder = mysql_fetch_assoc($rsOpenOrder); $totalRows_rsOpenOrder = mysql_num_rows($rsOpenOrder); function urlreplace($name) { include 'includes/find_and_replaces.php'; return strtolower(str_replace($find, $replace, $name)); } function reverseurl($name) { include 'includes/find_and_replaces.php'; return ucwords(str_replace($replace, $find, $name)); } function selfURL() { $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : ""; $protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s; $port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]); return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI']; } function strleft($s1, $s2) { return substr($s1, 0, strpos($s1, $s2)); } $browesrtype = $_SERVER['HTTP_USER_AGENT']; if (strpos($browesrtype, "MSIE 6.0")>0) $browser = "IE"; // ** Logout the current user. ** $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true"; if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){ $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){ //to fully log out a visitor we need to clear the session varialbles $_SESSION['memUsername'] = NULL; $_SESSION['mustsign'] = NULL; $_SESSION['promptdisplayed'] = NULL; unset($_SESSION['memUsername']); unset($_SESSION['mustsign']); unset($_SESSION['promptdisplayed']); header("LOCATION: /"); exit; } // REDIRECTS if (@$_POST['hidAction']=="bookclass") include 'functions/f_bookclass.php'; if (@$_POST['hidAction']=='register') include 'functions/f_register.php'; if (@$_POST['hidAction']=="cancelbooking") include 'functions/f_cancelbooking.php'; if (@$_POST['hidAction']=='login') include 'functions/f_login.php'; if (@$_POST['hidAction']=='updatebooking') include 'functions/f_update_booking.php'; if (@$_POST['hidAction']=='makepayment' AND @$_POST['button']=="Apply") include 'functions/f_checkcard.php'; if (@$_POST['hidAction']=='makepayment' AND @$_POST['button']=="Pay Now") include 'functions/f_makepayment.php'; if (@$_POST['hidAction']=='makepayment' AND @$_POST['button']=="Update Price") include 'functions/f_checkdiscount.php'; if (@$_POST['hidAction']=='buydiscount1') include 'functions/f_buydiscount1.php'; if (@$_POST['hidAction']=='buydiscount2') include 'functions/f_update_order.php'; if (@$_POST['hidAction']=='makepaymentdiscount') include 'functions/f_makepayment_cards.php'; if (@$_POST['hidAction']=='registercode') include 'functions/f_checkcard.php'; if (@$_POST['hidAction']=='resetpassword') include 'functions/f_resetpassword.php'; if (@$_POST['hidAction']=='updatedetails') include 'functions/f_update_account.php'; if (@$_POST['hidAction']=='addorder' AND @$_POST['button']=="Checkout") include 'functions/f_add_order.php'; if (@$_POST['hidAction']=='addorder' AND @$_POST['button']=="Update") include 'functions/f_updatecart.php'; mysql_free_result($rsSite); ?>and here is the f_updatecart.php file:
<?php for ($x=1; $x<=$_POST['hidTotalCartItems']; $x++) { $tempCartQty = "selQty".$x; $newCartQty = @$_POST[$tempCartQty]; $tempCartItemId = "hidCartRowId".$x; $cartItemId = @$_POST[$tempCartItemId]; $tempCartItemPrice = 'hidCartPrice'.$x; $cartItemPrice = @$_POST[$tempCartItemPrice]; mysql_select_db($database_conDB, $conDB); $query_rsUpdateCartLine = sprintf("SELECT * FROM tabCart WHERE Id = %s", $cartItemId); $rsUpdateCartLine = mysql_query($query_rsUpdateCartLine, $conDB) or die(mysql_error()); $row_rsUpdateCartLine = mysql_fetch_assoc($rsUpdateCartLine); $totalRows_rsUpdateCartLine = mysql_num_rows($rsUpdateCartLine); if ($newCartQty>0) { $newCartItemPrice = $newCartQty * $cartItemPrice; $updateSQL = sprintf("UPDATE tabCart SET cartQty=%s, cartTotal=%s WHERE Id = %s", GetSQLValueString(@$newCartQty, "int"), GetSQLValueString(@$newCartItemPrice, "double"), GetSQLValueString($cartItemId, "int")); mysql_select_db($database_conDB, $conDB); $Result1 = mysql_query($updateSQL, $conDB) or die(mysql_error()); mysql_free_result($rsUpdateCartLine); } if ($newCartQty==0) { $deleteSQL = sprintf("DELETE FROM tabCart WHERE Id = %s", GetSQLValueString($cartItemId, "int")); mysql_select_db($database_conDB, $conDB); $Result1 = mysql_query($deleteSQL, $conDB) or die(mysql_error()); } } ?>These are the three files I was surmising were the issue.
-
Through functions.php file
<?php include 'include/functions.php';
-
Sorry, here it is:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } -
This is what appears:
Caused an error on server, that error was : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 when running with a $newCartQty of 1
-
And only reason why I thought it was a versioning problem was because it worked fine on the last host of the person who had it, if that makes sense?
-
Sorry I wasn't more specific, yes I changed it to
mysql_error($conDB)
and then that's when the "Query was empty" message came up. This was a system inherited from someone else. I'm aware coding isn't great on it, but don't know enough about this to fix. I did add this to my .htaccess file as described by my host to help:
php_flag display_errors on php_value error_reporting E_ALL
But it still came up with the same "Query was empty" message.
-
Don't know if it matters but site is using PHP 5.3.27
-
I was using the
die($updateSQL."<br><br>Caused an error on server, that error was :<br><br>".mysql_error());
I tried using the mysql_query and it came up with this:
Query was empty
-
Removed the @ and it's still coming up with same response as last time, an empty value beside "that error was : "
-
Sorry for being stupid, but I can't find GetSqlValString anywhere in my code!
-
Not sure if this helps, but worked perfectly fine on the previous host!
-
Hi Muddy, thanks for quick response, told you I didn't know what I was talking about! Only thing comes up when I do that is:
Caused an error on server, that error was : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
-
Hi all,
I am new to this, so please be gentle
. I have just taken over a website and moved to new server and it has thrown up a couple of errors, most of which I've sorted other than this one:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
this comes up when trying to update a quantity in a shopping cart and I think it has something to do with SQL injection but I've no idea what to do. My two bits of code are below, first the page with the drop down menu on it:
<?php include 'include/functions.php'; $colname_rsOrderInformation = "-1"; if (isset($_SESSION['cartId'])) { $colname_rsOrderInformation = $_SESSION['cartId']; } mysql_select_db($database_conDB, $conDB); $query_rsCartInformation = sprintf("SELECT * FROM tabCart WHERE cartId = %s", GetSQLValueString($colname_rsOrderInformation, "int")); $rsCartInformation = mysql_query($query_rsCartInformation, $conDB) or die(mysql_error()); $row_rsCartInformation = mysql_fetch_assoc($rsCartInformation); $totalRows_rsCartInformation = mysql_num_rows($rsCartInformation); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="keywords" content="belfast, cookery, school, fish, seafood, learning, northern ireland" /> <meta name="description" content="Belfast Cookery School in association with Mourne Seafood Bar - More than just a restaurant" /> <title>Belfast Cookery School in association with Mourne Seafood Bar - More than just a restaurant - Gift Vouchers</title> <link rel="shortcut icon" href="favicon.ico" /> <link href="main.css" rel="stylesheet" type="text/css"/> <style type="text/css"> .slideshow { height:319px; width:476px; margin-right:0px; margin-bottom:0px; z-index:0; background-color: #fff;} .slideshow img { height: 319px !important; width: 476px !important; padding-left: 0px; } </style> <!-- include jQuery library --> <script type="text/javascript" src="include/jquery.min.js"></script> <!-- include Cycle plugin --> <script type="text/javascript" src="include/java.js"></script> <script type="text/javascript"> $(document).ready(function() { $('.slideshow').cycle({ fx: 'fade' // choose your transition type, ex: fade, scrollUp, shuffle, etc... }); }); </script><?php if (!isset($_SESSION['memUsername'])) {?> <script type="text/javascript"> function changeToPassword(){ document.getElementById("txtLogPassword").type = "password"; document.getElementById("txtLogPassword").value = "" } function resetPassword() { if (document.getElementById("txtLogPassword").value == "") { document.getElementById("txtLogPassword").type = "text"; document.getElementById("txtLogPassword").value = "Password"; } } </script> <?php }?> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-9218136-12']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script>Now the update function that's called:
<?php for ($x=1; $x<=$_POST['hidTotalCartItems']; $x++) { $tempCartQty = "selQty".$x; $newCartQty = @$_POST[$tempCartQty]; $tempCartItemId = "hidCartRowId".$x; $cartItemId = @$_POST[$tempCartItemId]; $tempCartItemPrice = 'hidCartPrice'.$x; $cartItemPrice = @$_POST[$tempCartItemPrice]; mysql_select_db($database_conDB, $conDB); $query_rsUpdateCartLine = sprintf("SELECT * FROM tabCart WHERE Id = %s", $cartItemId); $rsUpdateCartLine = mysql_query($query_rsUpdateCartLine, $conDB) or die(mysql_error()); $row_rsUpdateCartLine = mysql_fetch_assoc($rsUpdateCartLine); $totalRows_rsUpdateCartLine = mysql_num_rows($rsUpdateCartLine); if ($newCartQty>0) { $newCartItemPrice = $newCartQty * $cartItemPrice; $updateSQL = sprintf("UPDATE tabCart SET cartQty=%s, cartTotal=%s WHERE Id = %s", GetSQLValueString(@$newCartQty, "int"), GetSQLValueString(@$newCartItemPrice, "double"), GetSQLValueString($cartItemId, "int")); mysql_select_db($database_conDB, $conDB); $Result1 = mysql_query($updateSQL, $conDB) or die(mysql_error()); mysql_free_result($rsUpdateCartLine); } if ($newCartQty==0) { $deleteSQL = sprintf("DELETE FROM tabCart WHERE Id = %s", GetSQLValueString($cartItemId, "int")); mysql_select_db($database_conDB, $conDB); $Result1 = mysql_query($deleteSQL, $conDB) or die(mysql_error()); } } ?>Anyone got any ideas what I'm doing wrong? When the voucher quantity is changed and update button clicked, that's when the error occurs.
Possible SQL injection error?
in PHP Coding Help
Posted
2 different sections of code needed fixed for the cart to work correctly.
Firstly, the displaying of the cart was not selecting any of the items from the database that associated with the cart ID. It was re-written to select only the details needed to keep code to a minimum and also to be a lot cleaner with correct error debugging.
Secondly, the updating of the cart when the "Update" button was pressed. It was taking the long way around a short simple task, it was performing updates on items that hadn't changed quantities, it was re-written as follows:
- Quantities are changed to between 0-10 and update is submitted.
- Script checks to see which quantities have changed (if any).
- If there are changes to the quantities, the script selects which items have been changed.
- It then loops through all of the quantity changes and either removes the row (if the value is 0) or updates the row (i the values is 1 or more).