strikeforcefan Posted October 15, 2016 Share Posted October 15, 2016 hey guys I made this small website on my localhost using PHP,HTML,CSS,and mySQL anyway the website used to work perfect no problems but now for some reason I get all sorts of weird stuff going on with it,it used to print a name that was entered and also print the ip address but now for some reason it just prints loads of code on the website instead of the desired code heres the original page where the data is entered <?php ?> <html> <head> <style> body{ background-image: url("steel.jpg"); } #header{ background-color:black; width:100%; height:60px; color:yellow; text-align:center; position:relative; border-bottom:2px solid grey; } .one{ margin-bottom:20px; font-size:3em; } #left{ background-color:blue; width:30%; height:420px; float:left; } #content{ position:absolute; left:267px; background-color:yellow; width:40%; height:420px; } #right{ background-color:blue; width:30%; height:420px; float:right; background-image: url("blue.jpg"); } #footer{ background-color:black; width:100%; height:90px; clear:both; } .image{ float:left; margin-right:8px; margin-left:5px; border:2px solid black; } #content p{ margin:5px; } #left ul{ list-style:none; padding:0px; margin:0px; } #left li{ font-size:3em; display:block; margin-right:auto; margin-left:auto; color:red; } #left a{ color:red; } #footer p{ text-align:center; color:yellow; } #right iframe{ text-align:center; border:2px solid black; margin-top:50px; margin-left:20px; } #left ul li a{ text-decoration:none; background-color:grey; display:block; width:130px; padding:7px; margin:5px; border:3px solid black; text-align:center; margin-left:50px; margin-top:12px; font-size: 0.9em; } #left ul li a:hover{ background-color:black; } fieldset{ margin-top:60px; } .but{ margin-left:60px; } </style> </head> <body> <div id="header"> <h1 class="one"> This site </h1> </div> <div id="left"> <ul> <li><a href="">Home </li> </a> <li><a href="">Photos </li> </a> <li><a href="">Facts </li> </a> <li><a href="">Info </li> </a> <li><a href="">Misc</li> </a> </ul> </div> <div id="content"> <form action="message.php" method="GET"> <fieldset> <legend> Hello </legend> ID:<input type="text" name="id"> <br> Name:<input type="text" name="name"> <br> <input class="but" type="submit" name="submit"> <input class="but" type="reset" name="username"> </fieldset> </form> </div> <div id="right"> <iframe width="220" height="300" src="https://www.youtube.com/embed/kRbc4Ws0YJk?rel=0&controls=0&showinfo=0" frameborder="0" allowfullscreen></iframe> </div> <div id="footer"> <hr> <p> snakesnake@gmail.com </p> </div> </body> </html> and here is the code where it outputs the data which is the part that messes up for some reason I'm using xammp version 3.2.1 with apache and mySQL running <?php $name = $_GET['name']; $ipadd = $_SERVER['REMOTE_ADDR']; $id =$_GET['id']; define('DB_NAME','example'); define('DB_USER','root'); define('DB_PASSWORD', ''); define('DB_HOST','localhost'); $link = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD); if(!$link){ die('could not connect'); } $db_selected = mysql_select_db(DB_NAME,$link); if(!$db_selected){ die('could not connect'); } $sql = "INSERT INTO tableb (id,name) VALUES ('$id','$name')"; if(!mysql_query($sql)){ die('could not update database'); }else{ mysql_query($sql); } $randomquery = "SELECT * FROM tableb ORDER BY id ASC"; $result = mysql_query("SELECT * FROM tableb ORDER BY id ASC"); $res = mysql_result($result,3,"name"); while($rows = mysql_fetch_assoc($result)){ echo $rows['id'] . ' '. $rows['name']. '<br>'; } $to = 'y@hotmail.com'; $subject = 'sub'; $mes = 'bla bla bla bla bla blablabla bla bla blabla bla bla'; mail($to,$subject,$mes); if(mail($to,$subject,$mes)){ echo 'you sent a mail to me'; } ?> <html> <head> <style> body{ background-image: url("steel.jpg"); } #header{ background-color:black; width:100%; height:60px; color:yellow; text-align:center; position:relative; border-bottom:2px solid grey; } .one{ margin-bottom:20px; font-size:3em; } #left{ background-color:blue; width:30%; height:420px; float:left; } #content{ position:absolute; left:267px; background-color:yellow; width:40%; height:420px; } #right{ background-color:blue; width:30%; height:420px; float:right; background-image: url("blue.jpg"); } #footer{ background-color:black; width:100%; height:90px; clear:both; } .image{ float:left; margin-right:8px; margin-left:5px; border:2px solid black; } #content p{ margin:5px; } #left ul{ list-style:none; padding:0px; margin:0px; } #left li{ font-size:3em; display:block; margin-right:auto; margin-left:auto; color:red; } #left a{ color:red; } #footer p{ text-align:center; color:yellow; } #right iframe{ text-align:center; border:2px solid black; margin-top:50px; margin-left:20px; } #left ul li a{ text-decoration:none; background-color:grey; display:block; width:130px; padding:7px; margin:5px; border:3px solid black; text-align:center; margin-left:50px; margin-top:12px; font-size: 0.9em; } #left ul li a:hover{ background-color:black; } fieldset{ margin-top:60px; } .but{ margin-left:60px; } .heading{ margin-top:40px; display:block; text-align:center; color:red; } .heading2{ text-align:center; position : absolute; top: 170px; left: 100px; } .wrong{ color:red; margin-left:60px; margin-top:60px; } .again{ } .link{ text-decoration:none; color:black; font-size:0.9em; margin-left:38px; } .link:hover{ color:red; } </style> </head> <body> <div id="header"> <h1 class="one"> This site </h1> </div> <div id="left"> <ul> <li><a href="">Home </li> </a> <li><a href="">Photos </li> </a> <li><a href="">Facts </li> </a> <li><a href="">Info </li> </a> <li><a href="">Misc</li> </a> </ul> </div> <div id="content"> <?php if(!empty($_GET['name'])){ echo '<h3 class="heading">'. 'weclome to the site '. $name . '</h3>'; echo '<br>'; echo '<br>'; echo '<h4 class="heading2">' . 'your ip address is '. $ipadd . '</h4>'; } else{ echo '<h2 class="wrong">'. 'Name was not entered'. '<h2>'; echo '<p class="again">' . '<a class="link" href="another.php">' . 'please click here to re-enter'. '</a>'. '<p>'; } ?> </div> <div id="right"> <iframe width="220" height="300" src="https://www.youtube.com/embed/kRbc4Ws0YJk?rel=0&controls=0&showinfo=0" frameborder="0" allowfullscreen></iframe> </div> <div id="footer"> <hr> <p> snakesnake@gmail.com </p> </div> </body> </html> thanks guys. Quote Link to comment Share on other sites More sharing options...
benanamen Posted October 15, 2016 Share Posted October 15, 2016 (edited) You are using obsolete Mysql code and are vulnerable to an SQL Injection Attack. Update to PDO. https://phpdelusions.net/pdo Edited October 15, 2016 by benanamen Quote Link to comment Share on other sites More sharing options...
cyberRobot Posted October 17, 2016 Share Posted October 17, 2016 ...it just prints loads of code on the website instead of the desired code Could you provide more information about what "loads of code" means? Does it display actual PHP code? Does it output more content than you expect? If too much content, is there anything specific about the content that would provide a clue as to where the content comes from? Just to take a guess, did you mean to display every user ID and name here: $result = mysql_query("SELECT * FROM tableb ORDER BY id ASC"); $res = mysql_result($result,3,"name"); while($rows = mysql_fetch_assoc($result)){ echo $rows['id'] . ' '. $rows['name']. '<br>'; } Side notes: The INSERT query is executed twice here: $sql = "INSERT INTO tableb (id,name) VALUES ('$id','$name')"; if(!mysql_query($sql)) { die('could not update database'); } else { mysql_query($sql); } And you are sending the same email message twice here: mail($to,$subject,$mes); if(mail($to,$subject,$mes)) { echo 'you sent a mail to me'; } Quote Link to comment Share on other sites More sharing options...
ginerjm Posted October 17, 2016 Share Posted October 17, 2016 (edited) Please tell us that you didn't write this code. That way I feel that we could tell you to just dump it and start over and to stop copying code you find on the net. This code and the algorithm are ridiculous. 1 - you have mixed together php and html and css and made it impossible to read and follow. Learn to program by splitting these things out and doing your php at the start and your presentation at the end. 2 - stop using the DEPRECATED MySQL_* functions. That extension is done! 3 - Learn how a query process works. You begin this mess by doing an insert into tableb, then you test if it succeeded and immediately execute the same query over again. That one is sure to fail if you have any primary index. 4 - You follow #3 with another sign that this code is worthless. You do a query to select all records from tableb and then you pull ONE field from the third row and NOTHING ELSE! Why the h... did you pull all the records then? And what happens if you only have two rows at some point? PLUS - if you read the manual (where it says this is DEPRECATED) you will see a note that says not to mix MySQL_result with other result set functions, which is what you do right after this! 5 - Now you send out a mail using the less-than-perfect PHP mail() function. But you don't include any headers argument so I hope you have the php.ini file setup to handle the "from" address. To make matters worse you follow your mail call with ANOTHER MAIL CALL. Is that what you intend - to send the same message to the user twice? Forgive me for being so blunt. You are probably a newbie who has not programmed before. Let me tell you there are ways to learn and this is not the way until you have actually done some reading and learning on your own. That way you might have a chance at recognizing what the code you are copying is doing and avoid the really really bad examples such as this one. As I said - dump this code. Then layout what you are trying to accomplish in plain English and then write a script that does that. And remember to design your script so that you do the PHP code first and then execute the html/css/js code last. Edited October 17, 2016 by ginerjm Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.