Jump to content

PHP and Mysql Queryes


tbird

Recommended Posts

Hello guys,

I need a little help with some php and MySQL queries. I have one application made by someone from GitHub that I will like to modify a little for my needs. The aplications is a FIAS-PMS from pbxinaflash with witch you can checkin, checkout and set wakeup call for one extension. The goal is to create a different report for extension used by office and guests. For guests is working perfectly.

The code looks like this :


$dbconnection = mysql_connect($dbhost, $dbuser, $dbpass) or die("Database connection failed");
mysql_select_db($dbname) or die("data base Hotel-Rooms open failed");

$query = "SELECT `ID`, `Desc` FROM `Rooms` ORDER BY `Desc` ASC";
$result = mysql_query($query) or die ("Couldn't execute SQL query on Hotel-Users table.") ;
mysql_close($dbconnection);
echo " <SELECT ID=\"RoomsComboBox\" NAME=\"RoomsComboBox\">";
echo "<OPTION VALUE=\"ALL\" SELECTED> ".$SecLab22." </OPTION>";
while ($row = mysql_fetch_array($result)) {
echo "<OPTION VALUE=\"$row[0]\">" . $row[1] . "</OPTION>";
}
echo "</SELECT>";
echo "</TD>" ;
echo "<TD><INPUT TYPE=\"SUBMIT\" NAME=\"SearchButton\" VALUE=\"".$SecLab21."\"></TD>\n" ;
echo "</TR>\n" ;
echo "</TABLE></div>\n";
echo "</FORM>\n";

if(isset($_POST['SearchButton'])) :


echo

"<TABLE cellSpacing=0 cellPadding=0 width=900 border=0>\n" ;
echo "<TR><TD>Id</TD><TD>".$SecLab7."</TD><TD>".$SecLab14."</TD><TD>".$SecLab15."</TD><TD>".$SecLab17."</TD><TD>".$SecLab31."</TD><TD>".$SecLab1."</TD>" ;
$dbconnection 

= mysql_connect($dbhost, $dbuser, $dbpass) or die("Database connection failed");
mysql_select_db($dbname) or die("data base Hotel-Rates open failed");

$between = '';
$room = '';

$query = "SELECT * FROM `Users`";
$RoomsComboBox = $_POST['RoomsComboBox'];

$FROMD = $_POST['FROMD'] ;
$FROMM = $_POST['FROMM'] ;
$FROMY = $_POST['FROMY'] ;

$TOD = $_POST['TOD'] ;
$TOM = $_POST['TOM'] ;
$TOY = $_POST['TOY'] ;

if ($RoomsComboBox !== 'ALL') {
$room = " `Room` = '" . $RoomsComboBox . "'";
}

if ($FROMD !== '' AND $FROMM !== '' AND $FROMY !== '') {
$from = " `Checkout` >= '" . $FROMY . "-" . $FROMM . "-" . $FROMD . "'";
if ($TOD !== '' AND $TOM !== '' AND $TOY !== '') {
$to = " AND `Checkout` <= '" . $TOY . "-" . $TOM . "-" . $TOD . "'";
}
$between = $from . $to;
}


If ($between !== '' OR $room !== '') {
$query = $query . " WHERE" ;
}

If ($between !== '' AND $room !== '') {
$query = $query . $between . " AND" . $room;
}

If ($between !== '' AND $room == '') {
$query = $query . $between;
}

If ($between == '' AND $room !== '') {
$query = $query . $room;
}

$query = $query . " ORDER BY ID DESC";
//printf($query);


What I did : 
From : 
$query = "SELECT `ID`, `Desc` FROM `Rooms` ORDER BY `Desc` ASC" ;
to
$query = "SELECT `ID`, `Desc` FROM `Rooms` WHERE `Desc` = 'Frontoffice' OR `Desc` = 'Backoffice' OR `Desc` = 'Manager' ORDER BY `Desc` ASC" ;

from : 
$query = "SELECT * FROM `Users`";
to 
$query = "SELECT * FROM `Users` WHERE `Desc` = 'Frontoffice' OR `Desc` = 'Backoffice' OR `Desc` = 'Manager' " ;


Partial is working, I can see in the combobox only office extensions, i can search if i peek " all " from dropdown , but if i choose something else for exemple Frontoffice and click search the page is replaying with one error.

The date search is not working at all. I have to advice you guys, i don`t know php and MySQL just some very basics icon_smile.gif Please can someone help me with some syntaxs ? Thanks a lot.

Link to comment
Share on other sites

If you are going to copy code, at least copy code that is somewhat current.  The Mysql_* extension is deprecated.  Gone.  No longer in modern PHP.

 

Find a different script to copy.  Or write your own using mysqlI functions or better yet, the PDO extension.

 

And then - when you have a problem be a little more specific as to why it is not working.  And wrap your code in the proper forum-designated tags.  And maybe even get rid of the color highlighting?

Link to comment
Share on other sites

Well thanks for you time, but it didn`t help me at all.

 

His reply contained more useful information than any other resource you've learned/copypasted from so far. When you're completely new to a topic, it's a good idea to actually listen to those who know what they're talking about.

 

Whether you like to hear it or not, the code you've chosen is amateur crap which is at least 13 years out of date and hasn't been updated in the last 6 years. As soon as your hoster decides to update the PHP version (the 5.x branch has already reached the end of active support), the whole application will cease to function.

Link to comment
Share on other sites

Hello, 

Barand, in mysql log or php i don`t see any error log just in web page the site is replay`in with " mysql script error " . 

I missed a part of code : 

 

$query = $query . " ORDER BY ID DESC";

//printf($query);
 
$result = mysql_query($query) or die("Web site query failed");
mysql_close($dbconnection);
while ($row = mysql_fetch_array($result)) {
  echo "<TR><TD><FONT face=verdana,sans-serif>" . $row["ID"] . "</TD><TD>" . $row["Desc"]  . "</TD><TD>" .$row["Name"] ."</TD><TD>" . $row["Checkin"] . "</TD><TD>" . $row["Checkout"] . "</TD><TD>" . $row["Total"] . "</TD><TD><a href=\"ec.php?Ext=" .$row["Ext"] . "&Checkin=" . $row["Checkin"] . "&Checkout=" . $row["Checkout"] ."\">".$SecLab29."</a></TD></TR>\n" ;
}
echo "</TABLE>\n";
endif;

 

At the end .

 

Jacques is not a problem for me beause is old. Is running on my server and i`m not planning to change anything there. In the future who nows maybe i will learn php and i will can rewrite the code to be more secure and fully compatibile with php7. For the moment is running in LAN where i don`t see any security issue. 

 

Thanks

Link to comment
Share on other sites

I didn't even get to the topic of security. The point is that the code is broken on every single level and one of the worst possible choices you could have made.

 

If you simply accepted that half of the features will never work and the other half will randomly crash, sure, you could do that. But you're obviously here to get this stuff fixed, and I'm telling you that's hopeless.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.