Jump to content
tbird

PHP and Mysql Queryes

Recommended Posts

Hello guys,

I need a little help with some php and MySQL queries. I have one application made by someone from GitHub that I will like to modify a little for my needs. The aplications is a FIAS-PMS from pbxinaflash with witch you can checkin, checkout and set wakeup call for one extension. The goal is to create a different report for extension used by office and guests. For guests is working perfectly.

The code looks like this :


$dbconnection = mysql_connect($dbhost, $dbuser, $dbpass) or die("Database connection failed");
mysql_select_db($dbname) or die("data base Hotel-Rooms open failed");

$query = "SELECT `ID`, `Desc` FROM `Rooms` ORDER BY `Desc` ASC";
$result = mysql_query($query) or die ("Couldn't execute SQL query on Hotel-Users table.") ;
mysql_close($dbconnection);
echo " <SELECT ID=\"RoomsComboBox\" NAME=\"RoomsComboBox\">";
echo "<OPTION VALUE=\"ALL\" SELECTED> ".$SecLab22." </OPTION>";
while ($row = mysql_fetch_array($result)) {
echo "<OPTION VALUE=\"$row[0]\">" . $row[1] . "</OPTION>";
}
echo "</SELECT>";
echo "</TD>" ;
echo "<TD><INPUT TYPE=\"SUBMIT\" NAME=\"SearchButton\" VALUE=\"".$SecLab21."\"></TD>\n" ;
echo "</TR>\n" ;
echo "</TABLE></div>\n";
echo "</FORM>\n";

if(isset($_POST['SearchButton'])) :


echo

"<TABLE cellSpacing=0 cellPadding=0 width=900 border=0>\n" ;
echo "<TR><TD>Id</TD><TD>".$SecLab7."</TD><TD>".$SecLab14."</TD><TD>".$SecLab15."</TD><TD>".$SecLab17."</TD><TD>".$SecLab31."</TD><TD>".$SecLab1."</TD>" ;
$dbconnection 

= mysql_connect($dbhost, $dbuser, $dbpass) or die("Database connection failed");
mysql_select_db($dbname) or die("data base Hotel-Rates open failed");

$between = '';
$room = '';

$query = "SELECT * FROM `Users`";
$RoomsComboBox = $_POST['RoomsComboBox'];

$FROMD = $_POST['FROMD'] ;
$FROMM = $_POST['FROMM'] ;
$FROMY = $_POST['FROMY'] ;

$TOD = $_POST['TOD'] ;
$TOM = $_POST['TOM'] ;
$TOY = $_POST['TOY'] ;

if ($RoomsComboBox !== 'ALL') {
$room = " `Room` = '" . $RoomsComboBox . "'";
}

if ($FROMD !== '' AND $FROMM !== '' AND $FROMY !== '') {
$from = " `Checkout` >= '" . $FROMY . "-" . $FROMM . "-" . $FROMD . "'";
if ($TOD !== '' AND $TOM !== '' AND $TOY !== '') {
$to = " AND `Checkout` <= '" . $TOY . "-" . $TOM . "-" . $TOD . "'";
}
$between = $from . $to;
}


If ($between !== '' OR $room !== '') {
$query = $query . " WHERE" ;
}

If ($between !== '' AND $room !== '') {
$query = $query . $between . " AND" . $room;
}

If ($between !== '' AND $room == '') {
$query = $query . $between;
}

If ($between == '' AND $room !== '') {
$query = $query . $room;
}

$query = $query . " ORDER BY ID DESC";
//printf($query);


What I did : 
From : 
$query = "SELECT `ID`, `Desc` FROM `Rooms` ORDER BY `Desc` ASC" ;
to
$query = "SELECT `ID`, `Desc` FROM `Rooms` WHERE `Desc` = 'Frontoffice' OR `Desc` = 'Backoffice' OR `Desc` = 'Manager' ORDER BY `Desc` ASC" ;

from : 
$query = "SELECT * FROM `Users`";
to 
$query = "SELECT * FROM `Users` WHERE `Desc` = 'Frontoffice' OR `Desc` = 'Backoffice' OR `Desc` = 'Manager' " ;


Partial is working, I can see in the combobox only office extensions, i can search if i peek " all " from dropdown , but if i choose something else for exemple Frontoffice and click search the page is replaying with one error.

The date search is not working at all. I have to advice you guys, i don`t know php and MySQL just some very basics icon_smile.gif Please can someone help me with some syntaxs ? Thanks a lot.

Share this post


Link to post
Share on other sites

If you are going to copy code, at least copy code that is somewhat current.  The Mysql_* extension is deprecated.  Gone.  No longer in modern PHP.

 

Find a different script to copy.  Or write your own using mysqlI functions or better yet, the PDO extension.

 

And then - when you have a problem be a little more specific as to why it is not working.  And wrap your code in the proper forum-designated tags.  And maybe even get rid of the color highlighting?

Share this post


Link to post
Share on other sites

Well thanks for you time, but it didn`t help me at all.  If you do not want to help or you don`t know, why did you post ? 

Share this post


Link to post
Share on other sites

Date search is not working at all

Can you please define "not working". If you try a date search and echo $query, what does it show?

Edited by Barand

Share this post


Link to post
Share on other sites

Well thanks for you time, but it didn`t help me at all.

 

His reply contained more useful information than any other resource you've learned/copypasted from so far. When you're completely new to a topic, it's a good idea to actually listen to those who know what they're talking about.

 

Whether you like to hear it or not, the code you've chosen is amateur crap which is at least 13 years out of date and hasn't been updated in the last 6 years. As soon as your hoster decides to update the PHP version (the 5.x branch has already reached the end of active support), the whole application will cease to function.

Share this post


Link to post
Share on other sites

Hello, 

Barand, in mysql log or php i don`t see any error log just in web page the site is replay`in with " mysql script error " . 

I missed a part of code : 

 

$query = $query . " ORDER BY ID DESC";

//printf($query);
 
$result = mysql_query($query) or die("Web site query failed");
mysql_close($dbconnection);
while ($row = mysql_fetch_array($result)) {
  echo "<TR><TD><FONT face=verdana,sans-serif>" . $row["ID"] . "</TD><TD>" . $row["Desc"]  . "</TD><TD>" .$row["Name"] ."</TD><TD>" . $row["Checkin"] . "</TD><TD>" . $row["Checkout"] . "</TD><TD>" . $row["Total"] . "</TD><TD><a href=\"ec.php?Ext=" .$row["Ext"] . "&Checkin=" . $row["Checkin"] . "&Checkout=" . $row["Checkout"] ."\">".$SecLab29."</a></TD></TR>\n" ;
}
echo "</TABLE>\n";
endif;

 

At the end .

 

Jacques is not a problem for me beause is old. Is running on my server and i`m not planning to change anything there. In the future who nows maybe i will learn php and i will can rewrite the code to be more secure and fully compatibile with php7. For the moment is running in LAN where i don`t see any security issue. 

 

Thanks

Share this post


Link to post
Share on other sites

I didn't even get to the topic of security. The point is that the code is broken on every single level and one of the worst possible choices you could have made.

 

If you simply accepted that half of the features will never work and the other half will randomly crash, sure, you could do that. But you're obviously here to get this stuff fixed, and I'm telling you that's hopeless.

Share this post


Link to post
Share on other sites

If you try a date search and echo $query, what does it show?

Had I been able to see the query you were submitting then I might have been able to help you. As you can't be bothered to provide the requested information then I'll leave you to it. Good luck.

Share this post


Link to post
Share on other sites

With this attitude, you will not get anyware.  I found the solution,  don`t need help anymore. 
Moderatos please close this topic and also delete my account ! 

Have a nice day. 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.