Jump to content

recoding website because of update from php 5 to php 7


arnoldg

Recommended Posts

Hi guys, 

 

need some help, we have a database driven website, (aprox 12+ years old) which is written in php and make use of mysql

no i need to alter the code so it would work with php 7.2, this because we need to install this new php version because of a software update on one of the other sites.

i can't get it right, where to start or how to do. 

i searched the internet but can't get it right. 

 

here are some code snipes.

 

index. php

require_once('connect.php');
require_once('taal.php');
require_once('dierview.php');
require_once('pagina.php');
require_once('logincheck.php');
require_once('log.php');
require_once('front.php');
require_once('fotowijzig.php');
require_once('dierform.php');
require_once('savedier.php');

after requierd_once('taal.php') i should see on my screen "test taal", but it isn't i'm confused. 

 

connect.php <= seems to work, becaus echo says so 

<?php
require_once "config.php"; //includes configuration information
$link = mysqli_connect($host,$username,$password,$database);
//mysqli_query($link,$con, $database)); 

if (!$link){
    echo "Error: " . mysqli_connect_error();
  exit();
}
echo 'Connected to MySQL';
?>

 

taal.php <= this isn't working

<?php
require_once('connect.php');
echo "test taal";
function taal($hash, $taal)
{
echo "test taal2";
$query = 'SELECT $taal from taaltabel WHERE hash = '$hash' LIMIT 1';
$result = mysqli_query($link, $query);
$row = mysqli_fetch_row($result);
return stripslashes($row[0]);

}

?>

 

 

Link to comment
Share on other sites

i know, this is code writen by some else, and it is not the whole code. 

the index file is prety large, 

 

entire index file.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
            "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Nederlands en Belgisch ZeewaterDatabase</title>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<LINK REL= "STYLESHEET" HREF = "/database/style/style.css" TYPE = "text/css">
</head>
<body Style = "background-color: #ffffff">

<script language="JavaScript">
<!--

function getItemMain(id)
    {
        var itm = false;
        if(parent.document.getElementById)
            itm = parent.document.getElementById(id);
        else if(parent.document.all)
            itm = parent.document.all[id];
        else if(parent.document.layers)
            itm = parent.document.layers[id];

        return itm;
    }






function confirm_delete_message(ID,url) {
   if(confirm("Weet je zeker dat je dit wil verwijderen?")) {
    form = getItemMain(ID);
        if(form)
        {
            form.action = url;
            form.submit();
        }
   }
}


//-->
</script>

<table width = "100%">
<tr>
<td>
<table border="0" width="100%" cellpadding="0" cellspacing="0" align="center">
<tr>
<?php

	if(isset($_GET['taal']) && $_GET['taal']=='eng'){
		echo "<td align=\"left\"><div align=\"center\"><a href=\"index.php?\"><img src=\"images/misc/bg2.jpg\" border=\"0\" alt=\"Nederlands en Belgisch Zeewater Database\" /></a></td>";
	}
	else {
	echo "<td align=\"left\"><div align=\"center\"><a href=\"index.php?\"><img src=\"images/misc/bg2.jpg\" border=\"0\" alt=\"Nederlands en Belgisch Zeewater Database\" /></a></td>";
  }
?>

</tr>
<tr>

<table class="tborder" cellpadding="0" cellspacing="0" border="0" width="100%" align="center">
<tr class="tborder" valign="bottom">
<table class="tborder" cellpadding="0" cellspacing="0" border="0" width="100%" align="center">
<td class="alt1" align = "left" width = "100%">
<a href="#" onclick="history.back(1)"><img src="images/misc/navbits_start.gif" alt="Ga Terug" border="0"></a>
<span class="navbar"><a href="index.php?" accesskey="1">Nederlands  en Belgisch Zeewater Database</a></span>

<?php
error_reporting(E_ALL & ~E_NOTICE);
//als de taal is meegegeven, deze gebruiken, anders nederlands instellen
if(isset($_GET['taal'])){
  $taal = addslashes($_GET['taal']);
}
else{
  $taal = "ned";
}

require_once('connect.php');
require_once('taal.php');
require_once('dierview.php');
require_once('pagina.php');
require_once('logincheck.php');
require_once('log.php');
require_once('front.php');
require_once('fotowijzig.php');
require_once('dierform.php');
require_once('savedier.php');



if ($user){

}else{
	echo " </td></tr></table></br></br>";
	Echo "U dient eerst middels het zeewaterforum in te loggen</br>";
	echo "<a href='http://www.zeewaterforum.info'>www.zeewaterforum.info</a>";
	exit();
}




if(isset($_POST['groep'])){
$groep = $_POST['groep'];
}
//url samenstellen om te loggen

$url = "./database/index.php?taal=$taal";
        if(isset($_GET['startat'])){
          $url = $url."&startat=".$_GET['startat'];
        }
       if(isset($_GET['GroepID'])){
          $url = $url."&GroepID=".$_GET['GroepID'];
        }
        if(isset($_GET['HoofdgroepID'])){
          $url = $url."&HoofdgroepID=".$_GET['HoofdgroepID'];
        }
        if(isset($_GET['DierID'])){
          $url = $url."&DierID=".$_GET['DierID'];
        }
	if(isset($_GET['action'])){
          $url = $url."&action=".$_GET['action'];
        }
        if(isset($_POST['zoekstring'])){
          $url = $url."&zoekstring=".addslashes($_POST['zoekstring']);
        }
	else{
          if(isset($_GET['zoekstring'])){
             $url = $url."&zoekstring=".addslashes($_GET['zoekstring']);
          }
        }
          if(isset($_POST['groep'])){
$url = $url. "&groep=";
$first = 0;
foreach($groep as $groepnum)
{
	if($first == 1){
	$url = $url. ",";
	}
	else{
		$first = 1;
	}
	$url = $url. "{$groepnum}";
}

}
else{
  if(isset($_GET['groep'])){
     $url = $url. "&groep=".addslashes($_GET['groep']);
  }
}

//loggen

//logit('4','bekijk',$user['userid'],$user['username'],$url);

//als hoofdgroepid is opgegeven, de naam opzoeken

if(isset($_GET['HoofdgroepID'])){
$HoofdgroepID = addslashes($_GET['HoofdgroepID']);
$query = "SELECT ".$taal."_omschrijving as naam FROM hoofdgroep where hoofdgroepid = '$HoofdgroepID'";
$result = mysqli_query($link,$query);
if(mysqli_num_rows($result) > 0){
$row = mysqli_fetch_array($result);

//als ook de groepid of dierid is geset, deze weergeven
if((isset($_GET['GroepID'])) || isset($_GET['DierID'])){
echo "<span class=\"navbar\">&gt; <a href=\"index.php?taal=$taal&HoofdgroepID=$HoofdgroepID\">".$row['naam']."</a></span>\n";
}
}
}

//als de groepid is opgegeven, de naam opzoeken
if(isset($_GET['GroepID'])){
$GroepID = addslashes($_GET['GroepID']);
$query = "SELECT ".$taal."_omschrijving as naam FROM groep where groepid = '$GroepID'";
$result = mysqli_query($link,$query);
if(mysqli_num_rows($result) > 0){
$row = mysqli_fetch_array($result);

//als dierid ook nog is geset, deze weergeven
if(isset($_GET['DierID'])){
echo "<span class=\"navbar\">&gt; <a href=\"index.php?taal=$taal&GroepID=$GroepID";
if(isset($_GET['HoofdgroepID'])){
$HoofdgroepID = addslashes($_GET['HoofdgroepID']);
echo "&HoofdgroepID=$HoofdgroepID";
}
echo "\">".$row['naam']."</a></span>";
}
}
}
?>
*3
</td>
</tr>
<tr>

<td class="alt1" style="font-size:10pt; padding-top:1px" >
<?php
if(isset($row)){
echo "<img class=\"inlineimg\" src=\"images/misc/navbits_finallink.gif\" border=\"0\" />\n";
}
?>
<strong>
<?php

//als dierid is opgegeven de naam weergeven
if(isset($_GET['DierID'])){
$DierID = addslashes($_GET['DierID']);
$query = "SELECT lat_naam, ".$taal."_naam as naam FROM dier WHERE dierid = '$DierID'";
$result = mysqli_query($link,$query);
if(mysqli_num_rows($result) > 0){
$row = mysqli_fetch_array($result);
echo "<i>".$row['lat_naam']."</i>";
if($row['naam'] != ""){
	echo " (".$row['naam'].")";
}
}
}
else{
//anders de groepid is opgegeven, deze weergeven
if(isset($_GET['GroepID'])){
$GroepID = addslashes($_GET['GroepID']);
$query = "SELECT ".$taal."_omschrijving as naam FROM groep where groepid = '$GroepID'";
$result = mysqli_query($link,$query);
if(mysqli_num_rows($result) > 0){
$row = mysqli_fetch_array($result);
echo $row['naam'];
}
}
else
{
//anders als de hoofdgroepis is opgegeven, deze weergeven
if(isset($_GET['HoofdgroepID'])){
$HoofdgroepID = addslashes($_GET['HoofdgroepID']);
$query = "SELECT ".$taal."_omschrijving as naam FROM hoofdgroep where hoofdgroepid = '$HoofdgroepID'";
$result = mysqli_query($link,$query);
if(mysqli_num_rows($result) > 0){
$row = mysqli_fetch_array($result);
echo $row['naam'];

}
}
}
}

?>
*1
</td>
		<td class="alt2" nowrap="nowrap" style="padding:0px" rowspan="2">
		<div class="smallfont">
			<strong>&nbsp;Welkom, <?php echo $user['username']; ?>&nbsp;</strong><br />

		    &nbsp;<br />
		</div>
		</td>

</td>
</tr>






</table>

<div align="center">
	<table class="tborder" cellpadding="0" cellspacing="0" border="0" width="100%" align="center" style="border-top-width:0px">
	<tr align="center">
<?php


//de hoofdgroepen opzoeken
$query = "SELECT hoofdgroepid, ".$taal."_omschrijving from hoofdgroep WHERE 1";
$result = mysqli_query($link, $query);
$aant = mysqli_num_rows($result);
//als de user een administrator is, link weergeven naar admingedeelte

$aant = $aant + 4;

if(isadmin($user)){
  $aant++;
  $bree = 100 / $aant;
  echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"admin/dierbeheer.php?\">Adminpagina</a></td>";

}

$bree = 100 / $aant;
  echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"http://www.zeewaterforum.info\">Zeewaterforum</a> </td>";


//alle hoofdgroepen weergeven
while($row = mysqli_fetch_row($result)){
$query = "SELECT COUNT(*) as num FROM dier LEFT JOIN groep ON groep.groepid = dier.groepid WHERE showdier = 1 AND groep.hoofdgroepid = '{$row[0]}'";
$num = mysqli_fetch_array(mysqli_query($link, $query));
  echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"index.php?taal=$taal&HoofdgroepID=$row[0]\">{$row[1]} ({$num['num']})</a></td>";
}
//link naar zoekscherm weergeven
echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"index.php?taal=$taal&action=zoek";
if(isset($_GET['GroepID'])){
echo "&GroepID=".$_GET['GroepID'];
}
if(isset($_GET['HoofdgroepID'])){
echo "&HoofdgroepID=".$_GET['HoofdgroepID'];
}
if(isset($_GET['DierID'])){
echo "&DierID=".$_GET['DierID'];
}
echo "\">".taal('zoek',$taal)."</a></td>";

//taal wijzigen link weergeven
echo "<td class=\"vbmenu_control\" width = \"{$bree}%\"><a href=\"index.php?taal=";
if($taal == ned){
echo "eng";
}
else{
echo "ned";
}
if(isset($_GET['GroepID'])){
echo "&GroepID=".$_GET['GroepID'];
}
if(isset($_GET['HoofdgroepID'])){
echo "&HoofdgroepID=".$_GET['HoofdgroepID'];
}
if(isset($_GET['DierID'])){
echo "&DierID=".$_GET['DierID'];
}
	if(isset($_GET['action'])){
          echo "&action=".$_GET['action'];
        }
        if(isset($_POST['zoekstring'])){
          echo "&zoekstring=".addslashes($_POST['zoekstring']);
        }
	else{
          if(isset($_GET['zoekstring'])){
             echo "&zoekstring=".addslashes($_GET['zoekstring']);
          }
        }
        if(isset($_POST['groep'])){
echo "&groep=";
$first = 0;
foreach($groep as $groepnum)
{
	if($first == 1){
	echo ",";
	}
	else{
		$first = 1;
	}
	echo "{$groepnum}";
}

}
else{
  if(isset($_GET['groep'])){
     echo "&groep=".addslashes($_GET['groep']);
  }
}
echo "\">".taal('switchtaal',$taal)."</a></td>";

//als user is ingelogd uitlog link weergeven
echo "</tr>";
echo "</table>";
echo "</div>";
echo "<br/>";

function geefdierenweer($result, $taal, $aantalweergeven, $width, $user, $groep){

  $aantal = mysqli_num_rows($result);
  if(isset($_GET['startat'])){
    $st = addslashes($_GET['startat']);
    if($st<$aantal){
      mysqli_data_seek($result,$st);
    }
  }
  $aantalweergegeven = 0;
  echo "<table width = \"$width\" align = \"right\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\">";
  pagina($taal, $aantal, $aantalweergeven, $st, 'top', $groep);
  echo "<tr><td>";

    echo "<table class=\"tborder\" cellpadding=\"6\" cellspacing=\"1\" border=\"0\" width = \"100%\" align=\"right\">\n";
    echo "<thead>";
    echo "\t<tr align=\"center\">\n";
    echo "\t\t<td class=\"thead\" >";
echo "<a href=\"index.php?taal=$taal&orderby=lat_naam";
if(isset($_GET['GroepID'])){
echo "&GroepID=".$_GET['GroepID'];
}
if(isset($_GET['HoofdgroepID'])){
echo "&HoofdgroepID=".$_GET['HoofdgroepID'];
}
if(isset($_GET['DierID'])){
echo "&DierID=".$_GET['DierID'];
}
if(isset($_GET['action'])){
echo "&action=".$_GET['action'];
}
if(isset($_POST['zoekstring'])){
echo "&zoekstring=".addslashes($_POST['zoekstring']);
}
else{
  if(isset($_GET['zoekstring'])){
     echo "&zoekstring=".addslashes($_GET['zoekstring']);
  }
}
if(isset($_POST['groep'])){
echo "&groep=";
$first = 0;
foreach($groep as $groepnum)
{
	if($first == 1){
	echo ",";
	}
	else{
		$first = 1;
	}
	echo "{$groepnum}";
}

}
else{
  if(isset($_GET['groep'])){
     echo "&groep=".addslashes($_GET['groep']);
  }
}

if(isset($_GET['orderby'])){
  $orderby = $_GET['orderby'];
  if($orderby == "lat_naam"){
    if(isset($_GET['richting'])){
      $richting = $_GET['richting'];
      if($richting != 'desc'){
        echo "&richting=desc";
      }
    }
    else{
      echo "&richting=desc";
    }
  }
}
 else{
      echo "&richting=desc";
    }
echo "\">".taal('latdiernaam',$taal)."</a>";



"</td>\n";
    echo "\t\t<td class=\"thead\" >";
echo "<a href=\"index.php?taal=$taal&orderby=naam";
if(isset($_GET['GroepID'])){
echo "&GroepID=".$_GET['GroepID'];
}
if(isset($_GET['HoofdgroepID'])){
echo "&HoofdgroepID=".$_GET['HoofdgroepID'];
}
if(isset($_GET['DierID'])){
echo "&DierID=".$_GET['DierID'];
}
if(isset($_GET['action'])){
echo "&action=".$_GET['action'];
}
if(isset($_POST['zoekstring'])){
echo "&zoekstring=".addslashes($_POST['zoekstring']);
}
else{
  if(isset($_GET['zoekstring'])){
     echo "&zoekstring=".addslashes($_GET['zoekstring']);
  }
}
if(isset($_POST['groep'])){

echo "&groep=";
$first = 0;

foreach($groep as $groepnum)
{
	if($first == 1){
	echo ",";
	}
	else{
		$first = 1;
	}
	echo "{$groepnum}";
}

}
else{
  if(isset($_GET['groep'])){
     echo "&groep=".addslashes($_GET['groep']);
  }
}

if(isset($_GET['orderby'])){
  $orderby = $_GET['orderby'];
  if($orderby == "naam"){
    if(isset($_GET['richting'])){
      $richting = $_GET['richting'];
      if($richting != 'desc'){
        echo "&richting=desc";
      }
    }
    else{
      echo "&richting=desc";
    }
  }
}
echo "\">".taal('diernaam',$taal)."</a>";

echo "</td>\n";
    echo "\t\t<td class=\"thead\" >&nbsp;</td>\n";
    if(isadmin($user)){
      echo "\t\t<td class=\"thead\" >Admin:</td>\n";
    }
    echo "\t</tr>";
    echo "</thead>";
      if (mysqli_num_rows($result) > 0)
  {
    while (($row = mysqli_fetch_row($result)) && $aantalweergegeven < $aantalweergeven) {
      $linkstring = "index.php?DierID=$row[0]&taal=$taal";
      if(isset($_GET['GroepID'])){
        $linkstring = $linkstring . "&GroepID=".$_GET['GroepID'];
      }
      if(isset($_GET['HoofdgroepID'])){
        $linkstring = $linkstring . "&HoofdgroepID=".$_GET['HoofdgroepID'];
      }
      if(isset($_GET['DierID'])){
        $linkstring = $linkstring . "&DierID=".$_GET['DierID'];
      }
      echo "\t<tr align=\"left\">\n";
      echo "\t\t<td class=\"alt1\" width = \"50%\">";
      echo "<a href = \"$linkstring\">".$row[1]."</a>";
      echo "</td>\n";
      echo "\t\t<td class=\"alt2\" width = \"50%\">";
      echo "<a href = \"$linkstring\">".$row[2]."</a>";
      echo "</td>\n";
      echo "\t\t<td class=\"alt1\"align =\"center\"  width =\"90\" border = \"0\">\n";

      echo "<a href = \"$linkstring\">";
      $query = "SELECT fotoid FROM foto WHERE dierid = '$row[0]' ORDER BY hoofd DESC LIMIT 1";
      $fotores = mysqli_query($link,$query);
      if (mysqli_num_rows($fotores) > 0){
        $rrow = mysqli_fetch_array($fotores);
        echo "<img src=\"./plaatjes/klein/{$row[0]}_{$rrow['fotoid']}.jpeg\" width=\"80\" height=\"60\">";
      }
      else{
      	echo taal('geenplaatje',$taal);
      }
      echo "</a>";
      echo "\t\t</td>";
      if(isadmin($user)){
      echo "\t\t<td class=\"alt2\"align =\"center\"  width =\"80\" border = \"0\">\n";
      echo "\t\t<FORM ACTION = \"./admin/dierwijzig.php?redirect=".urlencode($_SERVER['REQUEST_URI'])."\" METHOD = \"post\">\n";
      echo "\t\t<INPUT TYPE = HIDDEN NAME = \"DierID\" VALUE = \"$row[0]\">\n";
      echo "\t\t<INPUT TYPE = HIDDEN NAME = \"wijzig\" VALUE = \"wijzig\" ID = \"wijzig\">\n";
      echo "\t\t<INPUT TYPE = \"image\" src = \"/database/images/buttons/quickreply.gif\" alt = \"wijzigen\" VALUE = \"Wijzig\" NAME = \"wijzig\">\n";
      echo "\t\t</FORM>\n";
  echo "\t\t<FORM ACTION = \"./admin/fotowijzig.php?redirect=".urlencode($_SERVER['REQUEST_URI'])."\" METHOD = \"post\">\n";
     echo "\t\t<INPUT TYPE = HIDDEN NAME = \"DierID\" VALUE = \"$row[0]\">\n";
     echo "\t\t<INPUT TYPE = \"image\" src = \"/database/images/buttons/gallery.gif\" alt = \"foto\" VALUE = \"Wijzig\" NAME = \"foto\">\n";
     echo "\t\t</FORM>\n";

      echo "\t\t<FORM ACTION = \"JavaScript:confirm_delete_message('delete$row[0]','./admin/dierbeheer.php?')\" METHOD = \"post\" ID = \"delete$row[0]\">\n";
      echo "\t\t<INPUT TYPE = HIDDEN NAME = \"DierID\" VALUE = \"$row[0]\">\n";
      echo "\t\t<INPUT TYPE = HIDDEN NAME = \"delete\" VALUE = \"delete\" ID = \"delete\">\n";
      echo "\t\t<INPUT TYPE = \"image\" src = \"/database/images/buttons/zquickdelete.gif\" alt = \"verwijderen\" VALUE = \"Verwijder\" NAME = \"del\">\n";
      echo "\t\t</FORM>\n";
     }
      echo "\t\t</td>\n";
      echo "\t</tr>\n";
      $aantalweergegeven++;
    }
      }

    echo "</table>";
    echo "</td></tr>";
    pagina($taal, $aantal, $aantalweergeven, $st, 'bottom', $groep);
    echo "</table>";
}



//wanneer action is geset
if(isset($_GET['action'])){
$action = addslashes($_GET['action']);

if($action == "foto"){
        if($user['userid']==-1){
            echo "<table  align=\"center\" class=\"tborder\" cellpadding=\"6\" cellspacing=\"0\" border=\"0\">";
            echo "<thead>";
            echo "\t<tr align=\"center\">\n";
            echo "\t\t<td class=\"thead\" colspan = \"2\">".taal('uploadfoto',$taal)." </td>\n";
            echo "\t</tr>";
            echo "</thead>";
            echo "<tr><td class=\"alt1\" colspan = \"2\">";

            echo taal('loginfoto',$taal);
            echo "</td></tr>";
            echo "</table>";
        }
        else{
          fotoupload($user['userid'], $taal);
        }

}

//Als action zoek is, zoekscherm weergeven
if($action == "zoek"){
	echo "<table  align=\"center\" class=\"tborder\" cellpadding=\"6\" cellspacing=\"0\" border=\"0\">";
	echo "<thead>";
	echo "\t<tr align=\"center\">\n";
	echo "\t\t<td class=\"thead\" colspan = \"2\">".taal('zoek',$taal)." </td>\n";
	echo "\t</tr>";
	echo "</thead>";
	echo "<tr><td class=\"alt1\" colspan = \"2\">";
	echo "<form method=\"post\" action=\"index.php?taal=$taal&action=vind\">\n";
	echo taal('zoeks',$taal)."<br/>";
	echo "<input type=\"text\" size=\"50\" name=\"zoekstring\"><br>\n";
	echo "<input type=\"submit\" value=\"".taal('zoek',$taal)."\" name=\"Zoek\">\n";
	echo "</tr></td>";
	$query = "SELECT hoofdgroepid, {$taal}_omschrijving as naam FROM hoofdgroep WHERE 1";
	$result = mysqli_query($link,$query);
	if(mysqli_num_rows($result)>0){
		while($rij = mysqli_fetch_array($result)){
			echo "<tr><td class=\"alt1\">";
			echo "<input type = \"checkbox\" checked name = \"hoofdgroep\" id = \"hg{$rij['hoofdgroepid']}\" onClick = \"checkgroep{$rij['hoofdgroepid']}();\" value = \"{$rij['hoofdgroepid']}\">".$rij['naam'];
			echo "</td><td class=\"alt1\">";
			$query = "SELECT groepid, {$taal}_omschrijving as naam FROM groep WHERE hoofdgroepid = \"{$rij['hoofdgroepid']}\"";
	        $groepresult = mysqli_query($link,$query);
	        $functie = "\n<script language=\"JavaScript\"> \n<!--\nfunction checkgroep{$rij['hoofdgroepid']}() {\nhoofdgroep = getItemMain(\"hg{$rij['hoofdgroepid']}\");\n";
	        if(mysqli_num_rows($groepresult)>0){
		        while($groeprij = mysqli_fetch_array($groepresult)){
		        	$functie = $functie . "groep = getItemMain(\"gr{$groeprij['groepid']}\"); \ngroep.checked = hoofdgroep.checked;\n";
			         echo "<input type = \"checkbox\" checked name = \"groep[]\" id = \"gr{$groeprij['groepid']}\" value = \"{$groeprij['groepid']}\">".$groeprij['naam']."<br />";
		        }
	        }
			$functie = $functie . "} \n//--></script>\n";
			echo $functie;
			echo "</td></tr>";
		}
	}

	echo "</form>\n";

	echo "</td></tr>";
	echo "</table>";
}
//Als action vind is uitkomst weergeven.
if($action == "vind"){
	if(isset($_GET['groep'])){
		$groep = explode(',',$_GET['groep']);
	}
  	if(isset($_POST['zoekstring'])){
    	$zoekst = explode(" ",addslashes($_POST['zoekstring']));
  	}
  	if(isset($_GET['zoekstring'])){
    	$zoekst = explode(" ",addslashes($_GET['zoekstring']));
  	}
  	if($_POST['zoekstring'] != "" || $_GET['zoekstring'] != "" ){
	    $query = "SELECT dierid, lat_naam, ".$taal."_naam FROM dier
	    WHERE showdier = '1' AND (0";

	    foreach($groep as $groepnum){
			$query = $query. " OR groepid = '{$groepnum}'";
		}
		foreach ($zoekst as $zoekstring){
		    $query = $query . ") AND (0";

		    $query = $query . " OR INSTR(LCASE(lat_naam),LCASE('$zoekstring')) ";

		    $query = $query . " OR INSTR(LCASE({$taal}_naam),LCASE('$zoekstring')) ";

		    $query = $query . " OR INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')) ";

		    $query = $query . " OR INSTR(LCASE({$taal}_geslachtond),LCASE('$zoekstring')) ";

		    $query = $query . " OR INSTR(LCASE(ontdekker),LCASE('$zoekstring')) ";

		    $query = $query . " OR INSTR(LCASE(synoniem),LCASE('$zoekstring')) ";

	//	    $query = $query . " OR EXISTS (SELECT * FROM kleurdierrel LEFT JOIN kleur ON kleurdierrel.kleurid = kleur.kleurid WHERE dier.dierid = kleurdierrel.dierid AND INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')));";

	//	    $query = $query . " OR EXISTS (SELECT * FROM voerdierrel LEFT JOIN voer ON voerdierrel.voerid = voer.voerid WHERE dier.dierid = voerdierrel.dierid AND INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')));";

		//    $query = $query . " OR EXISTS (SELECT * FROM gebdierrel LEFT JOIN gebied ON gebdierrel.gebiedid = gebied.gebiedid WHERE dier.dierid = gebdierrel.dierid AND INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')));";

		//    $query = $query . " OR EXISTS (SELECT * FROM plaagdierrel LEFT JOIN plaag ON plaagdierrel.plaagid = plaag.plaagid WHERE dier.dierid = plaagdierrel.dierid AND INSTR(LCASE({$taal}_omschrijving),LCASE('$zoekstring')));";

		}
		$query = $query . ")";







	    if(isset($_GET['orderby'])){
		$orderby = $_GET['orderby'];
	        if($orderby == "lat_naam"){
		    $query = $query . " ORDER BY 'lat_naam'";
	        }

	        if($orderby == "naam"){
		    $query = $query . " ORDER BY '".$taal."_naam'";
	        }
			if(isset($_GET['richting']) &&($orderby == "lat_naam"||$orderby == "naam")){
			$richting = $_GET['richting'];
		        if($richting == 'desc'){
		            $query = $query . " DESC";
		        }
		    }
	    }
	    else{
			$query = $query . " ORDER BY 'Lat_naam'";
	    }



	    $result = mysqli_query($link,$query) or die('Query failed: ' . mysqli_error());



	    geefdierenweer($result, $taal, $aantalweergeven, '100%', $user, $groep);
  	}
	}
	if($action == "nieuwdier"){
           form($taal);
	}
	if($action == "postdier"){
		savedier();
		echo "<h1 align = \"center\">".taal('dankdier',$taal)."</h1>";
	}

}
else{
if(isset($_GET['HoofdgroepID']) || isset($_GET['DierID'])){
	if(isset($_GET['HoofdgroepID'])){
$HoofdgroepID = addslashes($_GET['HoofdgroepID']);
	}
	else{
		$query = "SELECT hoofdgroepid FROM dier LEFT JOIN groep ON dier.groepid = groep.groepid WHERE dierid = {$_GET['DierID']}";
		$result = mysqli_query($link,$query);

		if($row = mysqli_fetch_array($result)){
				$HoofdgroepID = $row['hoofdgroepid'];
		}
	}
	if(isset($HoofdgroepID)){
$query = "SELECT groepid, ".$taal."_omschrijving from groep WHERE hoofdgroepid = $HoofdgroepID ORDER BY ".$taal."_omschrijving";
$result = mysqli_query($link,$query);
echo  "<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" width = \"100%\" align=\"center\"><tr valign = \"top\"><td width = \"15%\">";
echo "<table width=\"100%\" align=\"left\" class=\"tborder\" cellpadding=\"6\" cellspacing=\"1\" border=\"0\">";
echo "<thead>";
echo "\t<tr align=\"center\">\n";
echo "\t\t<td class=\"thead\" >".taal('groep',$taal)." </td>\n";
echo "\t</tr>";
echo "</thead>";
while($row = mysqli_fetch_row($result)){
  $query = "SELECT COUNT(*) as num FROM dier WHERE showdier = 1 AND groepid = '{$row[0]}'";
  $num = mysqli_fetch_array(mysqli_query($link,$query));
  echo "<tr><td class=\"alt1\"><a href=\"index.php?taal=$taal&HoofdgroepID=$HoofdgroepID&GroepID=$row[0]\">$row[1]({$num['num']})</a></td></tr>";
}

echo "</table></td><td>";

	}
}


//dier weergeven


if(isset($_GET['DierID'])){
$DierID = addslashes($_GET['DierID']);
echo "<table width = \"99%\" align = \"right\"  cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td>";
dierview($DierID, $taal, $user);
echo "</td></tr></table>";
}
else{
//lijst met dieren weergeven

if(isset($_GET['GroepID'])||isset($_GET['HoofdgroepID'])){
  if(isset($_GET['GroepID'])){
    $GroepID = addslashes($_GET['GroepID']);
    $query = "SELECT dierid, lat_naam, ".$taal."_naam FROM dier WHERE showdier = 1 AND groepid = '$GroepID'";


   }
   else{
  $HoofdgroepID = addslashes($_GET['HoofdgroepID']);
  $query = "SELECT dierid, lat_naam, ".$taal."_naam FROM dier LEFT JOIN groep ON dier.groepid = groep.groepid WHERE showdier = 1 AND hoofdgroepid = '$HoofdgroepID'";




}


    if(isset($_GET['orderby'])){
	$orderby = $_GET['orderby'];
        if($orderby == "lat_naam"){
	    $query = $query . " ORDER BY 'Lat_naam'";
        }

        if($orderby == "naam"){
	    $query = $query . " ORDER BY '".$taal."_naam'";
        }
	if(isset($_GET['richting']) &&($orderby == "lat_naam"||$orderby == "naam")){
	$richting = $_GET['richting'];
        if($richting == 'desc'){
            $query = $query . " DESC";
        }
    }
    }
    else{
	$query = $query . " ORDER BY 'lat_naam'";
    }



   $result = mysqli_query($link,$query) or die('Query failed: ' . mysqli_error());

geefdierenweer($result, $taal, $aantalweergeven, '99%', $user, $groep);
echo "</td></tr></table>";
}
}

}
if(!isset($_GET['GroepID']) && !isset($_GET['HoofdgroepID']) && !isset($_GET['DierID'])&& !isset($_GET['action'])){
	showfront($taal);
}

?>
</td>
</tr>
</table>
  <center>
  <table align = "center" width="100%" valign = "bottom">
  <tr align = "center"><td align = "center">
  <p><br>
  <font size="-1">&copy; zeewaterforum.info</font><font size="-2"><br>
  <?php echo taal('copyright',$taal); ?>
  </font>

  <br>
  </p>
  </td></tr></table></center>
</body>
</html>

 

Link to comment
Share on other sites

Leaving a site un-maintained for 12 years is not very responsible of your management team.  All computer code needs maintenance/updating over its lifetime.  That includes big iron and small alike, including web-based stuff.  Your code is so out of date you need to devote some talented, skillful programming staff to this app to bring it into the 21st century.

Link to comment
Share on other sites

the biggest out of date problem is the use (and misuse) of addslashes().

for values that are being supplied to an sql query statement, you need to instead use a prepared query and supply the values when the query is executed. the php PDO extension is much simpler to use, over the mysqli extension, especially when using prepared queries.

for the $taal value that is being used in the sql queries as part of a column name, you must validate that it contains only and exactly an expected value, since you cannot protect against sql injection in 'identifiers' by escaping the value and you cannot supply 'identifiers' using a prepared query place-holder.

for values that are being used to build URLs, addslashes() shouldn't even be used. these cases should use urlencode() or even better yet, use http_build_query(), which applies urlencode() for you, when building the query string part of URLs.

along with using prepared queries when supplying values to an sql query, you need to use exceptions to handle database statement (connection, query, prepare, execute) errors, and in most cases let php catch the exception, where it will use its error_reporting, display_errors, and log_errors settings to control what happens with the actual error information. this will give you consistent error handling through out the code, and let you eliminate any error handling logic you may have now. enabling exceptions for either the mysqli or PDO extension takes a single line of code, but is different between the two extensions, so you need to pin down which one you are going to use firstly.

as to not seeing any php error messages. you should have your development system set up with error_reporting set to E_ALL, display_errors set to ON, and output_buffering set to OFF, in the php.ini, and you should remove any lines of code setting these.

lastly, this code is filled with repetitive blocks that only differ in what value they use and with inefficient coding., which requires that you make changes and corrections in multiple places. going through and cleaning up the code before you try to update it, will reduce the overall amount of work.

two immediate things that can reduce the amount of code when building links are -

1) the code is using some/all of the existing get parameters, and adding/modifying one of them when building links. to do this, just get a copy of the current $_GET variable, assign or unset elements in this copy, then use http_build_query to produce the query string part of the URLs.

2) the code is building a comma separated list of posted groep values in the URL &groep= parameter. you can just implode the posted data. there's no need for all the code using a flag, a loop, and conditional logic, repeated in multiple places.

i would also recommend that you rearrange the code so that any post method form processing comes before the start of the html document and that the php 'business logic', that knows how to get/produce data needed to display the page, comes after the post method form processing code and before the start of the html document. the result from these two sections of code should be stored in php variables, with simple php code inside the html document using this data.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.