PHP Session Variable Not Passing with Header and Ob_Start Function - mysql

This is my code:
<?php
ob_start();
session_start();
include("index.php");
if (isset($_POST['user'],$_POST['pass'])):
$con=mysqli_connect("connect info");
if ( !$con ){
die('Could not connect to Database: '.mysqli_error());}
$pass=($_POST['pass']);
$query0 = "SELECT * FROM user WHERE username = '" . $_POST['user'] ."' AND password = '" . $pass . "'";
$resource0 = mysqli_query($con,$query0);
if(!$resource0):
die("Error conducting query. ".mysqli_error($con));
endif;
if(mysqli_num_rows($resource0) == 0){
echo "Username not find";
header("Location: /login.php");}
$result0 = mysqli_fetch_row($resource0);
$_SESSION['ID'] = $result0[0];
$_SESSION['userType'] = $result0[3];
if(!isset($_SESSION['ID'])):
//header("Location: ...");
else:
header("Location: ....");
endif;
else:
if(isset($_POST['from'])):
$_SESSION['from'] = $_POST['from'];
endif;
?>
<?php endif; ?>
This code takes a user's username and password information and stores and searching the database for the userID. Once is finds the information it stores in the session variable 'ID'.
PROBLEM: When the session 'ID' variable is passed to the next page it is not set. Surprisingly, this code without the ob_start function was working yesterday morning but wasn't working by the afternoon. I know it's not setting because two things: When I echo on the next page, nothing appears and because when I try to run a query with the session 'ID' variable I get a mysql error saying the query could not be conducted.
This is the code on the next page that is not working. At first I thought, it might be something wrong with my query because I was getting this error:
"Error conducting query. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"
But when I tried printing the session 'ID' variable nothing is printed.
<?php session_start;
// Create connection
$con=mysqli_connect(connect info....);
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query0 = "SELECT * FROM studentProfile WHERE sID = ".$_SESSION['ID'];
$resource0 = mysqli_query($con,$query0);
if(!$resource0):
echo $_SESSION['ID'];
die("Error conducting query. ".mysqli_error($con));
endif;
.......(rest of code)
Solutions Already Tried: I have tried them all...session_write_close(), session_regenerate_id(true), session_commit(), ob_end_flush(). I have tried initially setting the session variable on the home page but once the functions are performed in the session 'ID' variable is no longer set at all.
Please help! I have read all the forums I could find on this problem but nothing seems to work.

what you have written on the next page that your code is not working. Please provide me with detail.
try this on the page which you have directed by header location. May be your session can work.
<?php
include('config.php');
if(!isset($_SESSION['ID']))
{
header("Location: ../index.html");
}
else{
$user_id=$_SESSION['ID'][0];
$user_name=$_SESSION['ID'][1];
?>
and end the else part at the last of the page

Related

How do I reset a MySQL column in a table every year?

I have a column named lv_casual in a table called tbl_employees. I need to reset the column to 0 at a specific date every year.
You can use MySQL event schedule. Providing an example below.
You have to enable the schedular first
SET GLOBAL event_scheduler = ON;
Then create the event
CREATE EVENT your_event_name
ON SCHEDULE EVERY 1 YEAR
STARTS '2021-10-12 00:00:00'
DO
UPDATE table SET column=0;
Check MySQL document for creating event
You can use a cron job to run once per year at end of the year, create a script that will reset all the records on that column to 0.
/usr/local/bin/ea-php99 /home2/accounname/https://example.com/cron_execute_file
okay bro this how your execute file should look like cron_execute_file.php
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection to db
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE employees SET leaves='12' WHERE leaves >= 0";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
N/B: [#Shaido][1] and any dauche bag thinking of, Please stop editing my answers, just give your own answers, adding fullstops and grammar to my answers to gain budges is a lame thing note this is not a English grammar class. Stay away from my answers, give your own answers. Polite Notice failure to I'll send some visitors to you machines.
[1]: https://stackoverflow.com/users/7579547/shaido

How to solve sql error " product portfolio has diversified to encompass a highly successful multi-brand' at line 1"

I am kind of new one for mysql and php. a week ago this code worked perfectly and when now I am trying it shows this error message
Error : You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use
near 's product portfolio has diversified to encompass a highly
successful multi-brand' at line 1
I search how to solve that after spending a whole day, but couldn't figure it out.
I have tried similar questions here in stackoverflow, Yet I am stucked here.
A help would be really admired
Given below is my code
<?php
if(isset($_POST['upload']))
{ $company_name =$_POST['company_name'];
$service =$_POST['service'];
$email =$_POST['email'];
$password =$_POST['password'];
$details =$_POST['details'];
$fileName = $_FILES['Filename']['name'];
$fileName1 = $_FILES['Filename1']['name'];
$fileName2 = $_FILES['Filename2']['name'];
$fileName3 = $_FILES['Filename3']['name'];
$fileName4 = $_FILES['Filename4']['name'];
$target = "company_images/";
$fileTarget = $target.$fileName;
$fileTarget1 = $target.$fileName1;
$fileTarget2 = $target.$fileName2;
$fileTarget3 = $target.$fileName3;
$fileTarget4 = $target.$fileName4;
$tempFileName = $_FILES["Filename"]["tmp_name"];
$tempFileName1 = $_FILES["Filename1"]["tmp_name"];
$tempFileName2 = $_FILES["Filename2"]["tmp_name"];
$tempFileName3 = $_FILES["Filename3"]["tmp_name"];
$tempFileName4 = $_FILES["Filename4"]["tmp_name"];
$result = move_uploaded_file($tempFileName,$fileTarget);
$result1 = move_uploaded_file($tempFileName1,$fileTarget1);
$result2 = move_uploaded_file($tempFileName2,$fileTarget2);
$result3 = move_uploaded_file($tempFileName3,$fileTarget3);
$result4 = move_uploaded_file($tempFileName4,$fileTarget4);
$file = rand(1000,100000)."-".$_FILES['file']['name'];
$file_loc = $_FILES['file']['tmp_name'];
$file_size = $_FILES['file']['size'];
$file_type = $_FILES['file']['type'];
$folder="pdf_uploads/";
// new file size in KB
$new_size = $file_size/1024;
// new file size in KB
// make file name in lower case
$new_file_name = strtolower($file);
// make file name in lower case
$final_file=str_replace(' ','-',$new_file_name);//anthima
if(move_uploaded_file($file_loc,$folder.$final_file))
{
$query = "INSERT INTO company_details( company_name,service, email, password, details,image_path,file_name,image_path1,file_name1,image_path2,file_name2,image_path3,file_name3,file,type,size,image_path4,file_name4) VALUES ('$company_name','$service','$email','$password','$details','$fileTarget','$fileName','$fileTarget1','$fileName1','$fileTarget2','$fileName2','$fileTarget3','$fileName3','$final_file','$file_type','$new_size','$fileTarget4','$fileName4')";
$con->query($query) or die("Error : ".mysqli_error($con));
mysqli_close($con);
}
}
?>
<?php
Given below is the test data error
VALUES ('singer','Hardware','singer#gmail.com','singer','Singer has been in Sr' at line 1
Because you never sanitize anything and put the data straight into your query,
$company_name =$_POST['company_name'];
$service =$_POST['service'];
$email =$_POST['email'];
$password =$_POST['password'];
$details =$_POST['details'];
...
$query = "INSERT INTO
company_details( company_name,service, email, password, details,image_path,file_name,image_path1,file_name1,image_path2,file_name2,image_path3,file_name3,file,type,size,image_path4,file_name4)
VALUES (
'$company_name','$service','$email','$password','$details','$fileTarget','$fileName','$fileTarget1','$fileName1','$fileTarget2','$fileName2','$fileTarget3','$fileName3','$final_file','$file_type','$new_size','$fileTarget4','$fileName4'
)";
your problem is most likely in the data
's product portfolio has diversified to encompass a highly successful multi-brand
Maybe you have unscaped apostrophes in your data, so you're kinda SQL-injecting yourself. The query ends before the string shown in the error.
The solution is to escape special chars before inserting like in this question: How do I escape only single quotes?
In your case, start with the details
$details = addcslashes($_POST['details'], "'");
or
$details = addslashes($_POST['details']);
But keep adding test scenarios for your code. E.g. what happens if company name gets something like Mc'Donaldson? What is the set of chars you want to accept for each field? Then you will know how to validate those fields and create your functions (or reuse something)

mysql_affected_rows sometimes returns 0 instead of 1

I have a strange problem with php scripts - mysql_affected_rows() sometimes returns "0" for no reason.
There is a similar question #stackoverflow and answer to this question is:
MySQL only actually updates a row if there would be a noticeable difference before and after the updat.
But this is not my case. For example, if value before update is 1320402744 and value after update is 1320402944 mysql_affected_rows() anyway return "0". Is this difference not enough noticable?
Below are 3 files. As you can see, all files include file "functions.inc.php" which calls function "online()".
File "login.php" is working fine. It inserts a new row in "session" table correctly.
File "content.php" is working fine - it displays content and correctly runs function "online() in "functions.inc.php".
Then I call file "test.php". It deletes "something from sometable" correctly. Then it refreshes itself (Header("Location: /test.php");). After refreshing I am logged off.
I added this to "online()" function:
echo "affected_rows";
It returns 0.
I added more code to "online() function:
$checkuser = mysql_query("SELECT userid FROM session WHERE userid = '" . $_SESSION['id'] . "'") or die('Error');
$found = mysql_num_rows($checkuser);
echo $found;
$result = mysql_query("UPDATE session SET time='$ctime' WHERE userid='".$_SESSION['id']."'") or die('Error');
$affected_rows = mysql_affected_rows();
if ($affected_rows != 1) #session_destroy();
echo $affected_rows;
The result is 1 and 0.
I checked the database. "time" field in session table has been updated.
So, I can't understand how is it possible that the row exists, it updates correctly but mysql_affected_rows(); returns 0, and why this happends only if te same page has been refreshed.
functions.inc.php
<?php
#ob_start();#session_start();
#mysql_connect(C_HOST, C_USER, C_PASS) or die('Cant connect');
#mysql_select_db(C_BASE) or die('Cant select DB');
function online() {
$ctime = time()+1800;
if((isset($_SESSION['id']))&&(is_numeric($_SESSION['id']))) {
$query = mysql_query("UPDATE session SET time='$ctime2' WHERE userid='".$_SESSION['id']."'") or die('Error');
$affected_rows = mysql_affected_rows();
if ($affected_rows != 1) #session_destroy();
}
}
//many other functions go here
online();
?>
login.php
<?php
include_once 'configuration.inc.php';
include_once 'functions.inc.php';
//many things go here
$upd = mysql_query("INSERT INTO session VALUES ('" . $i['id'] . "','$ctime')") or die('Error2');
Header("Location: /content.php?justlogged=1");
die;
?>
content.php
<?php
include_once 'configuration.inc.php';
include_once 'functions.inc.php';
//many thing go here
echo "content";
?>
test.php
<?php
include_once 'configuration.inc.php';
include_once 'functions.inc.php';
if (isset($_GET['tid'])&&(is_numeric($_GET['tid']))){
$result = mysql_query("delete from some_table where something = '" . $_GET['tid'] . "'") or die('Error123a');
Header("Location: /test.php");
die;
}
//file content
?>
In your function.inc.php you call online() - session time is changed every second. But can it be that you're switching between pages (login, content, test) more faster than 1 second? In that case time would be the same and you'd get session destroy because of unaffected rows
Edit:
Yes. As I thought.
See how it comes:
you call login.php: after successful login it creates new session with time X. After this you're immediately redirected to content.php (time is still X) which calls online again. And of course, as you redirected immediately - time is the same.. so already at point of content.php session is already destroyed, because time wasn't changed.

$SQL UPDATE doesn't work when added WHERE CLAUSE

I know I am simply missing the simplest thing here but cant seem to figure it out.
so this works with this code but changes all rows of the database as opposed to just the one with the page id...
<? $pageid= $_GET["id"];
$sql = "SELECT id, first_name, last_name, email, bio, job, job2, job3 FROM `".weapons."` WHERE id = $pageid";
if(isset($_POST['Update']))
{
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$job = $_POST['job'];
$job2 = $_POST['job2'];
$job3 = $_POST['job3'];
$bio = $_POST['bio'];
$email = $_POST['email'];
$sql = "UPDATE weapons SET first_name='$first_name', email='$email' , job='$job', job2='$job2', job3='$job3', bio='$bio', last_name='$last_name'";
if (#mysql_query($sql)) {
echo('<p>Update Complete</p>');
} else {
echo('<p>Error updating: ' . mysql_error() . '</p>');
}
}else{ ...
however when adding the WHERE clause, like as follows
$sql = "UPDATE weapons SET first_name='$first_name', email='$email' , job='$job', job2='$job2', job3='$job3', bio='$bio', last_name='$last_name' WHERE id = $pageid";
I get an error
Error updating: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Any help would be great, thanks
EDIT
I actually missed a super easy thing, which is what I initially assumed, I had at first in my form had <form method='post' enctype='multipart/form-data' action='submit.php'> however that obviously messed up the get id because there isnt an idea, so even if that page was submit.php?id=4 when you hit submit it wouldnt run because the id would be gone.
Switching the code to <form method='post' enctype='multipart/form-data' action='#'> did just the trick.
Thanks for the help guys and I am looking into the sql injection now and working on how to better secure my site.
Please escape your strings before you create your SQL statement. Various characters in your input values will both break your query and open a HUGE security hole. That may very well be your problem. Look at this post for more info How can I prevent SQL injection in PHP?
In short, you assignments would look like this:
$first_name = mysql_real_escape_string($_POST['first_name']);
echo $sql; before you run it and post what that outputs.

mysql_fetch_array fails sometimes

I'm trying to implement the connection to a online payment framework.
One of the files is giving me some trouble, because sometimes the code works, sometimes it doesn't... And I can't understand why...
Here's where the code is failing...
$sql = "select transidmerchant,totalamount from nsiapay where transidmerchant='".$order_number."'and trxstatus='Verified'";
$result = mysql_query($sql);
**$checkout = mysql_fetch_array($result);**
echo "sql : ".$sql;
$hasil=$checkout['transidmerchant'];
echo "hasil: ".$hasil;
$amount=$checkout['totalamount'];
echo "amount: ".$amount;
// Custom Field
if (!$hasil) {
echo 'Stop1';
} else {
if ($status=="Success") {}
}
It's just part of the code but I think it's enough for you to try to see the problem... It fails on the bold line, $checkout = mysql_fetch_array($result);
The weird thing is that the "echo sql" works, and it shows the right values, but then when I put them on the array, sometimes the variables are passed, sometimes they're not... And so, when getting to if (!$hasil) it fails because the value is empty... but sometimes it works...
Any ideas on what might be happen?
Thans
Luis
The only way this fail is when query doesn't return anything.
The correct way would be to check if there is something returned:
$sql = "select transidmerchant,totalamount from nsiapay where transidmerchant='".$order_number."'and trxstatus='Verified'";
$result = mysql_query($sql);
if($checkout = mysql_fetch_array($result)){
$hasil = $checkout['transidmerchant'];
echo "hasil: ".$hasil;
$amount=$checkout['totalamount'];
echo "amount: ".$amount;
// Custom Field
if (!$hasil) {
echo 'Stop1';
} else {
if ($status=="Success") {}
}
}else{
echo "Empty query result";
}