New Topic/Question
Reply
<?php
include_once("dbconfig.php");
include_once('inc_thumbnail.php');
include_once('inc_functions.php');
include_once('admin/config.php');
include_once($languageFile);
$ip = GetHostByName($REMOTE_ADDR);
$op = $_REQUEST["op"]; // op is the operation code
$msg = "";
if ($op == "newItem"){
$email = $_POST["md_email"];
if ($email != 'md_email')
header("" . GetHostByName($REMOTE_ADDR));
foreach ($_POST as $secvalue){
if(ereg_replace()("<[^>]*script.*\"?[^>]*>",$secvalue)) ||
(ereg_replace()("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*<?.*\"?[^>]*>", $secvalue)) ||
(ereg_replace()("<[^>]*img.*\"?[^>]*>", $secvalue))) {
die ("There was a problem with your post");
}
}
$title = ($_POST["md_title"]);
$md_description = ($_POST["md_description"]);
$price = ($_POST["md_price"]);
$email = ($_POST["md_email2"]);
$city = ($_POST["city"]);
$namer = ($_POST["namer"]);
$category = ($_POST["category"]);
$type = ($_POST["type"]);
// upload the file if it exists
$file = uploadImage($_POST["filetoupload"]);
// Create a Thumbnail if an image exists
if ($file != "no file")
{
$date = date("YmdHis");
$imgArr = split('[/]', $file);
$imgNameOnly = $imgArr[sizeof($imgArr)-1];
$folderPath = "";
for ($i=0; $i<sizeof($imgArr)-1; $i++)
$folderPath .= $imgArr[$i] . "/";
$photoPathName = $folderPath . $date . "_" . $imgNameOnly;
$thumbNailPathName = $folderPath . "thumb_" . $date . "_" . $imgNameOnly;
$imgType = getImgType($imgNameOnly);
// Create a resized image of the orig. a mx of 400 pixels
$photo=new Thumbnail(400,400);
// Load an image into a string (this could be from a database)
$image=file_get_contents($file);
// Load the image data
$photo->loadData($image,$imgType);
// Build the thumbnail and store as a file
$photo->buildThumb($photoPathName);
// Instantiate the thumbnail
$tn=new Thumbnail(50,50);
// Load an image into a string (this could be from a database)
$image=file_get_contents($file);
// Load the image data
$tn->loadData($image,$imgType);
// Build the thumbnail and store as a file
$tn->buildThumb($thumbNailPathName);
// delete the source file that is potentially large
unlink($file);
}
// Creates a 7 character random string
$confirmPassword = chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122));
$sql = "INSERT INTO md_postings SET email='$email', type='$type', name='$namer', city='$city', category='$category', title='$title', description='$description', price='$price', ip='$ip', confirmPassword='$confirmPassword', imgURL='$photoPathName', imgURLThumb='$thumbNailPathName'";
if (mysql_query($sql)) // If all is good, send the email
{
include_once("admin/email_newItem.php");
mail($email, STR_CONFIRMPOSTING, $message, $headers);
header("Location:newItemConfirm.php");
} else {
print("Hmmm... something went wrong trying to create a new item:<br>" . mysql_error());
}
}
if ($op == "md_email2"){
$botEmail = $_POST["md_email2"];
if ($botEmail != 'md_email2')
header("" . GetHostByName($REMOTE_ADDR));
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*<?.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img.*\"?[^>]*>", $secvalue))) {
die ("There was a problem with your post. Please do not include code.");
}
}
// end hacker defense
$postId = mysql_real_escape_string($_POST["postId"]);
$title = mysql_real_escape_string(addslashes(trim($_POST["title"])));
$name = mysql_real_escape_string(addslashes(trim($_POST["name"])));
$email = mysql_real_escape_string(trim($_POST["email2"]));
$message = "From: $name \n\n" . $_POST["md_message"];
$emailTitle = STR_ABOUTYOURPOST . $title;
$headers = 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$sql = "SELECT email FROM md_postings WHERE postId='$postId'";
$result = mysql_query($sql);
if (!$result)
print("Hmmm... Error getting email address: " . mysql_error());
$row = mysql_fetch_array($result);
$toEmail = $row["email"];
mail($toEmail, $emailTitle, $message, $headers);
header("Location: viewItem.php?id=$postId&msg=messageSent");
}
if ($op == "emailReminder"){
$postId = mysql_real_escape_string($_POST["postId"]);
$sql = "SELECT email, title, confirmPassword FROM md_postings WHERE postId='$postId'";
$result = mysql_query($sql);
if (!$result)
print("Error performing query: " . mysql_error());
$row = mysql_fetch_array($result);
$confirmPassword = $row["confirmPassword"];
$toEmail = $row["email"];
include_once("admin/email_reminder.php");
mail($toEmail, STR_REMINDEREMIAL, $message, $headers);
header("Location: viewItem.php?id=$postId&msg=messageSent");
}
?>
PARSE ERRORI try to Post a job to my database, but I get this error on click the
Page 1 of 1
5 Replies - 1046 Views - Last Post: 08 November 2009 - 02:26 AM
Rate Topic:
#1
oaluyi
- D.I.C Head
Reputation: 0
- Posts: 67
- Joined: 04-November 09
PARSE ERROR
Posted 07 November 2009 - 04:04 PM
I get this error on clicking the submit button when I try to Submit my Post to my database. Please Advice...
Is This A Good Question/Topic?
0
MultiQuoteReplies To: PARSE ERROR
#2
AdaHacker
- Resident Curmudgeon
Reputation: 438
- Posts: 792
- Joined: 17-June 08
Re: PARSE ERROR
Posted 07 November 2009 - 04:34 PM
That's because in the first foreach loop, every single one of your ereg_replace calls has an extra, empty set of parentheses before that actual parameters.
Was This Post Helpful?
0
#4
Dannyboy997
- D.I.C Regular
-
Reputation: 64
- Posts: 258
- Joined: 17-April 09
Re: PARSE ERROR
Posted 07 November 2009 - 06:50 PM
Whats the error?
Was This Post Helpful?
0
#5
no2pencil
- Original Digital Gansta
-
Reputation: 4501
- Posts: 24,965
- Joined: 10-May 07
Re: PARSE ERROR
Posted 07 November 2009 - 07:14 PM
Why don't you verify the values in your sql statement, & then you'll find which one is the offensive.
Chances are, one of your variables is empty.
$sql = "INSERT INTO md_postings SET email='$email', type='$type', name='$namer', city='$city', category='$category', title='$title', description='$description', price='$price', ip='$ip', confirmPassword='$confirmPassword', imgURL='$photoPathName', imgURLThumb='$thumbNailPathName'";
echo "<p>attempting to send :</p><p>".$sql."</p>";
if (mysql_query($sql)) // If all is good, send the email
{
Chances are, one of your variables is empty.
Was This Post Helpful?
0
#6
oaluyi
- D.I.C Head
Reputation: 0
- Posts: 67
- Joined: 04-November 09
Re: PARSE ERROR
Posted 08 November 2009 - 02:26 AM
This is the error I now get
Notice: Undefined index: filetoupload in C:\wamp\www\P\controller.php on line 28
Warning: mysql_query() [function.mysql-query]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in C:\wamp\www\P\controller.php on line 67
Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\wamp\www\P\controller.php on line 67
Hmmm... something went wrong trying to create a new item:
Access denied for user 'SYSTEM'@'localhost' (using password: NO)
Notice: Undefined index: filetoupload in C:\wamp\www\P\controller.php on line 28
Warning: mysql_query() [function.mysql-query]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in C:\wamp\www\P\controller.php on line 67
Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\wamp\www\P\controller.php on line 67
Hmmm... something went wrong trying to create a new item:
Access denied for user 'SYSTEM'@'localhost' (using password: NO)
<?php
include_once("dbconfig.php");
include_once('inc_thumbnail.php');
include_once('inc_functions.php');
include_once('admin/config.php');
include_once($languageFile);
$ip = GetHostByName($REMOTE_ADDR);
$op = $_REQUEST["op"]; // op is the operation code
$msg = "";
if ($op == "newItem"){
$md_email = $_POST["md_email2"];
if ($md_email != 'md_email2')
header("" . GetHostByName($REMOTE_ADDR));
$title = ($_POST["md_title"]);
$md_description = ($_POST["md_description"]);
$md_price = ($_POST["md_price"]);
$md_email2 = ($_POST["md_email2"]);
$md_city = ($_POST["md_city"]);
$namer = ($_POST["namer"]);
$category = ($_POST["category"]);
$type = ($_POST["type"]);
// upload the file if it exists
$filetoupload= uploadImage($_POST["filetoupload"]);
// Create a Thumbnail if an image exists
if ($filetoupload != "no file")
{
$date = date("YmdHis");
$imgArr = split('[/]', $file);
$imgNameOnly = $imgArr[sizeof($imgArr)-1];
$folderPath = "";
for ($i=0; $i<sizeof($imgArr)-1; $i++)
$folderPath .= $imgArr[$i] . "/";
$photoPathName = $folderPath . $date . "_" . $imgNameOnly;
$thumbNailPathName = $folderPath . "thumb_" . $date . "_" . $imgNameOnly;
$imgType = getImgType($imgNameOnly);
// Create a resized image of the orig. a mx of 400 pixels
$photo=new Thumbnail(400,400);
// Load an image into a string (this could be from a database)
$image=file_get_contents($file);
// Load the image data
$photo->loadData($image,$imgType);
// Build the thumbnail and store as a file
$photo->buildThumb($photoPathName);
// Instantiate the thumbnail
$tn=new Thumbnail(50,50);
// Load an image into a string (this could be from a database)
$image=file_get_contents($file);
// Load the image data
$tn->loadData($image,$imgType);
// Build the thumbnail and store as a file
$tn->buildThumb($thumbNailPathName);
// delete the source file that is potentially large
unlink($file);
}
// Creates a 7 character random string
$confirmPassword = chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122));
$sql = ("INSERT INTO md_postings SET md_email='$md_email2', type='$type', namer='$namer', md_city='$md_city', category='$category', md_title='$md_title', md_description='$md_description', md_price='$md_price', filetoupload='$filetoupload'");
if (mysql_query($sql)) // If all is good, send the email
{
include_once("admin/email_newItem.php");
mail($email, STR_CONFIRMPOSTING, $message, $headers);
header("Location:newItemConfirm.php");
} else {
print("Hmmm... something went wrong trying to create a new item:<br>" . mysql_error());
}
}
if ($op == "md_email2"){
$botEmail = $_POST["md_email2"];
if ($botEmail != 'md_email2')
header("" . GetHostByName($REMOTE_ADDR));
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*script.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*<?.*\"?[^>]*>", $secvalue)) ||
(eregi("<[^>]*img.*\"?[^>]*>", $secvalue))) {
die ("There was a problem with your post. Please do not include code.");
}
}
// end hacker defense
$postId = mysql_real_escape_string($_POST["postId"]);
$title = mysql_real_escape_string(addslashes(trim($_POST["title"])));
$name = mysql_real_escape_string(addslashes(trim($_POST["name"])));
$email = mysql_real_escape_string(trim($_POST["email2"]));
$message = "From: $name \n\n" . $_POST["md_message"];
$emailTitle = STR_ABOUTYOURPOST . $title;
$headers = 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$sql = "SELECT email FROM md_postings WHERE postId='$postId'";
$result = mysql_query($sql);
if (!$result)
print("Hmmm... Error getting email address: " . mysql_error());
$row = mysql_fetch_array($result);
$toEmail = $row["email"];
mail($toEmail, $emailTitle, $message, $headers);
header("Location: viewItem.php?id=$postId&msg=messageSent");
}
if ($op == "emailReminder"){
$postId = mysql_real_escape_string($_POST["postId"]);
$sql = "SELECT email, title, confirmPassword FROM md_postings WHERE postId='$postId'";
$result = mysql_query($sql);
if (!$result)
print("Error performing query: " . mysql_error());
$row = mysql_fetch_array($result);
$confirmPassword = $row["confirmPassword"];
$toEmail = $row["email"];
include_once("admin/email_reminder.php");
mail($toEmail, STR_REMINDEREMIAL, $message, $headers);
header("Location: viewItem.php?id=$postId&msg=messageSent");
}
?>
Was This Post Helpful?
0
Page 1 of 1
|
|
| 