millionexchange
-
Posts
5 -
Joined
-
Last visited
Posts posted by millionexchange
-
-
Should be$query = \"DELETE user_name FROM login WHERE custID={$_POST['custid']} LIMIT 1\";
$query = \"DELETE FROM login WHERE custID={$_POST['custid']} LIMIT 1\";
You don't need to specify columns when you're deleting rows from a table Also in this query
Where are $custid, $user_name, $pass, $authtype, and $qns coming from? It also looks like you missed the '$'s on a few of the variables so the query should look like$query = \"INSERT INTO banned_users (custid, user_name, user_password, user_type, question, ans, suspend_date) VALUES ('$custid', '$user_name', '$pass', '$authtype', '$qns', 'ans', 'suspend_date')\";
INSERT INTO banned_users(userid, user_name, user_password, user_type, question, ans, suspend_date) VALUES( '$custid', '$user_name', '$pass', '$authtype', '$qns', '$ans', '$suspend_date')
You should really be using prepared statements though. Even if the data is coming from a "trusted source" they're much safer and prevent SQL-Injection attacks
Thanks for the help on the first part; it makes sense.
Now, "user_name," "pass," "authtype," "qns," and "ans" are login table fields. "custid" is a customer table field. Now, like I said. Since, I'm suspending the login, I'm not sure if I need the following: '$custid,' '$qns', and '$ans.'
I just added them for security reasons in order to keep customers or tellers from going through a back door and entering their account if I suspend them.
Maybe, I just need the "user_name," "pass," "authtype," and "suspend_date" fields along with the '$user_name', '$pass', '$authtype' and '$suspend_date' variables.
Also need help with making sure that the info will delete from "login" and insert into "banned_users." Thanks.
I even just tried the following for the version 6 code, but it didn't work either:
<?php require '. ./db_connect.php'; //Connect mysql database if (isset($_GET['custid'])) { $query = "SELECT user_name FROM login\"; if ($r = mysql_query($query, $link)) { if (isset($_POST['custid'])) { $query = \"DELETE FROM login WHERE user_name\"; $r = mysql_query($query, $link); $query = \"INSERT INTO banned_users ( user_name, user_password, user_type, question, ans, suspend_date) VALUES ( '$user_name', '$pass', '$authtype', '$qns', '$ans', '$suspend_date')\"; if (@mysql_query($query, $link)) { echo \"Account Suspended Successfully\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to suspend another\"; exit(0); } else { echo \"Could not suspend account\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to try again\"; exit(0); } } } } $db_close=mysql_close(); ?>
Really, $custid is for echoing the info into the dropdown menu on the previous page.
- 1
-
Are you talking about with my script, or someone else script?
If you're talking about with mine, it's not about the fact that I excaped the echos; they work. The thing is that in both PHP versions, it's not deleting from the "user_name" field of "login" table and inserting into the "banned_users" table fields.
Notice how everything after the first query is showing up as green until way down later? you escaped (") for whatever reason at the end of your original query and that's obviously going to cause problems. -
Hi.
On my home banking system, I added a database table called "banned_users" in phpMyAdmin. However, when I test the script, the login of the customer id that I choose doesn't delete from the "login" table and insert into "banned_users".
In my code, the first one is a PHP6 version and the second one about 10 lines down is a different version.
Now, I rather someone edit the PHP6 version, because, the banking system I downloaded, I'm gonna eventually work on making all of the PHP version 6.
Also, the "custid" comes from the "customer" table. I'm really trying to move the login, so, when I suspend a user, the user will not be able to login. I'm not even sure if I need "custid" in the "banned_users" table. I just put it there, because, on the previous page, I'm echoing the "custid" into the drop-down.
When editing version 6, please feel free to remove "custid" if not needed and I will remove it from "banned_users" in phpMyAdmin. Thanks.
<?php session_start(); if(isset($_SESSION['username'])) { ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8"> <title>Suspend Account Details</title> <link rel="stylesheet" href=". ./css/main1.css" type="text/css"> </head> <body> <?php require '. ./db_connect.php'; //Connect mysql database <!-- BEGIN VERSION 6 --> if (isset($_GET['custid'])) { $query = "SELECT user_name FROM login WHERE custID=\{$_GET['custid']}\"; if ($r = mysql_query($query, $link)) { if (isset($_POST['custid'])) { $query = \"DELETE user_name FROM login WHERE custID={$_POST['custid']} LIMIT 1\"; $r = mysql_query($query, $link); $query = \"INSERT INTO banned_users (custid, user_name, user_password, user_type, question, ans, suspend_date) VALUES ('$custid', '$user_name', '$pass', '$authtype', '$qns', 'ans', 'suspend_date')\"; if (@mysql_query($query, $link)) { echo \"Account Suspended Successfully\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to suspend another\"; exit(0); } else { echo \"Could not suspend account\"; echo \"<p>Click <a href='admin_ban_cust_sel.php'>here</a> to try again\"; exit(0); } } } } $db_close=mysql_close(); <!-- END VERSION 6 --> /*$result = mysql_query("select user_name FROM login"); if(isset($_POST['Submit'])) ///forsubmit data { $user_name=$_POST['user_name']; $result = mysql_query("DELETE FROM login WHERE user_name"); $result = mysql_query("INSERT INTO banned_users(custid, user_name, user_password, user_type, question, ans, suspend_date)values('".$custid."', '".$user_name."', '".$pass."', '".$authtype."', '".$qns."', '".$ans."' '".$suspend_date."')"); /* $result = mysql_query("DELETE FROM login WHERE 'user_name', 'user_password', 'user_type', 'question', 'ans'"); $result = mysql_query("INSERT INTO banned_users(user_name, user_password, user_type, question, ans)values('".$custid."', '".$pass."', '".$authtype."', '".$qns."', '".$ans."')");*/ $db_close=mysql_close(); /* if($result) { echo "Account Suspended Successfully"; echo "<p>Click <a href='admin_ban_cust_sel.php'>here</a> to suspend another"; exit(0); } else { echo "Could not suspend account"; echo "<p>Click <a href='admin_ban_cust_sel.php'>here</a> to try again"; exit(0); } }*/ ?> </body> </html> <?php } else { echo "Please click here to login " . "<a href=index.php>Login Page</a>"; } ?>
-
Hi.
I just uploaded the following traffic exchange, but, I've came across a few errors.
FOLLOWING ERRORS:
Unable to create account and add URL.
USER ACCOUNT ERROR:
- Logged in with test account and unable to add URL to account.
- http://themillionsexchange.heliohost.org
- Login: henryb
- Password: 209mul
- Login is not being echoed.
- Surfbar doesn't work, nor shows username in browser.
- http://themillionsexchange.heliohost.org
- Get the following error on the start.php page when I click on some links:
- "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"
- "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"
and
- "Error in query: SELECT username, joindate from user where referral=. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"
- "Error in query: SELECT username, joindate from user where referral=. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"
ADMIN ACCOUNT ERROR:
- Logged into http://themillionsexchange.heliohost.org/admin.
- Login: admin
- Password: password
- Only shows the link: "<<back to main menu" on the "admin/mainTemplate.php" page.
- When I click the link, it goes nowhere, so I can't edit my site, user, etc.
- Only shows the link: "<<back to main menu" on the "admin/mainTemplate.php" page.
MY FTP INFO:
FTP server: ftp.themillionsexchange.heliohost.org
FTP and explicit FTPS port: 21
Login: traffic@themillionsexchange.heliohost.org
Password: d)D#wzvEeMCS
- 1
- Logged in with test account and unable to add URL to account.
Traffic Exchange Site Errors
in Website Management and Coding
Posted
admin/mainTemplate.php:
/start.php
index.php