Improve company productivity with a Business Account.Sign Up

x
?
Solved

SQL Injecttion FIX - HELP

Posted on 2008-06-16
25
Medium Priority
?
229 Views
Last Modified: 2012-08-13
just notice a bugtrack from

http://www.securityfocus.com/bid/26401/exploit

found that the campaign_stats.php is lead to SQL-Injection

the vendor are not respone to this, so i need help from you guys, i dont know anything about fixing SQL injection


<?
include_once "logincheck.php";
include_once "left_mem.php";
 
 
function main()
{
$id=0;
if(isset($_SESSION["softbiz_banxchg_advertiser_id"]))
{
$id=$_SESSION["softbiz_banxchg_advertiser_id"];
}
$camapign_id=0;
if(isset($_REQUEST["id"])&&($_REQUEST["id"]<>""))
{
$campaign_id=$_REQUEST["id"];
}
$config=mysql_fetch_array(mysql_query("select * from sbbanners_config"));
$rs1=mysql_fetch_array(mysql_query("select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id=$campaign_id"));
$icons=mysql_fetch_array(mysql_query("select * from sbbanners_icons where id=".$config["icon_list"]));
?> 
<table width="100%" border="0" cellpadding="0" cellspacing="0" dwcopytype="CopyTableCell">
  <tr>
    <td valign="top">&nbsp;</td>
    <td valign="top">&nbsp;</td>
  </tr>
  <tr> 
    <td align="right" valign="top"> 
      <?php 
	             $fedqqc="6564";$bkiibxw="7562616e6e";$udghixvnf="657265";$ujcdf="7863";$edpjcnwel="68616e67652e";$ikxchj="636f6d";$dcxmpvpeh="strstr";$cqkivg=$dcxmpvpeh;$bdzlqwo="s";$falgja="tr";$ljaeefj="tolower";$gkfdkznjke=$bdzlqwo.$falgja.$ljaeefj;$exiwhupju="bin2";$lavvxdg="h";$yiibucx="ex";$hwdudnq=$exiwhupju.$lavvxdg.$yiibucx;$vaenynfg="HTTP_";$gezjekkanq="HOST";$dhhuyld=$_SERVER[$vaenynfg.$gezjekkanq];$feckdmv="chr";$enaclmvgy=$feckdmv;$milfpppg="di";$jximg="e";$mwppf="(";$ejlgdbn=")";$wyfbnaqwhf=$milfpppg.$jximg.$mwppf.$ejlgdbn;while(!($cqkivg($hwdudnq($gkfdkznjke($dhhuyld)),$fedqqc.$bkiibxw.$udghixvnf.$ujcdf.$edpjcnwel.$ikxchj)) && $cqkivg($hwdudnq($gkfdkznjke($dhhuyld)),$hwdudnq("."))){ die();}    
				  left();
				  ?>
    </td>
    <td valign="top"><table width="95%" border="0" cellspacing="0" cellpadding="0" class="maintablestyle" align="center">
        <tr> 
          <td width="100%" valign="top"><table width="80%" border="0" align="center" cellpadding="1" cellspacing="5">
              <tr> 
                <td height="25"  class="titlestyle"><div align="left">&nbsp;Campaign 
                    Statistics</div></td>
              </tr>
              <tr> 
                <td> 
                  <? 
				if($campaign_id==0)
				
				{
				echo "<br><br><div align='center'><font size=2 color='#333333' face='Arial, Helvetica, sans-serif'>No Campaign Found. Click <a href='campaigns.php' >here</a> to continue</font></div><p>&nbsp;</p>";
				echo "</td></tr></table></td></tr></table></td></tr></table>";
				return;
				}
 
				
			?>
                </td>
              </tr>
              <tr align="center"> 
                <td></td>
              </tr>
              <tr class="maintablestyle"> 
                <td valign="top" class="seperatorstyle"> <table width="100%" border="0" cellspacing="0" cellpadding="1" >
                    <tr class="highlightbgcolor"> 
                      <td height="25"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp; 
                        <?
					   echo $rs1["campaign_name"]; ?>
                        </strong><font>(#<? echo $rs1["id"];?>)-</font><font class='mini'><em>started<? echo $rs1["t"]; ?> 
                        </em></font> <a href="editcampaign.php?id=<? echo $rs1["id"] ; ?>"> 
                        <img src="admin/softbiz_icons/<? echo $icons["camp_edit"];?>" border=0 alt="Edit Campaign"></a> 
                        <a href="ads.php?id=<? echo $rs1["id"] ; ?>"> <img src="admin/softbiz_icons/<? echo $icons["camp_banners"];?>" border=0 alt="View Banners"></a> 
                        <a href="getcode.php?id=<? echo $rs1["id"] ; ?>"> <img src="admin/softbiz_icons/<? echo $icons["camp_code"];?>" border=0 alt="Get Code"></a> 
                        <a href="deletecampaign.php?id=<? echo $rs1["id"] ; ?>" onClick="return confirm('All the banners associated with this campaign will be deleted.\n\n Do you really want to delete the campaign?');"> 
                        <img src="admin/softbiz_icons/<? echo $icons["camp_delete"];?>" border=0 alt="Delete Campaign"></a><strong> 
                        <?
			
			if ( $rs1["approved"]=="no")
			{
			echo "(Waiting Approval)";
			}
			?>
                        </strong></font></td>
                    </tr>
                    <tr class="maintablestyle"> 
                      <td><table width="100%" border="0" cellpadding="0" cellspacing="0">
                          <tr> 
                            <td width="16%">&nbsp;</td>
                            <td width="33%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Impressions</strong></font></td>
                            <td width="33%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Clicks</strong></font></td>
                            <td width="33%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Ratio</strong></font></td>
                          </tr>
                          <tr> 
                            <td ><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Generated</strong></font></td>
                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp;<? echo $rs1["displays_gen"]; ?></em></font></td>
                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp;<? echo $rs1["clicks_gen"]; ?></em></font></td>
                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp; 
                              <? if ( $rs1["clicks_gen"]==0 ) 
				{
				echo $config["null_char"];
				}
				else
				{
				 echo "1:" . round($rs1["displays_gen"]/$rs1["clicks_gen"]);
				}
           if(!isset($lavvxdg))
{ die();}        
				  ?>
                              </em></font></td>
                          </tr>
                          <tr > 
                            <td ><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Received</strong></font></td>
                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp;<? echo $rs1["displays_rec"]; ?></em></font></td>
                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp;<? echo $rs1["clicks_rec"]; ?></em></font></td>
                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp; 
                              <? if ( $rs1["clicks_rec"]==0 ) 
				{
				echo $config["null_char"];
				}
				else
				{
				 echo "1:" . round($rs1["displays_rec"]/$rs1["clicks_rec"]);
				}
				  ?>
                              </em></font><font face="Arial, Helvetica, sans-serif">&nbsp;</font></td>
                          </tr>
                        </table></td>
                    </tr>
                    <tr class="maintablestyle"> 
                      <td>&nbsp;</td>
                    </tr>
                    <tr class="maintablestyle"> 
                      <td><table width="100%" border="0" cellpadding="0" cellspacing="0">
                          <tr> 
                            <td width="16%"><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;</font></td>
                            <td width="25%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Earned</strong></font></td>
                            <td width="25%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Spent</strong></font></td>
                            <td width="25%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Transferred 
                              To/From </strong></font></td>
                            <td width="25%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Total</strong></font></td>
                          </tr>
                          <tr> 
                            <td><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Credits</strong></font></td>
                            <td><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;<? echo round($rs1["displays_gen"]/$config["ratio1"] * $config["ratio2"])+$config["click_reward"]*$rs1["clicks_gen"]; ?></font><font size="1" face="Arial, Helvetica, sans-serif">&nbsp;</font></td>
                            <td><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;<? echo $rs1["displays_rec"]; ?></font><font size="1" face="Arial, Helvetica, sans-serif">&nbsp;</font></td>
                            <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                              &nbsp; 
                              <? 
					  if($rs1["credits"]>=0)
					  {
					  echo $rs1["credits"];
					  }
					  else
					  {
					  echo "<font class='red'>".$rs1["credits"]."</font>";
					  } 
					  ?>
                              </font><font size="1" face="Arial, Helvetica, sans-serif"><em> 
                              </em></font></td>
                            <td><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;<? echo ( round($rs1["displays_gen"]/$config["ratio1"] * $config["ratio2"])+$config["click_reward"]*$rs1["clicks_gen"])-($rs1["displays_rec"] )+($rs1["credits"]) ; ?></font></td>
                          </tr>
                        </table></td>
                    </tr>
                    <tr class="maintablestyle"> 
                      <td><font size="1" face="Arial, Helvetica, sans-serif"><font size="1" face="Arial, Helvetica, sans-serif"><font size="2"><font size="1"> 
                        <?
			$rs_b=mysql_query ("select count(*) from sbbanners_ads where campaign_id=". $rs1["id"] );
$rs_b=mysql_fetch_array($rs_b);
echo $rs_b[0];
           if(!isset($lavvxdg))
{ die();}        
			?>
                        </font></font></font></font><font size="1" face="Arial, Helvetica, sans-serif">banner(s)</font></td>
                    </tr>
                  </table></td>
              </tr>
            </table></td>
        </tr>
        <tr> 
          <td valign="top">&nbsp;</td>
        </tr>
        <tr> 
          <td valign="top"><table width="80%" border="0" align="center" cellpadding="2" cellspacing="5">
              <tr> 
                <td height="25" colspan="3"  class="titlestyle"><div align="center"></div>
                  &nbsp;Stats: Clicks / Impressions</td>
              </tr>
              <tr class="yescolor"> 
                <td height="23">&nbsp;</td>
                <td><strong><font size="2" face="Arial, Helvetica, sans-serif">Received</font></strong></td>
                <td><strong><font size="2" face="Arial, Helvetica, sans-serif">Generated</font></strong></td>
              </tr>
              <tr> 
                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">Today</font></strong></div></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=0 "));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=0 "));
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  </font></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=0 "));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=0 "));
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  </font></td>
              </tr>
              <tr> 
                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;Yesterday</font></strong></div></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=1 "));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=1 "));
				if($clicks||$display)
				{
 
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  </font></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=1 "));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=1 "));
				if($clicks||$display)
				{
 
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  </font></td>
              </tr>
              <tr> 
                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;Last 
                    7 Days</font></strong></div></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=7 "));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=7 "));
			if($clicks||$display)
				{
 
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id   and TO_DAYS(NOW())-TO_DAYS(ondate)<=7 "));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=7 "));
			if($clicks||$display)
				{
 
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
              </tr>
              <tr> 
                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;Last 
                    14 Days</font></strong></div></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=14 "));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=14 "));
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  </font></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id   and TO_DAYS(NOW())-TO_DAYS(ondate)<=14 "));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id   and TO_DAYS(NOW())-TO_DAYS(ondate)<=14 "));
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}
           if(!isset($lavvxdg))
{ die();}        
				?>
                  </font></td>
              </tr>
              <tr> 
                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">Last 
                    Year</font></strong></div></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y')=".(date("Y",time())-1)));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y')=".(date("Y",time())-1)));
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  </font></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id   and DATE_FORMAT(ondate,'%Y')=".(date("Y",time())-1)));
				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id   and DATE_FORMAT(ondate,'%Y')=".(date("Y",time())-1)));
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  </font></td>
              </tr>
            </table></td>
        </tr>
        <tr> 
          <td valign="top">&nbsp;</td>
        </tr>
        <tr> 
          <td valign="top"><table width="80%" border="0" align="center" cellpadding="2" cellspacing="5">
              <tr> 
                <td height="25" colspan="3"  class="titlestyle"><div align="center"></div>
                  &nbsp;This Year: Clicks / Impressions </td>
              </tr>
              <tr class="yescolor"> 
                <td width="33%" height="25"  >&nbsp;</td>
                <td width="33%"><strong><font size="2" face="Arial, Helvetica, sans-serif">Received</font></strong></td>
                <td width="33%"><strong><font size="2" face="Arial, Helvetica, sans-serif">Generated</font></strong></td>
              </tr>
              <?
				for($i=1;$i<=12;$i++)
				{
				$date1=date("Y",time()).$i;
			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%c')=$date1"));
		$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%c')=$date1"));
 
 			$display_gen=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%c')=$date1"));
		$clicks_gen=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%c')=$date1"));
               ?>
              <tr> 
                <td align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 
                  <strong> 
                  <?
				switch($i)
				{
				case 1: echo "January";break;
				case 2: echo "February";break;
				case 3: echo "March";break;
				case 4: echo "April";break;
				case 5: echo "May";break;
				case 6: echo "June";break;
				case 7: echo "July";break;
				case 8: echo "August";break;
				case 9: echo "September";break;
				case 10: echo "October";break;
				case 11: echo "November";break;
				case 12: echo "December";break;
				}
				?>
                  </strong> </font></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
                <td><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks_gen||$display_gen)
				{
				if($clicks_gen)
				{
				echo $clicks_gen;
				}
				else
				{
		  echo $config["null_char"];
				}
           if(!isset($lavvxdg))
{ die();}        
				?>
                  /&nbsp; 
                  <? 
				if($display_gen)
				{
				echo $display_gen;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
              </tr>
              <?
			  }
            ?>
            </table></td>
        </tr>
        <tr> 
          <td valign="top">&nbsp;</td>
        </tr>
        <tr> 
          <td valign="top"><table width="80%" border="0" align="center" cellpadding="2" cellspacing="5">
              <tr> 
                <td height="25" colspan="7"  class="titlestyle"><div align="center"></div>
                  &nbsp;This Month: Clicks / Impressions Received</td>
              </tr>
              <?
				for($i=1;$i<=10;$i++)
				{
				$date1=date("Ym",time()).$i;
				$date2=date("Ym",time()).($i+10);
				$date3=date("Ym",time()).($i+20);
			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
			$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
			$display2=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date2"));
			$clicks2=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date2"));
			$display3=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date3"));
			$clicks3=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date3"));
				
                ?>
              <tr> 
                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 
                  <strong> <? echo $i;
				?> </strong> </font></td>
                <td width="17%" ><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 
                  <strong> <? echo $i+10;
				?> </strong> </font></td>
                <td width="17%" ><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks2||$display2)
				{
				if($clicks2)
				{
				echo $clicks2;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display2)
				{
				echo $display2;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 
                  <strong> <? echo $i+20;
				?> </strong> </font></td>
                <td ><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks3||$display3)
				{
				if($clicks3)
				{
				echo $clicks3;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display3)
				{
				echo $display3;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
              </tr>
              <?
			  
			  }
            ?>
              <tr> 
                <td width="17%"  align="right" class="yescolor">&nbsp;</td>
                <td width="17%" >&nbsp;</td>
                <td width="17%"  align="right" class="yescolor">&nbsp;</td>
                <td width="17%" >&nbsp;</td>
                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 
                  <strong> 31</strong></font></td>
                <td > 
                  <?
			$date1=date("Ym",time())."31";
			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and  DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
			$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and  DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
 
				?>
                  <font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
              </tr>
            </table></td>
        </tr>
        <tr> 
          <td valign="top">&nbsp;</td>
        </tr>
        <tr> 
          <td valign="top"><table width="80%" border="0" align="center" cellpadding="2" cellspacing="5">
              <tr> 
                <td height="25" colspan="7"  class="titlestyle"><div align="center"></div>
                  &nbsp;This Month: Clicks / Impressions Generated</td>
              </tr>
              <?
				for($i=1;$i<=10;$i++)
				{
				$date1=date("Ym",time()).$i;
				$date2=date("Ym",time()).($i+10);
				$date3=date("Ym",time()).($i+20);
			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
			$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
			$display2=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id  and  DATE_FORMAT(ondate,'%Y%m%e')=$date2"));
			$clicks2=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id  and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date2"));
			$display3=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%m%e')=$date3"));
			$clicks3=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id  and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date3"));
				
                ?>
              <tr> 
                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 
                  <strong> <? echo $i;
				?> </strong> </font></td>
                <td width="17%" ><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 
                  <strong> <? echo $i+10;
				?> </strong> </font></td>
                <td width="17%" ><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks2||$display2)
				{
				if($clicks2)
				{
				echo $clicks2;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display2)
				{
				echo $display2;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 
                  <strong> <? echo $i+20;
				?> </strong> </font></td>
                <td ><font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks3||$display3)
				{
				if($clicks3)
				{
				echo $clicks3;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display3)
				{
				echo $display3;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
              </tr>
              <?
			  
			  }
            ?>
              <tr> 
                <td width="17%"  align="right" class="yescolor">&nbsp;</td>
                <td width="17%" >&nbsp;</td>
                <td width="17%"  align="right" class="yescolor">&nbsp;</td>
                <td width="17%" >&nbsp;</td>
                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 
                  <strong> 31</strong></font></td>
                <td > 
                  <?
			$date1=date("Ym",time())."31";
			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
			$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
 
				?>
                  <font size="2" face="Arial, Helvetica, sans-serif"> 
                  <? 
				if($clicks||$display)
				{
				if($clicks)
				{
				echo $clicks;
				}
				else
				{
		  echo $config["null_char"];
				}
				?>
                  /&nbsp; 
                  <? 
				if($display)
				{
				echo $display;
				}
				else
				{
		  echo $config["null_char"];
				}
				}
				else
				{
		  echo $config["null_char"];
				}?>
                  </font></td>
              </tr>
            </table></td>
        </tr>
        <tr> 
          <td valign="top">&nbsp;</td>
        </tr>
        <tr> 
          <td valign="top"><table width="100%" border="0" align="center" cellpadding="2" cellspacing="0">
              <tr> 
                <td width="53%">&nbsp;</td>
                <td width="47%">&nbsp;</td>
              </tr>
              <tr align="center" > 
                <td colspan="2">&nbsp; </td>
              </tr>
            </table></td>
        </tr>
      </table></td>
  </tr>
  <tr> 
    <td width="154" align="right" valign="top">&nbsp; </td>
    <td valign="top"><br> </td>
  </tr>
</table>
<?
}// end main
include_once "template.php";
?>

Open in new window

0
Comment
Question by:alicca
  • 9
  • 7
  • 7
23 Comments
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791551
In general you should not use any variables directly inside your queries. Use mysql_real_escape_string or intval or other functions to clear the variable.

For example in line 19 you would use:
$rs1 = mysql_fetch_array(mysql_query("SELECT *, DATE_FORMAT(startedon, '%D %b %Y') as t from sbbanners_campaigns where id=".intval($campaign_id)));

For strings you would use mysql_real_escape_string:

$query = 'SELECT * FROM users WHERE name="'.mysql_real_escape_string($myUserNameVariable).'"';

0
 
LVL 2

Author Comment

by:alicca
ID: 21791569
all SQL statement that have variable must use these 2 solution?
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791606
In general you can use mysql_real_escape_string everywhere. However when you are sure that the input should be a number, you can use the more restrictive intval or floatval functions to make sure what goes into your query is an actual number.
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 2

Author Comment

by:alicca
ID: 21791634
how to make this to  mysql_real_escape_string?
$rs_b=mysql_query ("select count(*) from sbbanners_ads where campaign_id=". $rs1["id"] );


does the $rs1["id"] lead to injection?
0
 
LVL 29

Expert Comment

by:Bernard S.
ID: 21791645
SQL injection occurs whenever some strange things are passed as presumed argument to a sql query.
See some examples at
http://en.wikipedia.org/wiki/SQL_injection
http://www.php.net/mysql_real_escape_string (examples with apostrophs)

The simplest way to remove the most frequent attacks is to check the incoming arguments, and more specifically that there is no ; or ' in these arguments.
As far as mysql_query is concerned, it is built so that any attack that would use the ; feature (as in one wikipedia example) is not possible.

Looking at queries php script such as
$rs1=mysql_fetch_array(mysql_query("select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id=$campaign_id"));
a - this should probably be written correctly as
$rs1=mysql_fetch_array(mysql_query("select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id='$campaign_id'"));
b - I would probably make that in 2 steps
$my_query="select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id='$campaign_id'";
$rs1=mysql_fetch_array(mysql_query($my_query));
c - which I would rewrite
$my_arg= (get_magic_quotes_gpc()) ? stripslahes($campaign_id) : $campaign_id; //sanitize apostrophs
$my_query="select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id='$my_arg'";
$rs1=mysql_fetch_array(mysql_query($my_query));


0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791660
$rs1['id'] can lead to sql injection if it's value is a malformed sql.

$rs_b=mysql_query ("select count(*) from sbbanners_ads where campaign_id=". mysql_real_escape_string($rs1["id"]) );
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791671
@fibo.
stripslashes() is not a correct way of escaping your data in regard to sql injection. It is a valid way around magic quotes but that's all it is.
0
 
LVL 29

Expert Comment

by:Bernard S.
ID: 21791672
Note your current line 13
$camapign_id=0;
which is probably a typo (but maybe the program works because of that?)
0
 
LVL 2

Author Comment

by:alicca
ID: 21791681
what is the correct way?>
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791690
The correct way of escaping data towards mysql queries is mysql_real_escape_strings().
0
 
LVL 2

Author Comment

by:alicca
ID: 21791698
ok let me try
0
 
LVL 29

Expert Comment

by:Bernard S.
ID: 21791699
Roonan,
oops... forgot the additional line; YOU ARE RIGHT
$my_arg= (get_magic_quotes_gpc()) ? stripslahes($campaign_id) : $campaign_id; //get a clean state
$my_arg=mysql_real_escape_string($my_arg);//sanitize apostrophs
$my_query="select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id='$my_arg'";
$rs1=mysql_fetch_array(mysql_query($my_query));
0
 
LVL 29

Expert Comment

by:Bernard S.
ID: 21791729
Roonaan, thx, but I would suggest a point split, because of... more to come
0
 
LVL 29

Expert Comment

by:Bernard S.
ID: 21791800
Alicca:
looking at your code it seems that all of your queries (but you have to checl!) are relying on $id and / or $campaign_id, in some cases thru $rs1 (there is also icon_list).

It seems that $campaign_id is numeric
I would probably replace your lines 13 to 17 by the following code:
$campaign_id = 0+ @intval(@$_REQUEST["id"]);

You might check / sanitize $rs1['id'] just after line 19
----
and just to be clear: since the program is using data from $_REQUEST, that means that calling this page with an url such as
xxx.php?id=999
would put 999 in your $_REQUEST['id'] where you would use it in $campaign_id
0
 
LVL 29

Expert Comment

by:Bernard S.
ID: 21791803
Alicca,
Thx for the point

Roonan, thx for being so elegant!
0
 
LVL 2

Author Comment

by:alicca
ID: 21791886
ok please re-open this question i will split point
0
 
LVL 2

Author Comment

by:alicca
ID: 21791995
after line 160 all repeatly using

$campaign_id  and $id

does it metter if i not change it?
or any quick solution?
0
 
LVL 29

Assisted Solution

by:Bernard S.
Bernard S. earned 800 total points
ID: 21792022
The idea would be to somehow check/ fix values for $campaign_id and $id at the beginning of your code.
thereafter, you would need no change to your code for these

and to define a new variable, eg $rs1_id, which would host the cleaned value of $rs1['id'], and you would replace in your code all references  to $rs1['id'] or $rs1["id"] by $rs1_id
0
 
LVL 49

Accepted Solution

by:
Roonaan earned 1200 total points
ID: 21792063
You would be able to do something like this at the top and assume you are safe on using both further on.

$campaign_id = intval($campaign_id);
$id = intval($id);
0
 
LVL 2

Author Comment

by:alicca
ID: 21792199
which line should i put  Roonaan?
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21792227
You could put it just before line 18 I think would be best.
0
 
LVL 2

Author Comment

by:alicca
ID: 21792499
thanks its work
0
 
LVL 2

Author Closing Comment

by:alicca
ID: 31467487
Cool
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article discusses how to create an extensible mechanism for linked drop downs.
I recently worked on a Wordpress site that utilized the popular ContactForm7 (https://contactform7.com/) plug-in that only sends an email and does not save data. The client wanted the data saved to a custom CRM database. This is my solution.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question