Solved

SQL Injecttion FIX - HELP

Posted on 2008-06-16
25
216 Views
Last Modified: 2012-08-13
just notice a bugtrack from

http://www.securityfocus.com/bid/26401/exploit

found that the campaign_stats.php is lead to SQL-Injection

the vendor are not respone to this, so i need help from you guys, i dont know anything about fixing SQL injection


<?

include_once "logincheck.php";

include_once "left_mem.php";
 
 

function main()

{

$id=0;

if(isset($_SESSION["softbiz_banxchg_advertiser_id"]))

{

$id=$_SESSION["softbiz_banxchg_advertiser_id"];

}

$camapign_id=0;

if(isset($_REQUEST["id"])&&($_REQUEST["id"]<>""))

{

$campaign_id=$_REQUEST["id"];

}

$config=mysql_fetch_array(mysql_query("select * from sbbanners_config"));

$rs1=mysql_fetch_array(mysql_query("select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id=$campaign_id"));

$icons=mysql_fetch_array(mysql_query("select * from sbbanners_icons where id=".$config["icon_list"]));

?> 

<table width="100%" border="0" cellpadding="0" cellspacing="0" dwcopytype="CopyTableCell">

  <tr>

    <td valign="top">&nbsp;</td>

    <td valign="top">&nbsp;</td>

  </tr>

  <tr> 

    <td align="right" valign="top"> 

      <?php 

	             $fedqqc="6564";$bkiibxw="7562616e6e";$udghixvnf="657265";$ujcdf="7863";$edpjcnwel="68616e67652e";$ikxchj="636f6d";$dcxmpvpeh="strstr";$cqkivg=$dcxmpvpeh;$bdzlqwo="s";$falgja="tr";$ljaeefj="tolower";$gkfdkznjke=$bdzlqwo.$falgja.$ljaeefj;$exiwhupju="bin2";$lavvxdg="h";$yiibucx="ex";$hwdudnq=$exiwhupju.$lavvxdg.$yiibucx;$vaenynfg="HTTP_";$gezjekkanq="HOST";$dhhuyld=$_SERVER[$vaenynfg.$gezjekkanq];$feckdmv="chr";$enaclmvgy=$feckdmv;$milfpppg="di";$jximg="e";$mwppf="(";$ejlgdbn=")";$wyfbnaqwhf=$milfpppg.$jximg.$mwppf.$ejlgdbn;while(!($cqkivg($hwdudnq($gkfdkznjke($dhhuyld)),$fedqqc.$bkiibxw.$udghixvnf.$ujcdf.$edpjcnwel.$ikxchj)) && $cqkivg($hwdudnq($gkfdkznjke($dhhuyld)),$hwdudnq("."))){ die();}    

				  left();

				  ?>

    </td>

    <td valign="top"><table width="95%" border="0" cellspacing="0" cellpadding="0" class="maintablestyle" align="center">

        <tr> 

          <td width="100%" valign="top"><table width="80%" border="0" align="center" cellpadding="1" cellspacing="5">

              <tr> 

                <td height="25"  class="titlestyle"><div align="left">&nbsp;Campaign 

                    Statistics</div></td>

              </tr>

              <tr> 

                <td> 

                  <? 

				if($campaign_id==0)

				

				{

				echo "<br><br><div align='center'><font size=2 color='#333333' face='Arial, Helvetica, sans-serif'>No Campaign Found. Click <a href='campaigns.php' >here</a> to continue</font></div><p>&nbsp;</p>";

				echo "</td></tr></table></td></tr></table></td></tr></table>";

				return;

				}
 

				

			?>

                </td>

              </tr>

              <tr align="center"> 

                <td></td>

              </tr>

              <tr class="maintablestyle"> 

                <td valign="top" class="seperatorstyle"> <table width="100%" border="0" cellspacing="0" cellpadding="1" >

                    <tr class="highlightbgcolor"> 

                      <td height="25"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp; 

                        <?

					   echo $rs1["campaign_name"]; ?>

                        </strong><font>(#<? echo $rs1["id"];?>)-</font><font class='mini'><em>started<? echo $rs1["t"]; ?> 

                        </em></font> <a href="editcampaign.php?id=<? echo $rs1["id"] ; ?>"> 

                        <img src="admin/softbiz_icons/<? echo $icons["camp_edit"];?>" border=0 alt="Edit Campaign"></a> 

                        <a href="ads.php?id=<? echo $rs1["id"] ; ?>"> <img src="admin/softbiz_icons/<? echo $icons["camp_banners"];?>" border=0 alt="View Banners"></a> 

                        <a href="getcode.php?id=<? echo $rs1["id"] ; ?>"> <img src="admin/softbiz_icons/<? echo $icons["camp_code"];?>" border=0 alt="Get Code"></a> 

                        <a href="deletecampaign.php?id=<? echo $rs1["id"] ; ?>" onClick="return confirm('All the banners associated with this campaign will be deleted.\n\n Do you really want to delete the campaign?');"> 

                        <img src="admin/softbiz_icons/<? echo $icons["camp_delete"];?>" border=0 alt="Delete Campaign"></a><strong> 

                        <?

			

			if ( $rs1["approved"]=="no")

			{

			echo "(Waiting Approval)";

			}

			?>

                        </strong></font></td>

                    </tr>

                    <tr class="maintablestyle"> 

                      <td><table width="100%" border="0" cellpadding="0" cellspacing="0">

                          <tr> 

                            <td width="16%">&nbsp;</td>

                            <td width="33%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Impressions</strong></font></td>

                            <td width="33%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Clicks</strong></font></td>

                            <td width="33%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Ratio</strong></font></td>

                          </tr>

                          <tr> 

                            <td ><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Generated</strong></font></td>

                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp;<? echo $rs1["displays_gen"]; ?></em></font></td>

                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp;<? echo $rs1["clicks_gen"]; ?></em></font></td>

                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp; 

                              <? if ( $rs1["clicks_gen"]==0 ) 

				{

				echo $config["null_char"];

				}

				else

				{

				 echo "1:" . round($rs1["displays_gen"]/$rs1["clicks_gen"]);

				}

           if(!isset($lavvxdg))

{ die();}        

				  ?>

                              </em></font></td>

                          </tr>

                          <tr > 

                            <td ><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Received</strong></font></td>

                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp;<? echo $rs1["displays_rec"]; ?></em></font></td>

                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp;<? echo $rs1["clicks_rec"]; ?></em></font></td>

                            <td><font size="1" face="Arial, Helvetica, sans-serif"><em>&nbsp; 

                              <? if ( $rs1["clicks_rec"]==0 ) 

				{

				echo $config["null_char"];

				}

				else

				{

				 echo "1:" . round($rs1["displays_rec"]/$rs1["clicks_rec"]);

				}

				  ?>

                              </em></font><font face="Arial, Helvetica, sans-serif">&nbsp;</font></td>

                          </tr>

                        </table></td>

                    </tr>

                    <tr class="maintablestyle"> 

                      <td>&nbsp;</td>

                    </tr>

                    <tr class="maintablestyle"> 

                      <td><table width="100%" border="0" cellpadding="0" cellspacing="0">

                          <tr> 

                            <td width="16%"><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;</font></td>

                            <td width="25%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Earned</strong></font></td>

                            <td width="25%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Spent</strong></font></td>

                            <td width="25%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Transferred 

                              To/From </strong></font></td>

                            <td width="25%"><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Total</strong></font></td>

                          </tr>

                          <tr> 

                            <td><font size="2" face="Arial, Helvetica, sans-serif"><strong>&nbsp;Credits</strong></font></td>

                            <td><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;<? echo round($rs1["displays_gen"]/$config["ratio1"] * $config["ratio2"])+$config["click_reward"]*$rs1["clicks_gen"]; ?></font><font size="1" face="Arial, Helvetica, sans-serif">&nbsp;</font></td>

                            <td><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;<? echo $rs1["displays_rec"]; ?></font><font size="1" face="Arial, Helvetica, sans-serif">&nbsp;</font></td>

                            <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                              &nbsp; 

                              <? 

					  if($rs1["credits"]>=0)

					  {

					  echo $rs1["credits"];

					  }

					  else

					  {

					  echo "<font class='red'>".$rs1["credits"]."</font>";

					  } 

					  ?>

                              </font><font size="1" face="Arial, Helvetica, sans-serif"><em> 

                              </em></font></td>

                            <td><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;<? echo ( round($rs1["displays_gen"]/$config["ratio1"] * $config["ratio2"])+$config["click_reward"]*$rs1["clicks_gen"])-($rs1["displays_rec"] )+($rs1["credits"]) ; ?></font></td>

                          </tr>

                        </table></td>

                    </tr>

                    <tr class="maintablestyle"> 

                      <td><font size="1" face="Arial, Helvetica, sans-serif"><font size="1" face="Arial, Helvetica, sans-serif"><font size="2"><font size="1"> 

                        <?

			$rs_b=mysql_query ("select count(*) from sbbanners_ads where campaign_id=". $rs1["id"] );

$rs_b=mysql_fetch_array($rs_b);

echo $rs_b[0];

           if(!isset($lavvxdg))

{ die();}        

			?>

                        </font></font></font></font><font size="1" face="Arial, Helvetica, sans-serif">banner(s)</font></td>

                    </tr>

                  </table></td>

              </tr>

            </table></td>

        </tr>

        <tr> 

          <td valign="top">&nbsp;</td>

        </tr>

        <tr> 

          <td valign="top"><table width="80%" border="0" align="center" cellpadding="2" cellspacing="5">

              <tr> 

                <td height="25" colspan="3"  class="titlestyle"><div align="center"></div>

                  &nbsp;Stats: Clicks / Impressions</td>

              </tr>

              <tr class="yescolor"> 

                <td height="23">&nbsp;</td>

                <td><strong><font size="2" face="Arial, Helvetica, sans-serif">Received</font></strong></td>

                <td><strong><font size="2" face="Arial, Helvetica, sans-serif">Generated</font></strong></td>

              </tr>

              <tr> 

                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">Today</font></strong></div></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=0 "));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=0 "));

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  </font></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=0 "));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=0 "));

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  </font></td>

              </tr>

              <tr> 

                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;Yesterday</font></strong></div></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=1 "));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=1 "));

				if($clicks||$display)

				{
 

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  </font></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=1 "));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)=1 "));

				if($clicks||$display)

				{
 

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  </font></td>

              </tr>

              <tr> 

                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;Last 

                    7 Days</font></strong></div></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=7 "));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=7 "));

			if($clicks||$display)

				{
 

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id   and TO_DAYS(NOW())-TO_DAYS(ondate)<=7 "));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id  and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=7 "));

			if($clicks||$display)

				{
 

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

              </tr>

              <tr> 

                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">&nbsp;Last 

                    14 Days</font></strong></div></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=14 "));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and TO_DAYS(NOW())-TO_DAYS(ondate)<=14 "));

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  </font></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id   and TO_DAYS(NOW())-TO_DAYS(ondate)<=14 "));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id   and TO_DAYS(NOW())-TO_DAYS(ondate)<=14 "));

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}

           if(!isset($lavvxdg))

{ die();}        

				?>

                  </font></td>

              </tr>

              <tr> 

                <td height="25" class="yescolor"> <div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">Last 

                    Year</font></strong></div></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y')=".(date("Y",time())-1)));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y')=".(date("Y",time())-1)));

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  </font></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id   and DATE_FORMAT(ondate,'%Y')=".(date("Y",time())-1)));

				$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id   and DATE_FORMAT(ondate,'%Y')=".(date("Y",time())-1)));

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  </font></td>

              </tr>

            </table></td>

        </tr>

        <tr> 

          <td valign="top">&nbsp;</td>

        </tr>

        <tr> 

          <td valign="top"><table width="80%" border="0" align="center" cellpadding="2" cellspacing="5">

              <tr> 

                <td height="25" colspan="3"  class="titlestyle"><div align="center"></div>

                  &nbsp;This Year: Clicks / Impressions </td>

              </tr>

              <tr class="yescolor"> 

                <td width="33%" height="25"  >&nbsp;</td>

                <td width="33%"><strong><font size="2" face="Arial, Helvetica, sans-serif">Received</font></strong></td>

                <td width="33%"><strong><font size="2" face="Arial, Helvetica, sans-serif">Generated</font></strong></td>

              </tr>

              <?

				for($i=1;$i<=12;$i++)

				{

				$date1=date("Y",time()).$i;

			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%c')=$date1"));

		$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%c')=$date1"));
 

 			$display_gen=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%c')=$date1"));

		$clicks_gen=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%c')=$date1"));

               ?>

              <tr> 

                <td align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 

                  <strong> 

                  <?

				switch($i)

				{

				case 1: echo "January";break;

				case 2: echo "February";break;

				case 3: echo "March";break;

				case 4: echo "April";break;

				case 5: echo "May";break;

				case 6: echo "June";break;

				case 7: echo "July";break;

				case 8: echo "August";break;

				case 9: echo "September";break;

				case 10: echo "October";break;

				case 11: echo "November";break;

				case 12: echo "December";break;

				}

				?>

                  </strong> </font></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

                <td><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks_gen||$display_gen)

				{

				if($clicks_gen)

				{

				echo $clicks_gen;

				}

				else

				{

		  echo $config["null_char"];

				}

           if(!isset($lavvxdg))

{ die();}        

				?>

                  /&nbsp; 

                  <? 

				if($display_gen)

				{

				echo $display_gen;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

              </tr>

              <?

			  }

            ?>

            </table></td>

        </tr>

        <tr> 

          <td valign="top">&nbsp;</td>

        </tr>

        <tr> 

          <td valign="top"><table width="80%" border="0" align="center" cellpadding="2" cellspacing="5">

              <tr> 

                <td height="25" colspan="7"  class="titlestyle"><div align="center"></div>

                  &nbsp;This Month: Clicks / Impressions Received</td>

              </tr>

              <?

				for($i=1;$i<=10;$i++)

				{

				$date1=date("Ym",time()).$i;

				$date2=date("Ym",time()).($i+10);

				$date3=date("Ym",time()).($i+20);

			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));

			$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));

			$display2=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date2"));

			$clicks2=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date2"));

			$display3=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date3"));

			$clicks3=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date3"));

				

                ?>

              <tr> 

                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 

                  <strong> <? echo $i;

				?> </strong> </font></td>

                <td width="17%" ><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 

                  <strong> <? echo $i+10;

				?> </strong> </font></td>

                <td width="17%" ><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks2||$display2)

				{

				if($clicks2)

				{

				echo $clicks2;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display2)

				{

				echo $display2;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 

                  <strong> <? echo $i+20;

				?> </strong> </font></td>

                <td ><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks3||$display3)

				{

				if($clicks3)

				{

				echo $clicks3;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display3)

				{

				echo $display3;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

              </tr>

              <?

			  

			  }

            ?>

              <tr> 

                <td width="17%"  align="right" class="yescolor">&nbsp;</td>

                <td width="17%" >&nbsp;</td>

                <td width="17%"  align="right" class="yescolor">&nbsp;</td>

                <td width="17%" >&nbsp;</td>

                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 

                  <strong> 31</strong></font></td>

                <td > 

                  <?

			$date1=date("Ym",time())."31";

			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and campaign_id=$campaign_id and  DATE_FORMAT(ondate,'%Y%m%e')=$date1"));

			$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and campaign_id=$campaign_id and  DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
 

				?>

                  <font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

              </tr>

            </table></td>

        </tr>

        <tr> 

          <td valign="top">&nbsp;</td>

        </tr>

        <tr> 

          <td valign="top"><table width="80%" border="0" align="center" cellpadding="2" cellspacing="5">

              <tr> 

                <td height="25" colspan="7"  class="titlestyle"><div align="center"></div>

                  &nbsp;This Month: Clicks / Impressions Generated</td>

              </tr>

              <?

				for($i=1;$i<=10;$i++)

				{

				$date1=date("Ym",time()).$i;

				$date2=date("Ym",time()).($i+10);

				$date3=date("Ym",time()).($i+20);

			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));

			$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));

			$display2=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id  and  DATE_FORMAT(ondate,'%Y%m%e')=$date2"));

			$clicks2=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id  and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date2"));

			$display3=mysql_num_rows(mysql_query("select * from sbbanners_displays_generated where adv_id=$id and campaign_id=$campaign_id  and DATE_FORMAT(ondate,'%Y%m%e')=$date3"));

			$clicks3=mysql_num_rows(mysql_query("select * from sbbanners_clicks_generated where adv_id=$id  and campaign_id=$campaign_id and DATE_FORMAT(ondate,'%Y%m%e')=$date3"));

				

                ?>

              <tr> 

                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 

                  <strong> <? echo $i;

				?> </strong> </font></td>

                <td width="17%" ><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 

                  <strong> <? echo $i+10;

				?> </strong> </font></td>

                <td width="17%" ><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks2||$display2)

				{

				if($clicks2)

				{

				echo $clicks2;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display2)

				{

				echo $display2;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 

                  <strong> <? echo $i+20;

				?> </strong> </font></td>

                <td ><font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks3||$display3)

				{

				if($clicks3)

				{

				echo $clicks3;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display3)

				{

				echo $display3;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

              </tr>

              <?

			  

			  }

            ?>

              <tr> 

                <td width="17%"  align="right" class="yescolor">&nbsp;</td>

                <td width="17%" >&nbsp;</td>

                <td width="17%"  align="right" class="yescolor">&nbsp;</td>

                <td width="17%" >&nbsp;</td>

                <td width="17%"  align="right" class="yescolor"><font size="2" face="Arial, Helvetica, sans-serif" > 

                  <strong> 31</strong></font></td>

                <td > 

                  <?

			$date1=date("Ym",time())."31";

			$display=mysql_num_rows(mysql_query("select * from sbbanners_displays where adv_id=$id and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));

			$clicks=mysql_num_rows(mysql_query("select * from sbbanners_clicks where adv_id=$id and DATE_FORMAT(ondate,'%Y%m%e')=$date1"));
 

				?>

                  <font size="2" face="Arial, Helvetica, sans-serif"> 

                  <? 

				if($clicks||$display)

				{

				if($clicks)

				{

				echo $clicks;

				}

				else

				{

		  echo $config["null_char"];

				}

				?>

                  /&nbsp; 

                  <? 

				if($display)

				{

				echo $display;

				}

				else

				{

		  echo $config["null_char"];

				}

				}

				else

				{

		  echo $config["null_char"];

				}?>

                  </font></td>

              </tr>

            </table></td>

        </tr>

        <tr> 

          <td valign="top">&nbsp;</td>

        </tr>

        <tr> 

          <td valign="top"><table width="100%" border="0" align="center" cellpadding="2" cellspacing="0">

              <tr> 

                <td width="53%">&nbsp;</td>

                <td width="47%">&nbsp;</td>

              </tr>

              <tr align="center" > 

                <td colspan="2">&nbsp; </td>

              </tr>

            </table></td>

        </tr>

      </table></td>

  </tr>

  <tr> 

    <td width="154" align="right" valign="top">&nbsp; </td>

    <td valign="top"><br> </td>

  </tr>

</table>

<?

}// end main

include_once "template.php";

?>

Open in new window

0
Comment
Question by:alicca
  • 9
  • 7
  • 7
25 Comments
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791551
In general you should not use any variables directly inside your queries. Use mysql_real_escape_string or intval or other functions to clear the variable.

For example in line 19 you would use:
$rs1 = mysql_fetch_array(mysql_query("SELECT *, DATE_FORMAT(startedon, '%D %b %Y') as t from sbbanners_campaigns where id=".intval($campaign_id)));

For strings you would use mysql_real_escape_string:

$query = 'SELECT * FROM users WHERE name="'.mysql_real_escape_string($myUserNameVariable).'"';

0
 
LVL 2

Author Comment

by:alicca
ID: 21791569
all SQL statement that have variable must use these 2 solution?
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791606
In general you can use mysql_real_escape_string everywhere. However when you are sure that the input should be a number, you can use the more restrictive intval or floatval functions to make sure what goes into your query is an actual number.
0
 
LVL 2

Author Comment

by:alicca
ID: 21791634
how to make this to  mysql_real_escape_string?
$rs_b=mysql_query ("select count(*) from sbbanners_ads where campaign_id=". $rs1["id"] );


does the $rs1["id"] lead to injection?
0
 
LVL 29

Expert Comment

by:fibo
ID: 21791645
SQL injection occurs whenever some strange things are passed as presumed argument to a sql query.
See some examples at
http://en.wikipedia.org/wiki/SQL_injection
http://www.php.net/mysql_real_escape_string (examples with apostrophs)

The simplest way to remove the most frequent attacks is to check the incoming arguments, and more specifically that there is no ; or ' in these arguments.
As far as mysql_query is concerned, it is built so that any attack that would use the ; feature (as in one wikipedia example) is not possible.

Looking at queries php script such as
$rs1=mysql_fetch_array(mysql_query("select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id=$campaign_id"));
a - this should probably be written correctly as
$rs1=mysql_fetch_array(mysql_query("select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id='$campaign_id'"));
b - I would probably make that in 2 steps
$my_query="select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id='$campaign_id'";
$rs1=mysql_fetch_array(mysql_query($my_query));
c - which I would rewrite
$my_arg= (get_magic_quotes_gpc()) ? stripslahes($campaign_id) : $campaign_id; //sanitize apostrophs
$my_query="select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id='$my_arg'";
$rs1=mysql_fetch_array(mysql_query($my_query));


0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791660
$rs1['id'] can lead to sql injection if it's value is a malformed sql.

$rs_b=mysql_query ("select count(*) from sbbanners_ads where campaign_id=". mysql_real_escape_string($rs1["id"]) );
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791671
@fibo.
stripslashes() is not a correct way of escaping your data in regard to sql injection. It is a valid way around magic quotes but that's all it is.
0
 
LVL 29

Expert Comment

by:fibo
ID: 21791672
Note your current line 13
$camapign_id=0;
which is probably a typo (but maybe the program works because of that?)
0
 
LVL 2

Author Comment

by:alicca
ID: 21791681
what is the correct way?>
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21791690
The correct way of escaping data towards mysql queries is mysql_real_escape_strings().
0
 
LVL 2

Author Comment

by:alicca
ID: 21791698
ok let me try
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 29

Expert Comment

by:fibo
ID: 21791699
Roonan,
oops... forgot the additional line; YOU ARE RIGHT
$my_arg= (get_magic_quotes_gpc()) ? stripslahes($campaign_id) : $campaign_id; //get a clean state
$my_arg=mysql_real_escape_string($my_arg);//sanitize apostrophs
$my_query="select *,DATE_FORMAT(startedon,'%D %b,%Y') as t from sbbanners_campaigns where id='$my_arg'";
$rs1=mysql_fetch_array(mysql_query($my_query));
0
 
LVL 29

Expert Comment

by:fibo
ID: 21791729
Roonaan, thx, but I would suggest a point split, because of... more to come
0
 
LVL 29

Expert Comment

by:fibo
ID: 21791800
Alicca:
looking at your code it seems that all of your queries (but you have to checl!) are relying on $id and / or $campaign_id, in some cases thru $rs1 (there is also icon_list).

It seems that $campaign_id is numeric
I would probably replace your lines 13 to 17 by the following code:
$campaign_id = 0+ @intval(@$_REQUEST["id"]);

You might check / sanitize $rs1['id'] just after line 19
----
and just to be clear: since the program is using data from $_REQUEST, that means that calling this page with an url such as
xxx.php?id=999
would put 999 in your $_REQUEST['id'] where you would use it in $campaign_id
0
 
LVL 29

Expert Comment

by:fibo
ID: 21791803
Alicca,
Thx for the point

Roonan, thx for being so elegant!
0
 
LVL 2

Author Comment

by:alicca
ID: 21791886
ok please re-open this question i will split point
0
 
LVL 2

Author Comment

by:alicca
ID: 21791995
after line 160 all repeatly using

$campaign_id  and $id

does it metter if i not change it?
or any quick solution?
0
 
LVL 29

Assisted Solution

by:fibo
fibo earned 200 total points
ID: 21792022
The idea would be to somehow check/ fix values for $campaign_id and $id at the beginning of your code.
thereafter, you would need no change to your code for these

and to define a new variable, eg $rs1_id, which would host the cleaned value of $rs1['id'], and you would replace in your code all references  to $rs1['id'] or $rs1["id"] by $rs1_id
0
 
LVL 49

Accepted Solution

by:
Roonaan earned 300 total points
ID: 21792063
You would be able to do something like this at the top and assume you are safe on using both further on.

$campaign_id = intval($campaign_id);
$id = intval($id);
0
 
LVL 2

Author Comment

by:alicca
ID: 21792199
which line should i put  Roonaan?
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 21792227
You could put it just before line 18 I think would be best.
0
 
LVL 2

Author Comment

by:alicca
ID: 21792499
thanks its work
0
 
LVL 2

Author Closing Comment

by:alicca
ID: 31467487
Cool
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn the basics of lists in Python. Lists, as their name suggests, are a means for ordering and storing values. : Lists are declared using brackets; for example: t = [1, 2, 3]: Lists may contain a mix of data types; for example: t = ['string', 1, T…
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now