Solved

MYSQL Error

Posted on 2011-09-14
11
343 Views
Last Modified: 2012-05-12
We are getting the error message below in an e-mail program script when trying to upload names with an ' in them, like St. John's or O'Reilly.

There is a flaw in the script anyone have any ideas? I

Query Error: SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '3' AND mailmachine_subscribers.email = 'St. John's University - NY'
ErrorNumber: 1064
Error Description: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's University - NY'' at line 1
ession_start();


//If wrapper if this function is called from a PHP4.x machine
if(!function_exists('file_get_contents')) 
{
   /**
   * Method does what the PHP5 function of the same name performs
   *
   * @access public
   * @var $file string the full path of the file you wish to open
   * @return string
   */
   function file_get_contents($file) 
   {
	   return implode('', file($file));
   }
}// end if wrapper

//If wrapper if this function is called from a PHP4.x machine 
if(!function_exists('file_put_contents'))
{
	/**
	* Method does what the PHP5 function of the same name performs
	*
	* @access public
	* @var $filename string The name of the file you want to save
	* @var $data string the stream of data you want to save to the file.
	* @var $file_append boolean Wiether or not to append or overwrite
	* @return VOID
	*/
	function file_put_contents($filename, $data, $file_append = false) 
	{
		$fp = fopen($filename, (!$file_append ? 'w+' : 'a+'));
			if(!$fp)
			{	trigger_error('file_put_contents cannot write in file.', E_USER_ERROR);
				return;
			}
		fputs($fp, $data);
		fclose($fp);
	}
}//End If wrapper

if(!defined("_cimport_"))
{
	define("_cimport_",TRUE);	
	require "cquery.php";	
	require "cmlistbaseform.php";
	require "cbatchmailer.php";
	require "cwebcombo.php";
	class cimport extends cmlistbaseform
	{
		/**
		* Constructor! 
		* Sets usage aguments for the parent and
		* makes sure the parent contstructor has
		* fired.
		*
		* @return VOID
		*/
		function cimport()
		{	
			$_REQUEST['enabled']		='Y';
			$this->secure				= true;
			if ( isset($_REQUEST['STEP']) )
			{
				$this->pagination		= true;
			} else {
				$this->pagination		= false;
			}
			$this->listRequired			= true;
			
			$this->onlyAdmin			= false;
			$this->conf					= new cconfig();
			$this->dataPath				= $this->conf->m_base_path . '/data';

			if (isset ($_REQUEST['go']))
			{
			$error=false;
			if ($_REQUEST['go'] == 'list')
				{
					if (!is_numeric($_REQUEST['list_id']))
						$error = true;

					if ($error)
					{
						header("Location: cmessage.php?msg=Wrong%20Parameter%20in%20cmainpage.php");
						exit;
					}

					setcookie("curr_list_id", $_REQUEST['list_id'], 0, "/");
					$_REQUEST['curr_list_id'] = $_REQUEST['list_id'];
					$query=new cquery();
					$query->set_query_sql("select name from mailmachine_mailing_lists where list_id=" . $_REQUEST['list_id']);
					$query->run_query();
					$row = $query->get_next_row();
					setcookie("curr_list_name", $row[0], 0, "/");
					$_REQUEST['curr_list_name'] = $row[0];
					$query->end_query();
					
				}				
			}
			$lists = new cwebcombo("lists", "select m.list_id, m.name from mailmachine_mailing_lists m, mailmachine_permissions p WHERE m.list_id=p.list_id AND p.user_id='".$_SESSION['username']."'", "list_id", "name");
			$lists->add_item('NONE SELECTED', '-2');
			$lists->set_itemindex($_REQUEST['curr_list_id']);
			parent :: cmlistbaseform();
			$this->m_template->register_variables("IMPORTFORM", array(
				"LIST_OPTIONS" => $lists->show()));
			$this->currentlist			= $_REQUEST['curr_list_id'];	
		}
		
		/**
		* Default generic named request handler
		*
		* Method decides what place the system user is at in
		* in the import process and depending on the var 'step'
		* displays the correct GUI or processes the prepared and
		* validated data.
		*
		* @ return mixed
		*/ 
		function processRequest()
		{
			@$place	= $_REQUEST['STEP'];
			if ( $place == '' || !isset($place) )
			{
				$this->setCaption("<a href=\"cmainpage.php\">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_DATA}");
				$this->m_template->register_file("IMPORTFORM", "wizard_import.tpl");
				$this->m_template->register_variables("BODY", array("FORM"=> $this->m_template->parse("IMPORTFORM")));
			} else {
				switch ($place)
				{
					case '0':
						$this->setCaption('<a href="cmainpage.php">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_VALIDATE}');
						if ( $_REQUEST['importType'] == 'txt' )
						{
							$this->m_template->register_file("VALIDATEDATA","wizard_import_0.tpl");
							$result = $this->_validateTxt($_REQUEST['0']);
							if ( isset($result['ERROR']) )
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>$result['ERROR'],'DATA'=>''));
							} else {
								$this->m_template->register_file("TABLE","wizard_import_table_0.tpl");
								$this->m_template->register_file("ROWOK", "wizard_import_row_0.tpl");
								$this->m_template->register_file("ROWERR001", "wizard_import_row_0_error-001.tpl");
								$this->m_template->register_file("ROWERR002", "wizard_import_row_0_error-002.tpl");
								$this->m_template->register_file("ROWERR003", "wizard_import_row_0_error-003.tpl");
								$this->m_template->register_file("ROWERR004", "wizard_import_row_0_error-004.tpl");
								$this->m_template->register_file("ROWERR005", "wizard_import_row_0_error-005.tpl");

								$rows = '<!-- Rows -->';
								foreach ( $result as $row )
								{
									if ( $row['VALID'] == '001' )
									{
										$this->m_template->register_variables("ROWERR001", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR001");
										$this->m_template->reinit("ROWERR001");
									} elseif ( $row['VALID'] == '002' ){
										$this->m_template->register_variables("ROWERR002", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR002");
										$this->m_template->reinit("ROWERR002");
									}
									elseif ( $row['VALID'] == '003' ){
										$this->m_template->register_variables("ROWERR003", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR003");
										$this->m_template->reinit("ROWERR003");
									}
									elseif ( $row['VALID'] == '004' ){
										$this->m_template->register_variables("ROWERR004", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR004");
										$this->m_template->reinit("ROWERR004");
									}
									elseif ( $row['VALID'] == '005' ){
										$this->m_template->register_variables("ROWERR005", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR005");
										$this->m_template->reinit("ROWERR005");
									} else {
                                                                                if (get_magic_quotes_gpc()){
                                                                                    $row['VALUE'] = stripslashes($row['VALUE']); 
                                                                                }
										$this->m_template->register_variables("ROWOK", array('VALUE'=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWOK");
										$this->m_template->reinit("ROWOK");
									}
								}
								$this->m_template->register_variables("TABLE", array('ROWS'=>$rows));
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'','DATA'=>$this->m_template->parse("TABLE")));
								$_SESSION['IMPORT'] = $result;
								if (isset($_REQUEST['optintxt']) && $_REQUEST['optintxt']=='on')
								{
									$_SESSION['optin']='Y';
								}
								if (isset($_REQUEST['resend']) && $_REQUEST['resend']=='on')
								{
									$_SESSION['resend']='Y';
								}
								$_SESSION['offset']=$_REQUEST['offsettxt'];
							}
						} elseif ( $_REQUEST['importType'] == 'csv' ){
							$this->m_template->register_file("VALIDATEDATA","wizard_import_1.tpl");
							$this->m_template->register_file("CUSTOM","wizard_import_1_custom.tpl");
							$this->m_template->register_file("TABLE", "wizard_import_table_1.tpl");
							$this->m_template->register_file("ROWS", "wizard_import_row_1.tpl");
							$this->m_template->register_file("ROWSE", "wizard_import_row_1_errors.tpl");
							$this->m_template->register_file("ROWSETABLE", "wizard_import_row_1_errtable.tpl");
							$this->m_template->register_file("ROWSERROWS", "wizard_import_row_1_errows.tpl");
							$path = $this->_storeData();
							if ( !$path )
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'Fatal Error: Uploaded file not found.','DATA'=>''));
							} else {
								$deli = $_REQUEST['deli'] == 'comma' ? ',' : "\t";
								$result = $this->_validateCSV( $path, $deli );
								$rows = '';
								$errCount = 0;
								if(is_array($result))
								{
									foreach ( $result as $row )
									{
										if ( isset($row['ERROR']) )
										{
											$errCollection = $row['ERROR'];
											$errows = '';
												foreach ( $errCollection as $err )
												{
													$this->m_template->register_variables("ROWSERROWS", array('ERRMSG' => $err));
													$errows .= $this->m_template->parse("ROWSERROWS");
													$this->m_template->reinit("ROWSERROWS");
												}
											$this->m_template->register_variables("ROWSETABLE", array('ERROWS' => $errows));
											$errTable = $this->m_template->parse("ROWSETABLE");
											$this->m_template->reinit("ROWSETABLE");
											$this->m_template->register_variables("ROWSE",  array("EMAIL" 	=> $this->_checkArrayKey('0', $row),
																								 "PASSWORD"	=> $this->_checkArrayKey('1', $row),
																								 "FNAME"	=> $this->_checkArrayKey('2', $row),
																								 "LNAME"	=> $this->_checkArrayKey('3', $row),
																								 "ADD1"		=> $this->_checkArrayKey('4', $row),
																								 "ADD2"		=> $this->_checkArrayKey('5', $row),
																								 "CITY"		=> $this->_checkArrayKey('6', $row),
																								 "STATE"	=> $this->_checkArrayKey('7', $row),
																								 "ZIP"		=> $this->_checkArrayKey('8', $row),
																								 "CONT"		=> $this->_checkArrayKey('9', $row),
																								 "PHONE"	=> $this->_checkArrayKey('10', $row),
																								 "FAX"		=> $this->_checkArrayKey('11', $row),
																								 "CUSTOM1"	=> $this->_checkArrayKey('12', $row),
																								 "CUSTOM2"	=> $this->_checkArrayKey('13', $row),
																								 "CUSTOM3"	=> $this->_checkArrayKey('14', $row),
																								 "CUSTOM4"	=> $this->_checkArrayKey('15', $row),
																								 "CUSTOM5"	=> $this->_checkArrayKey('16', $row),
																								 "ERRNUM"	=> $errCount,
																								 "ERRCOLLECTION" => $errTable));
											$rows .= $this->m_template->parse("ROWSE");
											$this->m_template->reinit("ROWSE");
											$errCount++; 
										} else {
											$this->m_template->register_variables("ROWS",  array("EMAIL" 	=> $this->_checkArrayKey('0', $row),
																								 "PASSWORD"	=> $this->_checkArrayKey('1', $row),
																								 "FNAME"	=> $this->_checkArrayKey('2', $row),
																								 "LNAME"	=> $this->_checkArrayKey('3', $row),
																								 "ADD1"		=> $this->_checkArrayKey('4', $row),
																								 "ADD2"		=> $this->_checkArrayKey('5', $row),
																								 "CITY"		=> $this->_checkArrayKey('6', $row),
																								 "STATE"	=> $this->_checkArrayKey('7', $row),
																								 "ZIP"		=> $this->_checkArrayKey('8', $row),
																								 "CONT"		=> $this->_checkArrayKey('9', $row),
																								 "PHONE"	=> $this->_checkArrayKey('10', $row),
																								 "FAX"		=> $this->_checkArrayKey('11', $row),
																								 "CUSTOM1"	=> $this->_checkArrayKey('12', $row),
																								 "CUSTOM2"	=> $this->_checkArrayKey('13', $row),
																								 "CUSTOM3"	=> $this->_checkArrayKey('14', $row),
																								 "CUSTOM4"	=> $this->_checkArrayKey('15', $row),
																								 "CUSTOM5"	=> $this->_checkArrayKey('16', $row)));
											$rows .= $this->m_template->parse("ROWS");
											$this->m_template->reinit("ROWS");																							 							
										}
										//end else
									}
								}
								$customhtml="";
								$query= new cquery();
								for ($i=1;$i<=10;$i++)
								{
								$query->set_query_sql("SELECT cf.field_label FROM mailmachine_customfields cf, mailmachine_mailing_lists ml WHERE ml.list_id='".$_REQUEST['curr_list_id']."' AND ml.custom".$i."id=cf.field_id");
								$query->run_query();
								if ($query->num_of_rows()=="0")
								{
									$resultcustom=array("field_label" => "Empty");	
								}
								else
								{
									$resultcustom=$query->get_next_hash();
									$this->m_template->register_variables("CUSTOM", $resultcustom);
									$customhtml .= $this->m_template->parse("CUSTOM");
									$this->m_template->reinit("CUSTOM");
								}				
								}
								$this->m_template->register_variables("TABLE", array('ROWS'=>$rows,'CUSTOM_FIELDS'=>$customhtml));
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'','DATA'=>$this->m_template->parse("TABLE")));
								$this->_remData($path);
								$_SESSION['IMPORT'] = $result;
								if (isset($_REQUEST['optincsv']) && $_REQUEST['optincsv']=='on')
								{
									$_SESSION['optin']='Y';
								}
								if (isset($_REQUEST['resend']) && $_REQUEST['resend']=='on')
								{
									$_SESSION['resend']='Y';
								}
								$_SESSION['offset']=$_REQUEST['offsetcsv'];							
							}
						}
					break;
					// This case handles the actual import of data into the database.
					case '1':
					    $this->setCaption('<a href="cmainpage.php">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_COMPLETE}');
						$this->m_template->register_file("VALIDATEDATA","wizard_import_msg.tpl");
						if ( isset($_SESSION['IMPORT']) )
						{
							if ($_SESSION['IMPORT']=="imported")
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> 'Already imported this data!','DATA'=>''));	
							}
							else
							{
								if ((isset($_SESSION['resend']) && $_SESSION['resend']=='Y'))
								{
									$lastsendq = new cquery();
									$lastsendq->set_query_sql("SELECT * FROM mailmachine_newsletter WHERE msg_id=( SELECT MAX(msg_id) FROM mailmachine_newsletter WHERE list_id={$_REQUEST['list_id']});");
									$lastsendq->run_query();
									$lastsend = $lastsendq->get_next_hash();
									$msg_id = $lastsend['msg_id'];
									if ($lastsend['sent']=='Y')
									{
										$lastsendq->set_query_sql("INSERT INTO `mailmachine_newsletter` (`list_id`, `type`, `subject`, `date_sent`, `msg_text`, `msg_html`, `sent`, `scheduled`, `userid`) VALUES ('{$_REQUEST['list_id']}', '{$lastsend['type']}', '".addslashes($lastsend['subject'])."', NOW(), '".addslashes($lastsend['msg_text'])."', '".addslashes($lastsend['msg_html'])."', 'N', CURDATE(), '{$lastsend['userid']}');");
										$lastsendq->run_query();
										$msg_id++;
									}
									$lastsendq->end_query();				
								}
								else
								{
									$msg_id=0;
								}
								$importCount = 0;
								if ( $_REQUEST['importType'] == 'txt' ) 
								{
									foreach ( $_SESSION['IMPORT'] as $data )
									{
										if ( $data['VALID'] == 'ok' )
										{
											$record[] = $data['VALUE'];
										}
									}
									if (isset($record) && count($record) >0)
									{
										foreach ( $record as $in )
										{
											$this->_writeRecord($in,$msg_id);
											$importCount++;
										}
									}
								} 
								else 
								{
									foreach ( $_SESSION['IMPORT'] as $record )
									{
										if ( array_key_exists('ERROR', $record) )
										{
											unset($record);
										} 
										else 
										{
										$this->_writeRecord($record,$msg_id);
										$importCount++;
										}
									}
								}
								if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
								{
									$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> $importCount . ' list subscribers will be added to the mailing list, after they have confirmed their subscription.','DATA'=>''));	
								}
								else
								{
									$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> $importCount . ' list subscribers added to the mailing list.','DATA'=>''));
								}
								$_SESSION['IMPORT']="imported";
							}
						}
						else 
						{
							$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> 'Fatal Error: Could not locate user session.','DATA'=>''));
						}
					break;
				}
				$this->m_template->register_variables("BODY", array("FORM" => $this->m_template->parse("VALIDATEDATA")));
			}
		}
		/**
		* Method adds a single record to the database
		*
		* @access private
		* @var $record array the record to add to the database
		* @return boolean
		*/
		function _writeRecord ( $record ,$msg_id)
		{
			if ( is_array($record) )  
			{ 
				$kkk = $record;
			} else {  
				$vals = $record;  
				$kkk = $this->_dbSeed(',',$vals, 22);
			}	
			@list($email,$password,$firstname, $lastname, $address1, $address2, $city, $state,
				$zip ,$country, $phone, $fax, $custom1, $custom2, $custom3, $custom4, $custom5, $custom6, $custom7, $custom8, $custom9, $custom10, $signup_date) = 
				$kkk;
			if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
			{
				$_REQUEST['enabled']='N';
			}	
			//$this->m_sqlbuilder->setValue("email", $email);
                        if (!get_magic_quotes_gpc()){
                            $this->m_sqlbuilder->setValue("email", addslashes($email));
                        }
                        else {
                            $this->m_sqlbuilder->setValue("email", $email);
                        }
            $this->m_sqlbuilder->setValue("password", $password);
			$this->m_sqlbuilder->setValue("first_name", addslashes($firstname));
			$this->m_sqlbuilder->setValue("last_name", addslashes($lastname));
			$this->m_sqlbuilder->setValue("address1", addslashes($address1));
			$this->m_sqlbuilder->setValue("address2", addslashes($address2));
			$this->m_sqlbuilder->setValue("phone", addslashes($phone));
			$this->m_sqlbuilder->setValue("fax", addslashes($fax));
			$this->m_sqlbuilder->setValue("city", addslashes($city));
			$this->m_sqlbuilder->setValue("state", addslashes($state));			
			$this->m_sqlbuilder->setValue("zipcode", addslashes($zip));
			$this->m_sqlbuilder->setValue("country", addslashes($country));
			$this->m_sqlbuilder->setValue("signup_date",'now()',0);			
			$this->m_sqlbuilder->setValue("custom1", addslashes($custom1));
			$this->m_sqlbuilder->setValue("custom2", addslashes($custom2));
			$this->m_sqlbuilder->setValue("custom3", addslashes($custom3));
			$this->m_sqlbuilder->setValue("custom4", addslashes($custom4));
			$this->m_sqlbuilder->setValue("custom5", addslashes($custom5));
			$this->m_sqlbuilder->setValue("custom6", addslashes($custom6));
			$this->m_sqlbuilder->setValue("custom7", addslashes($custom7));
			$this->m_sqlbuilder->setValue("custom8", addslashes($custom8));
			$this->m_sqlbuilder->setValue("custom9", addslashes($custom9));
			$this->m_sqlbuilder->setValue("custom10", addslashes($custom10));
			$this->m_sqlbuilder->setValue("signup_method","Admin import");
			$this->m_sqlbuilder->setValue("signup_ip","Admin");
			$this->m_sqlbuilder->setValue("bounce_count", 0);
			$this->m_sqlbuilder->setValue("offset", $_SESSION['offset']);
			$this->m_sqlbuilder->setValue("date_reinvited", "N/A");
			$this->m_sqlbuilder->setValue("number_reinvited", 0);
			$this->m_sqlbuilder->setValue("receive_latest", 0);
			
			if (isset($_SESSION['receive_latest']) && $_SESSION['receive_latest']==1){
					$this->m_sqlbuilder->setValue("receive_latest", 1);					
				}
			$sql = $this->m_sqlbuilder->getinsertquery("mailmachine_subscribers");	
			$this->m_database->execute_query($sql);
			$insert_id = $this->m_database->get_last_id();
			if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
			{
				$mailer = new cbatchmailer();
				$this->opt_in = $mailer->send_optin_mail($insert_id);	
			}else{
				if (isset($_SESSION['receive_latest']) && $_SESSION['receive_latest']==1){
					$mailer = new cbatchmailer();
					$this->lastest = $mailer->send_lastest_mail($email, $this->getListId());					
				}
				if ((isset($_SESSION['resend']) && $_SESSION['resend']=='Y'))
				{
					$insertq = new cquery();
					$insertq->set_query_sql("INSERT INTO mailmachine_sub_msgs (sub_id,msg_id,msg_sent) VALUES ($insert_id,$msg_id,'N')");
					$insertq->run_query();
					$insertq->end_query();				
				}
			}
			return true;				
		}
		/** strips out the values of an array and puts it into a csv string
		*
		* @access private
		* @var $record array
		* @return string
		*/
		function _valString ( $record )
		{
			$s = '';
			foreach ( $record as $r )
			{
				$s .= $r . ',';
			}
			$s=rtrim($s, ',');
			return $s;
		}
		/**
		* Method merges a single record row array into an array for import into the database
		*
		* @access private
		* @var $sep string the delimiter
		* @var $array array the source array
		* @var $number_values interger the number of fields to format to
		* @var $pad string
		* @return array
		*/
		function _dbSeed($sep, $array, $number_values, $pad = '') 
		{ 
			return array_pad(explode($sep, $array, $number_values), $number_values, $pad); 
		}
		/**
		* Takes an array and if array key exists returns key value. 
		* If there is no such key in the array returns key value as null.
		*
		* @access private
		* @var $arrKey string
		* @var $arrRow array
		* @return mixed
		**/
		function _checkArrayKey($arrKey, $arrRow)
		{
		$arrVal = '';
		if (is_array($arrRow) || is_object($arrRow))
		{	
		if(array_key_exists($arrKey,$arrRow))
			{
				$arrVal = $arrRow[$arrKey];
			} 
		else 
			{
				$arrVal = NULL;
			}
		}
		else 
		{
			$arrVal = NULL;
		}
		return $arrVal;
		}
		/**
		* Stores an uploaded file in the data directory.
		* will return either the full path to the file stored or false.
		*
		* @access private
		* @return mixed
		*/
		function _storeData()
		{
			
			if(isset($_FILES["1"]["error"]))
			{
				if ($_FILES['1']['error'] == 0) 
				{
					move_uploaded_file($_FILES["1"]["tmp_name"], $this->dataPath . '/' . $_FILES["1"]["name"]);
					return $this->dataPath . '/' . $_FILES["1"]["name"];
				} else {
					return false;
				}
			}
		}
		/**
		* deletes a csv file from the server once the import is done.
		*
		* @acess private
		* @return VOID
		*/
		function _remData( $path )
		{
			unlink ( $path );
		}
		/**
		* Parses and pre-validates a CSV file to match the database schama
		* will return errors for any row that does conform with the db schema
		*
		* @access private
		* @var $file string Full path to the file
		* @return array
		*/
		function _validateCSV( $file, $delimiter = ',' )
		{
			$data = $this->_arrayFromCSV( $file, false, $delimiter );
			$dCount = count($data) -1;
			$emailArray = $this->_checkArrayForDuplicates ($data);
			if ( $dCount < 0 )
			{
				return array('ERROR' => '011');
			} else {
				
				for ( $i=0; $i<=$dCount; $i++ )
				{
					if(isset($emailArray[$i]))
					{
						$result[] = $this->_validateCSVRow($data[$i]);
					}
				}
			}
			return $result;
		}
		/**
		* Checks for duplicate email addresses, unsets everything but the first match
		*/
		function _checkArrayForDuplicates ($row)
		{
			$count = count($row) -1;
			for($i =0; $i<=$count; $i++ )
			{
			  $emailArray[$i] = strtolower($row[$i][0]);
			}
			$row = array_unique($emailArray);
			return $row;
		}
		function _checkTxtArrayForDuplicates ($row)
		{
			$count = count($row) -1;
			for($i =0; $i<=$count; $i++ )
			{
			  $emailArray[$i] = strtolower($row[$i]);
			}
			$row = array_values(array_unique($emailArray));
			return $row;
		}
		/**
		* Checks the contents of a CSV file row to make sure the required fields are filled in
		*
		* @access private
		* @var $rowArray array
		* @return array
		*/
		function _validateCSVRow ( $rowArray )
		{
			$errCount = 0;
			$iCount = count($rowArray);
			if ( $iCount <> 22 )
			{
				$rowArray=array_pad($rowArray, 22, '');
			}
			if ( empty($rowArray[0]) || !$this->validate($rowArray[0],'email') )
			{
				$rowArray['ERROR'][$errCount] = 'Email Address is missing or not valid';
				$errCount++;
			}
			if ( !$this->_ckdb4addy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address already exists for this mailing list';
				$errCount++;
			}
			if ( !$this->_ckdb4bannedaddy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address has been banned';
				$errCount++;
			}
			if ( !$this->_ckdb4banneddomaddy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address belongs to a banned domain';
				$errCount++;
			}
			if (isset($_REQUEST['check_unsubcsv']) && $_REQUEST['check_unsubcsv']=="on")
			{
				if ( !$this->_ckdb4unsubaddy($rowArray[0]) )
				{	
					$rowArray['ERROR'][$errCount] = 'Email address previously unsubscribed';
					$errCount++;
				}
			}
			
			/*
			if ( empty($rowArray[1]) || !$this->validate($rowArray[1],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Password is not set';
				$errCount++;
			}
			if ( empty($rowArray[2]) || !$this->validate($rowArray[3],"alpha") )
			{
				$rowArray['ERROR'][$errCount] = 'First Name is not set or invalid';
				$errCount++;
			}
			if ( empty($rowArray[3]) || !$this->validate($$rowArray[3],"alpha") )
			{
				$rowArray['ERROR'][$errCount] = 'Last Name is not set or invalid';
				$errCount++;
			}
			if ( empty($rowArray[4]) || !$this->validate($rowArray[4],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'First (1st) address field is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[6]) || !$this->validate($rowArray[6],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'City is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[7]) || !$this->validate($rowArray[7],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'State is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[7]) || !$this->validate($rowArray[7],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Zipcode is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[8]) || !$this->validate($rowArray[8],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Country is missing or not valid';
			}
			*/
			return $rowArray;	
		}
		/**
		* Quick helper function that reads a csv file into an array
		*
		* @access private
		* @var $data string Path to the file
		* @var $hasFieldName boolean
		* @var $delimiter string
		* @var $enclosure
		* @return array
		*/
		function _arrayFromCSV($file, $hasFieldNames = false, $delimiter = ',')
		{
			$result = Array();
		   	$size = filesize($file) +1;
			$file = fopen($file, 'r');
		   	if ($hasFieldNames) $keys = fgetcsv($file, $size, $delimiter);
		   	while ( $row = fgetcsv($file, $size, $delimiter) ) 
			{
				$n = count($row); $res=array();
				for($i = 0; $i < $n; $i++) 
				{
					$idx = ($hasFieldNames) ? $keys[$i] : $i;
					$res[$idx] = $row[$i];
				}
				$result[] = $res;
			}
			fclose($file);
			return $result;
		 }		
		/**
		* Parses and pre-validates a text blob import
		*
		* @var source string
		* @return array
		*/
		function _validateTxt ( $dataString )
		{
			@$inArr = $this->_cleanString($dataString);
			if ( $inArr === false )
			{
				/**
				* @TODO Elegant error handling.
				*/
				echo 'Imported text does not meet the requirements. While parsing no commas, line breaks or carrage returns where found.'; 
				exit(1);
			} else {
				$inArr=$this->_checkTxtArrayForDuplicates($inArr);
				$inCount = count($inArr) - 1;
				if ( $inCount == 0 && $inArr[0]=="")
				{
					$outArr = array('ERROR'=> 'Imported text is not valid, zero (0) rows to import');
				} else {
					for ( $i=0; $i<=$inCount; $i++ )
					{
						if ( is_string($inArr[$i]) )
						{
							if ( !$this->validate($inArr[$i],'email') )
							{
								$v = '001';
							} 
							elseif ( !$this->_ckdb4addy($inArr[$i]) )
							{
								$v = '002';
							}
							elseif ( !$this->_ckdb4bannedaddy($inArr[$i]) )
							{
								$v='003';
							}
							elseif ( !$this->_ckdb4banneddomaddy($inArr[$i]) )
							{
								$v='004';
							}
							elseif (isset($_REQUEST['check_unsubtxt']) && $_REQUEST['check_unsubtxt']=="on")
							{
								if ( !$this->_ckdb4unsubaddy($inArr[$i]) )
								{	
									$v='005';
								}
								else
								{
									$v = 'ok';	
								}
							}
							else 
							{
								$v = 'ok';
							}
							$outArr[] = array('VALID'=>$v, 'VALUE'=>$inArr[$i]);
						}
					}
				}
				return $outArr;
			}
		}
		/**
		* Helper function that makes windows csv files work nice on *nix and php
		*
		* @access private
		* @var $file string
		* @return void
		*/
		function _win2unix ( $file ) 
		{
       		$fp 	= fopen($file,'r');
       		$fptmp 	= fopen($file.'_tmp','w');
       		while( !feof($fp) )
			{
               $line 	= chop(fgets($fp,4096));
               $ret 	= ereg_replace(chr(13) . chr(10),"\n",$line);
               $ret 	= ereg_replace(chr(13),"\n",$ret);
               fwrite($fptmp,$ret);
       		}
       		fclose($fp);
       		fclose($fptmp);
      		unlink($file);
       		copy($file.'_tmp', $file);
       		unlink($file.'_tmp');
		}
		/**
		* Helper method that searches across the database to see if an
		* email address already exists for a mailing list
		*
		* @access private
		* @var @addy string
		* @return boolean
		*/
		function _ckdb4addy( $addy )
		{
                        //$addy = addslashes($addy);
                        if (!get_magic_quotes_gpc()) {
                            $addy = addslashes($addy);    
                        }
                        else {
                            $addy = $addy; 
                        }
			$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '$this->currentlist'";
			$sql .=" AND mailmachine_subscribers.email = '$addy' ";
			$query = new cquery();			
			$query->set_query_sql($sql);			
			$query->run_query();
			$qCount = $query->num_of_rows();
			if ( $qCount >= 1 )
			{
				return false;
			} else {
				return true;
			}
		}
		function _ckdb4bannedaddy( $addy )
		{
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
                                }
                                else {
                                    $addy = $addy;
                                }
				$query =new cquery();
				$sql = "select * from mailmachine_banned_emails where ban_item='".$addy ."' and ban_type ='E'";
				$query->set_query_sql($sql);				
				$query->run_query();

				if ($query->num_of_rows()>=1)
				{								 
					return false;
				}
				else
				{
					return true;
				}			
		}
		
		function _ckdb4banneddomaddy( $addy )
		{
				$domain=explode("@",$addy);
				$query =new cquery();
				if (count($domain)=="2")
				{
					$sql = "select * from mailmachine_banned_emails where ban_item= '".$domain[1] ."' and ban_type ='D'";
					$query->set_query_sql($sql);				
					$query->run_query();
					if ($query->num_of_rows()>=1)
					{								 
							return false;
					}
					else
					{
						return true;
					}
				}
				else
				{
					return true;
				}			
		}
		function _ckdb4unsubaddy( $addy )
		{
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
                                }
                                else {
                                    $addy = $addy;
                                }
				$query =new cquery();
				$sql = "select * from mailmachine_unsubscribers where email='".$addy ."' and list_id = '$this->currentlist'";
				$query->set_query_sql($sql);				
				$query->run_query();

				if ($query->num_of_rows()>=1)
				{								 
					return false;
				}
				else
				{
					return true;
				}			
		}
		
		/** 
		* Helper method that replaces line endings with commas
		*
		* @access private
		* @var $dataString string
		* @return array
		*/
		function _cleanString( $dataString )
		{
			$search 	= array("'([\r\n])[\s]+'");
			$replace	= array(",");
			$text 		= preg_replace($search, $replace, $dataString);
			$cleanStr	= preg_replace('/\s\s+/', ' ', $text);
			$outArray	= explode(',', $cleanStr);
			$this->_cleanEmptyNodes($outArray);
			sort($outArray);
			return $outArray;
		}
		/**
		* Helper method that finds empty nodes of an array and deletes them
		*
		* @access private
		* @var $blank string The value to search for to unset
		* @var $input array The array to search
		* @return array
		*/
		function _cleanEmptyNodes ( $blank = '', &$input )
		{
			while(($search = array_search($blank,$input)) > -1) 
			unset($input[$search]);
		}			
	}
}
$page = new cimport();
$page->processRequest();
$page->show();

?>

Open in new window

0
Comment
Question by:cuttone
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 82

Expert Comment

by:hielo
Comment Utility
on the following:
$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '$this->currentlist'";

you need to escape the value of the variable you are using to construct the query:
$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '" . addslashes($this->currentlist) . "'";

The same goes for the other queries.  Below is a modified version of your function where I added the escaped value to some variable and used that  variable in the query instead.  You'll need to apply the same method/rationale to the other queries.
function _ckdb4addy( $addy )
		{
                        //$addy = addslashes($addy);
                        if (!get_magic_quotes_gpc()) {
                            $addy = addslashes($addy);
			$currentList=$this->currentlist;
                        }
                        else {
                            $addy = $addy; 
                        }
			$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '$currentlist'";
			$sql .=" AND mailmachine_subscribers.email = '$addy' ";
			$query = new cquery();			
			$query->set_query_sql($sql);			
			$query->run_query();
			$qCount = $query->num_of_rows();
			if ( $qCount >= 1 )
			{
				return false;
			} else {
				return true;
			}
		}

Open in new window

0
 
LVL 82

Expert Comment

by:hielo
Comment Utility
forgot to actually add the "addslashes()" part in the the function. Try the attached code:
<?php
session_start();


//If wrapper if this function is called from a PHP4.x machine
if(!function_exists('file_get_contents')) 
{
   /**
   * Method does what the PHP5 function of the same name performs
   *
   * @access public
   * @var $file string the full path of the file you wish to open
   * @return string
   */
   function file_get_contents($file) 
   {
	   return implode('', file($file));
   }
}// end if wrapper

//If wrapper if this function is called from a PHP4.x machine 
if(!function_exists('file_put_contents'))
{
	/**
	* Method does what the PHP5 function of the same name performs
	*
	* @access public
	* @var $filename string The name of the file you want to save
	* @var $data string the stream of data you want to save to the file.
	* @var $file_append boolean Wiether or not to append or overwrite
	* @return VOID
	*/
	function file_put_contents($filename, $data, $file_append = false) 
	{
		$fp = fopen($filename, (!$file_append ? 'w+' : 'a+'));
			if(!$fp)
			{	trigger_error('file_put_contents cannot write in file.', E_USER_ERROR);
				return;
			}
		fputs($fp, $data);
		fclose($fp);
	}
}//End If wrapper

if(!defined("_cimport_"))
{
	define("_cimport_",TRUE);	
	require "cquery.php";	
	require "cmlistbaseform.php";
	require "cbatchmailer.php";
	require "cwebcombo.php";
	class cimport extends cmlistbaseform
	{
		/**
		* Constructor! 
		* Sets usage aguments for the parent and
		* makes sure the parent contstructor has
		* fired.
		*
		* @return VOID
		*/
		function cimport()
		{	
			$_REQUEST['enabled']		='Y';
			$this->secure				= true;
			if ( isset($_REQUEST['STEP']) )
			{
				$this->pagination		= true;
			} else {
				$this->pagination		= false;
			}
			$this->listRequired			= true;
			
			$this->onlyAdmin			= false;
			$this->conf					= new cconfig();
			$this->dataPath				= $this->conf->m_base_path . '/data';

			if (isset ($_REQUEST['go']))
			{
			$error=false;
			if ($_REQUEST['go'] == 'list')
				{
					if (!is_numeric($_REQUEST['list_id']))
						$error = true;

					if ($error)
					{
						header("Location: cmessage.php?msg=Wrong%20Parameter%20in%20cmainpage.php");
						exit;
					}

					setcookie("curr_list_id", $_REQUEST['list_id'], 0, "/");
					$_REQUEST['curr_list_id'] = $_REQUEST['list_id'];
					$query=new cquery();
					$query->set_query_sql("select name from mailmachine_mailing_lists where list_id=" . $_REQUEST['list_id']);
					$query->run_query();
					$row = $query->get_next_row();
					setcookie("curr_list_name", $row[0], 0, "/");
					$_REQUEST['curr_list_name'] = $row[0];
					$query->end_query();
					
				}				
			}
			$lists = new cwebcombo("lists", "select m.list_id, m.name from mailmachine_mailing_lists m, mailmachine_permissions p WHERE m.list_id=p.list_id AND p.user_id='".$_SESSION['username']."'", "list_id", "name");
			$lists->add_item('NONE SELECTED', '-2');
			$lists->set_itemindex($_REQUEST['curr_list_id']);
			parent :: cmlistbaseform();
			$this->m_template->register_variables("IMPORTFORM", array(
				"LIST_OPTIONS" => $lists->show()));
			$this->currentlist			= $_REQUEST['curr_list_id'];	
		}
		
		/**
		* Default generic named request handler
		*
		* Method decides what place the system user is at in
		* in the import process and depending on the var 'step'
		* displays the correct GUI or processes the prepared and
		* validated data.
		*
		* @ return mixed
		*/ 
		function processRequest()
		{
			@$place	= $_REQUEST['STEP'];
			if ( $place == '' || !isset($place) )
			{
				$this->setCaption("<a href=\"cmainpage.php\">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_DATA}");
				$this->m_template->register_file("IMPORTFORM", "wizard_import.tpl");
				$this->m_template->register_variables("BODY", array("FORM"=> $this->m_template->parse("IMPORTFORM")));
			} else {
				switch ($place)
				{
					case '0':
						$this->setCaption('<a href="cmainpage.php">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_VALIDATE}');
						if ( $_REQUEST['importType'] == 'txt' )
						{
							$this->m_template->register_file("VALIDATEDATA","wizard_import_0.tpl");
							$result = $this->_validateTxt($_REQUEST['0']);
							if ( isset($result['ERROR']) )
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>$result['ERROR'],'DATA'=>''));
							} else {
								$this->m_template->register_file("TABLE","wizard_import_table_0.tpl");
								$this->m_template->register_file("ROWOK", "wizard_import_row_0.tpl");
								$this->m_template->register_file("ROWERR001", "wizard_import_row_0_error-001.tpl");
								$this->m_template->register_file("ROWERR002", "wizard_import_row_0_error-002.tpl");
								$this->m_template->register_file("ROWERR003", "wizard_import_row_0_error-003.tpl");
								$this->m_template->register_file("ROWERR004", "wizard_import_row_0_error-004.tpl");
								$this->m_template->register_file("ROWERR005", "wizard_import_row_0_error-005.tpl");

								$rows = '<!-- Rows -->';
								foreach ( $result as $row )
								{
									if ( $row['VALID'] == '001' )
									{
										$this->m_template->register_variables("ROWERR001", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR001");
										$this->m_template->reinit("ROWERR001");
									} elseif ( $row['VALID'] == '002' ){
										$this->m_template->register_variables("ROWERR002", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR002");
										$this->m_template->reinit("ROWERR002");
									}
									elseif ( $row['VALID'] == '003' ){
										$this->m_template->register_variables("ROWERR003", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR003");
										$this->m_template->reinit("ROWERR003");
									}
									elseif ( $row['VALID'] == '004' ){
										$this->m_template->register_variables("ROWERR004", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR004");
										$this->m_template->reinit("ROWERR004");
									}
									elseif ( $row['VALID'] == '005' ){
										$this->m_template->register_variables("ROWERR005", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR005");
										$this->m_template->reinit("ROWERR005");
									} else {
                                                                                if (get_magic_quotes_gpc()){
                                                                                    $row['VALUE'] = stripslashes($row['VALUE']); 
                                                                                }
										$this->m_template->register_variables("ROWOK", array('VALUE'=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWOK");
										$this->m_template->reinit("ROWOK");
									}
								}
								$this->m_template->register_variables("TABLE", array('ROWS'=>$rows));
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'','DATA'=>$this->m_template->parse("TABLE")));
								$_SESSION['IMPORT'] = $result;
								if (isset($_REQUEST['optintxt']) && $_REQUEST['optintxt']=='on')
								{
									$_SESSION['optin']='Y';
								}
								if (isset($_REQUEST['resend']) && $_REQUEST['resend']=='on')
								{
									$_SESSION['resend']='Y';
								}
								$_SESSION['offset']=$_REQUEST['offsettxt'];
							}
						} elseif ( $_REQUEST['importType'] == 'csv' ){
							$this->m_template->register_file("VALIDATEDATA","wizard_import_1.tpl");
							$this->m_template->register_file("CUSTOM","wizard_import_1_custom.tpl");
							$this->m_template->register_file("TABLE", "wizard_import_table_1.tpl");
							$this->m_template->register_file("ROWS", "wizard_import_row_1.tpl");
							$this->m_template->register_file("ROWSE", "wizard_import_row_1_errors.tpl");
							$this->m_template->register_file("ROWSETABLE", "wizard_import_row_1_errtable.tpl");
							$this->m_template->register_file("ROWSERROWS", "wizard_import_row_1_errows.tpl");
							$path = $this->_storeData();
							if ( !$path )
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'Fatal Error: Uploaded file not found.','DATA'=>''));
							} else {
								$deli = $_REQUEST['deli'] == 'comma' ? ',' : "\t";
								$result = $this->_validateCSV( $path, $deli );
								$rows = '';
								$errCount = 0;
								if(is_array($result))
								{
									foreach ( $result as $row )
									{
										if ( isset($row['ERROR']) )
										{
											$errCollection = $row['ERROR'];
											$errows = '';
												foreach ( $errCollection as $err )
												{
													$this->m_template->register_variables("ROWSERROWS", array('ERRMSG' => $err));
													$errows .= $this->m_template->parse("ROWSERROWS");
													$this->m_template->reinit("ROWSERROWS");
												}
											$this->m_template->register_variables("ROWSETABLE", array('ERROWS' => $errows));
											$errTable = $this->m_template->parse("ROWSETABLE");
											$this->m_template->reinit("ROWSETABLE");
											$this->m_template->register_variables("ROWSE",  array("EMAIL" 	=> $this->_checkArrayKey('0', $row),
																								 "PASSWORD"	=> $this->_checkArrayKey('1', $row),
																								 "FNAME"	=> $this->_checkArrayKey('2', $row),
																								 "LNAME"	=> $this->_checkArrayKey('3', $row),
																								 "ADD1"		=> $this->_checkArrayKey('4', $row),
																								 "ADD2"		=> $this->_checkArrayKey('5', $row),
																								 "CITY"		=> $this->_checkArrayKey('6', $row),
																								 "STATE"	=> $this->_checkArrayKey('7', $row),
																								 "ZIP"		=> $this->_checkArrayKey('8', $row),
																								 "CONT"		=> $this->_checkArrayKey('9', $row),
																								 "PHONE"	=> $this->_checkArrayKey('10', $row),
																								 "FAX"		=> $this->_checkArrayKey('11', $row),
																								 "CUSTOM1"	=> $this->_checkArrayKey('12', $row),
																								 "CUSTOM2"	=> $this->_checkArrayKey('13', $row),
																								 "CUSTOM3"	=> $this->_checkArrayKey('14', $row),
																								 "CUSTOM4"	=> $this->_checkArrayKey('15', $row),
																								 "CUSTOM5"	=> $this->_checkArrayKey('16', $row),
																								 "ERRNUM"	=> $errCount,
																								 "ERRCOLLECTION" => $errTable));
											$rows .= $this->m_template->parse("ROWSE");
											$this->m_template->reinit("ROWSE");
											$errCount++; 
										} else {
											$this->m_template->register_variables("ROWS",  array("EMAIL" 	=> $this->_checkArrayKey('0', $row),
																								 "PASSWORD"	=> $this->_checkArrayKey('1', $row),
																								 "FNAME"	=> $this->_checkArrayKey('2', $row),
																								 "LNAME"	=> $this->_checkArrayKey('3', $row),
																								 "ADD1"		=> $this->_checkArrayKey('4', $row),
																								 "ADD2"		=> $this->_checkArrayKey('5', $row),
																								 "CITY"		=> $this->_checkArrayKey('6', $row),
																								 "STATE"	=> $this->_checkArrayKey('7', $row),
																								 "ZIP"		=> $this->_checkArrayKey('8', $row),
																								 "CONT"		=> $this->_checkArrayKey('9', $row),
																								 "PHONE"	=> $this->_checkArrayKey('10', $row),
																								 "FAX"		=> $this->_checkArrayKey('11', $row),
																								 "CUSTOM1"	=> $this->_checkArrayKey('12', $row),
																								 "CUSTOM2"	=> $this->_checkArrayKey('13', $row),
																								 "CUSTOM3"	=> $this->_checkArrayKey('14', $row),
																								 "CUSTOM4"	=> $this->_checkArrayKey('15', $row),
																								 "CUSTOM5"	=> $this->_checkArrayKey('16', $row)));
											$rows .= $this->m_template->parse("ROWS");
											$this->m_template->reinit("ROWS");																							 							
										}
										//end else
									}
								}
								$customhtml="";
								$query= new cquery();
								for ($i=1;$i<=10;$i++)
								{
								$query->set_query_sql("SELECT cf.field_label FROM mailmachine_customfields cf, mailmachine_mailing_lists ml WHERE ml.list_id='".$_REQUEST['curr_list_id']."' AND ml.custom".$i."id=cf.field_id");
								$query->run_query();
								if ($query->num_of_rows()=="0")
								{
									$resultcustom=array("field_label" => "Empty");	
								}
								else
								{
									$resultcustom=$query->get_next_hash();
									$this->m_template->register_variables("CUSTOM", $resultcustom);
									$customhtml .= $this->m_template->parse("CUSTOM");
									$this->m_template->reinit("CUSTOM");
								}				
								}
								$this->m_template->register_variables("TABLE", array('ROWS'=>$rows,'CUSTOM_FIELDS'=>$customhtml));
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'','DATA'=>$this->m_template->parse("TABLE")));
								$this->_remData($path);
								$_SESSION['IMPORT'] = $result;
								if (isset($_REQUEST['optincsv']) && $_REQUEST['optincsv']=='on')
								{
									$_SESSION['optin']='Y';
								}
								if (isset($_REQUEST['resend']) && $_REQUEST['resend']=='on')
								{
									$_SESSION['resend']='Y';
								}
								$_SESSION['offset']=$_REQUEST['offsetcsv'];							
							}
						}
					break;
					// This case handles the actual import of data into the database.
					case '1':
					    $this->setCaption('<a href="cmainpage.php">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_COMPLETE}');
						$this->m_template->register_file("VALIDATEDATA","wizard_import_msg.tpl");
						if ( isset($_SESSION['IMPORT']) )
						{
							if ($_SESSION['IMPORT']=="imported")
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> 'Already imported this data!','DATA'=>''));	
							}
							else
							{
								if ((isset($_SESSION['resend']) && $_SESSION['resend']=='Y'))
								{
									$lastsendq = new cquery();
									$lastsendq->set_query_sql("SELECT * FROM mailmachine_newsletter WHERE msg_id=( SELECT MAX(msg_id) FROM mailmachine_newsletter WHERE list_id={$_REQUEST['list_id']});");
									$lastsendq->run_query();
									$lastsend = $lastsendq->get_next_hash();
									$msg_id = $lastsend['msg_id'];
									if ($lastsend['sent']=='Y')
									{
										$lastsendq->set_query_sql("INSERT INTO `mailmachine_newsletter` (`list_id`, `type`, `subject`, `date_sent`, `msg_text`, `msg_html`, `sent`, `scheduled`, `userid`) VALUES ('{$_REQUEST['list_id']}', '{$lastsend['type']}', '".addslashes($lastsend['subject'])."', NOW(), '".addslashes($lastsend['msg_text'])."', '".addslashes($lastsend['msg_html'])."', 'N', CURDATE(), '{$lastsend['userid']}');");
										$lastsendq->run_query();
										$msg_id++;
									}
									$lastsendq->end_query();				
								}
								else
								{
									$msg_id=0;
								}
								$importCount = 0;
								if ( $_REQUEST['importType'] == 'txt' ) 
								{
									foreach ( $_SESSION['IMPORT'] as $data )
									{
										if ( $data['VALID'] == 'ok' )
										{
											$record[] = $data['VALUE'];
										}
									}
									if (isset($record) && count($record) >0)
									{
										foreach ( $record as $in )
										{
											$this->_writeRecord($in,$msg_id);
											$importCount++;
										}
									}
								} 
								else 
								{
									foreach ( $_SESSION['IMPORT'] as $record )
									{
										if ( array_key_exists('ERROR', $record) )
										{
											unset($record);
										} 
										else 
										{
										$this->_writeRecord($record,$msg_id);
										$importCount++;
										}
									}
								}
								if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
								{
									$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> $importCount . ' list subscribers will be added to the mailing list, after they have confirmed their subscription.','DATA'=>''));	
								}
								else
								{
									$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> $importCount . ' list subscribers added to the mailing list.','DATA'=>''));
								}
								$_SESSION['IMPORT']="imported";
							}
						}
						else 
						{
							$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> 'Fatal Error: Could not locate user session.','DATA'=>''));
						}
					break;
				}
				$this->m_template->register_variables("BODY", array("FORM" => $this->m_template->parse("VALIDATEDATA")));
			}
		}
		/**
		* Method adds a single record to the database
		*
		* @access private
		* @var $record array the record to add to the database
		* @return boolean
		*/
		function _writeRecord ( $record ,$msg_id)
		{
			if ( is_array($record) )  
			{ 
				$kkk = $record;
			} else {  
				$vals = $record;  
				$kkk = $this->_dbSeed(',',$vals, 22);
			}	
			@list($email,$password,$firstname, $lastname, $address1, $address2, $city, $state,
				$zip ,$country, $phone, $fax, $custom1, $custom2, $custom3, $custom4, $custom5, $custom6, $custom7, $custom8, $custom9, $custom10, $signup_date) = 
				$kkk;
			if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
			{
				$_REQUEST['enabled']='N';
			}	
			//$this->m_sqlbuilder->setValue("email", $email);
                        if (!get_magic_quotes_gpc()){
                            $this->m_sqlbuilder->setValue("email", addslashes($email));
                        }
                        else {
                            $this->m_sqlbuilder->setValue("email", $email);
                        }
            $this->m_sqlbuilder->setValue("password", $password);
			$this->m_sqlbuilder->setValue("first_name", addslashes($firstname));
			$this->m_sqlbuilder->setValue("last_name", addslashes($lastname));
			$this->m_sqlbuilder->setValue("address1", addslashes($address1));
			$this->m_sqlbuilder->setValue("address2", addslashes($address2));
			$this->m_sqlbuilder->setValue("phone", addslashes($phone));
			$this->m_sqlbuilder->setValue("fax", addslashes($fax));
			$this->m_sqlbuilder->setValue("city", addslashes($city));
			$this->m_sqlbuilder->setValue("state", addslashes($state));			
			$this->m_sqlbuilder->setValue("zipcode", addslashes($zip));
			$this->m_sqlbuilder->setValue("country", addslashes($country));
			$this->m_sqlbuilder->setValue("signup_date",'now()',0);			
			$this->m_sqlbuilder->setValue("custom1", addslashes($custom1));
			$this->m_sqlbuilder->setValue("custom2", addslashes($custom2));
			$this->m_sqlbuilder->setValue("custom3", addslashes($custom3));
			$this->m_sqlbuilder->setValue("custom4", addslashes($custom4));
			$this->m_sqlbuilder->setValue("custom5", addslashes($custom5));
			$this->m_sqlbuilder->setValue("custom6", addslashes($custom6));
			$this->m_sqlbuilder->setValue("custom7", addslashes($custom7));
			$this->m_sqlbuilder->setValue("custom8", addslashes($custom8));
			$this->m_sqlbuilder->setValue("custom9", addslashes($custom9));
			$this->m_sqlbuilder->setValue("custom10", addslashes($custom10));
			$this->m_sqlbuilder->setValue("signup_method","Admin import");
			$this->m_sqlbuilder->setValue("signup_ip","Admin");
			$this->m_sqlbuilder->setValue("bounce_count", 0);
			$this->m_sqlbuilder->setValue("offset", $_SESSION['offset']);
			$this->m_sqlbuilder->setValue("date_reinvited", "N/A");
			$this->m_sqlbuilder->setValue("number_reinvited", 0);
			$this->m_sqlbuilder->setValue("receive_latest", 0);
			
			if (isset($_SESSION['receive_latest']) && $_SESSION['receive_latest']==1){
					$this->m_sqlbuilder->setValue("receive_latest", 1);					
				}
			$sql = $this->m_sqlbuilder->getinsertquery("mailmachine_subscribers");	
			$this->m_database->execute_query($sql);
			$insert_id = $this->m_database->get_last_id();
			if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
			{
				$mailer = new cbatchmailer();
				$this->opt_in = $mailer->send_optin_mail($insert_id);	
			}else{
				if (isset($_SESSION['receive_latest']) && $_SESSION['receive_latest']==1){
					$mailer = new cbatchmailer();
					$this->lastest = $mailer->send_lastest_mail($email, $this->getListId());					
				}
				if ((isset($_SESSION['resend']) && $_SESSION['resend']=='Y'))
				{
					$insertq = new cquery();
					$insertq->set_query_sql("INSERT INTO mailmachine_sub_msgs (sub_id,msg_id,msg_sent) VALUES ($insert_id,$msg_id,'N')");
					$insertq->run_query();
					$insertq->end_query();				
				}
			}
			return true;				
		}
		/** strips out the values of an array and puts it into a csv string
		*
		* @access private
		* @var $record array
		* @return string
		*/
		function _valString ( $record )
		{
			$s = '';
			foreach ( $record as $r )
			{
				$s .= $r . ',';
			}
			$s=rtrim($s, ',');
			return $s;
		}
		/**
		* Method merges a single record row array into an array for import into the database
		*
		* @access private
		* @var $sep string the delimiter
		* @var $array array the source array
		* @var $number_values interger the number of fields to format to
		* @var $pad string
		* @return array
		*/
		function _dbSeed($sep, $array, $number_values, $pad = '') 
		{ 
			return array_pad(explode($sep, $array, $number_values), $number_values, $pad); 
		}
		/**
		* Takes an array and if array key exists returns key value. 
		* If there is no such key in the array returns key value as null.
		*
		* @access private
		* @var $arrKey string
		* @var $arrRow array
		* @return mixed
		**/
		function _checkArrayKey($arrKey, $arrRow)
		{
		$arrVal = '';
		if (is_array($arrRow) || is_object($arrRow))
		{	
		if(array_key_exists($arrKey,$arrRow))
			{
				$arrVal = $arrRow[$arrKey];
			} 
		else 
			{
				$arrVal = NULL;
			}
		}
		else 
		{
			$arrVal = NULL;
		}
		return $arrVal;
		}
		/**
		* Stores an uploaded file in the data directory.
		* will return either the full path to the file stored or false.
		*
		* @access private
		* @return mixed
		*/
		function _storeData()
		{
			
			if(isset($_FILES["1"]["error"]))
			{
				if ($_FILES['1']['error'] == 0) 
				{
					move_uploaded_file($_FILES["1"]["tmp_name"], $this->dataPath . '/' . $_FILES["1"]["name"]);
					return $this->dataPath . '/' . $_FILES["1"]["name"];
				} else {
					return false;
				}
			}
		}
		/**
		* deletes a csv file from the server once the import is done.
		*
		* @acess private
		* @return VOID
		*/
		function _remData( $path )
		{
			unlink ( $path );
		}
		/**
		* Parses and pre-validates a CSV file to match the database schama
		* will return errors for any row that does conform with the db schema
		*
		* @access private
		* @var $file string Full path to the file
		* @return array
		*/
		function _validateCSV( $file, $delimiter = ',' )
		{
			$data = $this->_arrayFromCSV( $file, false, $delimiter );
			$dCount = count($data) -1;
			$emailArray = $this->_checkArrayForDuplicates ($data);
			if ( $dCount < 0 )
			{
				return array('ERROR' => '011');
			} else {
				
				for ( $i=0; $i<=$dCount; $i++ )
				{
					if(isset($emailArray[$i]))
					{
						$result[] = $this->_validateCSVRow($data[$i]);
					}
				}
			}
			return $result;
		}
		/**
		* Checks for duplicate email addresses, unsets everything but the first match
		*/
		function _checkArrayForDuplicates ($row)
		{
			$count = count($row) -1;
			for($i =0; $i<=$count; $i++ )
			{
			  $emailArray[$i] = strtolower($row[$i][0]);
			}
			$row = array_unique($emailArray);
			return $row;
		}
		function _checkTxtArrayForDuplicates ($row)
		{
			$count = count($row) -1;
			for($i =0; $i<=$count; $i++ )
			{
			  $emailArray[$i] = strtolower($row[$i]);
			}
			$row = array_values(array_unique($emailArray));
			return $row;
		}
		/**
		* Checks the contents of a CSV file row to make sure the required fields are filled in
		*
		* @access private
		* @var $rowArray array
		* @return array
		*/
		function _validateCSVRow ( $rowArray )
		{
			$errCount = 0;
			$iCount = count($rowArray);
			if ( $iCount <> 22 )
			{
				$rowArray=array_pad($rowArray, 22, '');
			}
			if ( empty($rowArray[0]) || !$this->validate($rowArray[0],'email') )
			{
				$rowArray['ERROR'][$errCount] = 'Email Address is missing or not valid';
				$errCount++;
			}
			if ( !$this->_ckdb4addy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address already exists for this mailing list';
				$errCount++;
			}
			if ( !$this->_ckdb4bannedaddy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address has been banned';
				$errCount++;
			}
			if ( !$this->_ckdb4banneddomaddy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address belongs to a banned domain';
				$errCount++;
			}
			if (isset($_REQUEST['check_unsubcsv']) && $_REQUEST['check_unsubcsv']=="on")
			{
				if ( !$this->_ckdb4unsubaddy($rowArray[0]) )
				{	
					$rowArray['ERROR'][$errCount] = 'Email address previously unsubscribed';
					$errCount++;
				}
			}
			
			/*
			if ( empty($rowArray[1]) || !$this->validate($rowArray[1],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Password is not set';
				$errCount++;
			}
			if ( empty($rowArray[2]) || !$this->validate($rowArray[3],"alpha") )
			{
				$rowArray['ERROR'][$errCount] = 'First Name is not set or invalid';
				$errCount++;
			}
			if ( empty($rowArray[3]) || !$this->validate($$rowArray[3],"alpha") )
			{
				$rowArray['ERROR'][$errCount] = 'Last Name is not set or invalid';
				$errCount++;
			}
			if ( empty($rowArray[4]) || !$this->validate($rowArray[4],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'First (1st) address field is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[6]) || !$this->validate($rowArray[6],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'City is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[7]) || !$this->validate($rowArray[7],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'State is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[7]) || !$this->validate($rowArray[7],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Zipcode is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[8]) || !$this->validate($rowArray[8],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Country is missing or not valid';
			}
			*/
			return $rowArray;	
		}
		/**
		* Quick helper function that reads a csv file into an array
		*
		* @access private
		* @var $data string Path to the file
		* @var $hasFieldName boolean
		* @var $delimiter string
		* @var $enclosure
		* @return array
		*/
		function _arrayFromCSV($file, $hasFieldNames = false, $delimiter = ',')
		{
			$result = Array();
		   	$size = filesize($file) +1;
			$file = fopen($file, 'r');
		   	if ($hasFieldNames) $keys = fgetcsv($file, $size, $delimiter);
		   	while ( $row = fgetcsv($file, $size, $delimiter) ) 
			{
				$n = count($row); $res=array();
				for($i = 0; $i < $n; $i++) 
				{
					$idx = ($hasFieldNames) ? $keys[$i] : $i;
					$res[$idx] = $row[$i];
				}
				$result[] = $res;
			}
			fclose($file);
			return $result;
		 }		
		/**
		* Parses and pre-validates a text blob import
		*
		* @var source string
		* @return array
		*/
		function _validateTxt ( $dataString )
		{
			@$inArr = $this->_cleanString($dataString);
			if ( $inArr === false )
			{
				/**
				* @TODO Elegant error handling.
				*/
				echo 'Imported text does not meet the requirements. While parsing no commas, line breaks or carrage returns where found.'; 
				exit(1);
			} else {
				$inArr=$this->_checkTxtArrayForDuplicates($inArr);
				$inCount = count($inArr) - 1;
				if ( $inCount == 0 && $inArr[0]=="")
				{
					$outArr = array('ERROR'=> 'Imported text is not valid, zero (0) rows to import');
				} else {
					for ( $i=0; $i<=$inCount; $i++ )
					{
						if ( is_string($inArr[$i]) )
						{
							if ( !$this->validate($inArr[$i],'email') )
							{
								$v = '001';
							} 
							elseif ( !$this->_ckdb4addy($inArr[$i]) )
							{
								$v = '002';
							}
							elseif ( !$this->_ckdb4bannedaddy($inArr[$i]) )
							{
								$v='003';
							}
							elseif ( !$this->_ckdb4banneddomaddy($inArr[$i]) )
							{
								$v='004';
							}
							elseif (isset($_REQUEST['check_unsubtxt']) && $_REQUEST['check_unsubtxt']=="on")
							{
								if ( !$this->_ckdb4unsubaddy($inArr[$i]) )
								{	
									$v='005';
								}
								else
								{
									$v = 'ok';	
								}
							}
							else 
							{
								$v = 'ok';
							}
							$outArr[] = array('VALID'=>$v, 'VALUE'=>$inArr[$i]);
						}
					}
				}
				return $outArr;
			}
		}
		/**
		* Helper function that makes windows csv files work nice on *nix and php
		*
		* @access private
		* @var $file string
		* @return void
		*/
		function _win2unix ( $file ) 
		{
       		$fp 	= fopen($file,'r');
       		$fptmp 	= fopen($file.'_tmp','w');
       		while( !feof($fp) )
			{
               $line 	= chop(fgets($fp,4096));
               $ret 	= ereg_replace(chr(13) . chr(10),"\n",$line);
               $ret 	= ereg_replace(chr(13),"\n",$ret);
               fwrite($fptmp,$ret);
       		}
       		fclose($fp);
       		fclose($fptmp);
      		unlink($file);
       		copy($file.'_tmp', $file);
       		unlink($file.'_tmp');
		}
		/**
		* Helper method that searches across the database to see if an
		* email address already exists for a mailing list
		*
		* @access private
		* @var @addy string
		* @return boolean
		*/
		function _ckdb4addy( $addy )
		{
						$currentList=$this->currentlist;
                        //$addy = addslashes($addy);
                        if (!get_magic_quotes_gpc()) {
                            $addy = addslashes($addy);
							$currentList=addslashes($this->currentlist);
                        }

			$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '$currentlist'";
			$sql .=" AND mailmachine_subscribers.email = '$addy' ";
			$query = new cquery();			
			$query->set_query_sql($sql);			
			$query->run_query();
			$qCount = $query->num_of_rows();
			if ( $qCount >= 1 )
			{
				return false;
			} else {
				return true;
			}
		}
		function _ckdb4bannedaddy( $addy )
		{
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
                                }

				$query =new cquery();
				$sql = "select * from mailmachine_banned_emails where ban_item='".$addy ."' and ban_type ='E'";
				$query->set_query_sql($sql);				
				$query->run_query();

				if ($query->num_of_rows()>=1)
				{								 
					return false;
				}
				else
				{
					return true;
				}			
		}
		
		function _ckdb4banneddomaddy( $addy )
		{
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
                                }

				$domain=explode("@",$addy);
				$query =new cquery();
				if (count($domain)=="2")
				{
					$sql = "select * from mailmachine_banned_emails where ban_item= '".$domain[1] ."' and ban_type ='D'";
					$query->set_query_sql($sql);				
					$query->run_query();
					if ($query->num_of_rows()>=1)
					{								 
							return false;
					}
					else
					{
						return true;
					}
				}
				else
				{
					return true;
				}			
		}
		function _ckdb4unsubaddy( $addy )
		{
								$currentList=$this->currentlist;
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
									$currentList=addslashes($this->currentlist);
                                }

				$query =new cquery();
				$sql = "select * from mailmachine_unsubscribers where email='".$addy ."' and list_id = '$currentList'";
				$query->set_query_sql($sql);				
				$query->run_query();

				if ($query->num_of_rows()>=1)
				{								 
					return false;
				}
				else
				{
					return true;
				}			
		}
		
		/** 
		* Helper method that replaces line endings with commas
		*
		* @access private
		* @var $dataString string
		* @return array
		*/
		function _cleanString( $dataString )
		{
			$search 	= array("'([\r\n])[\s]+'");
			$replace	= array(",");
			$text 		= preg_replace($search, $replace, $dataString);
			$cleanStr	= preg_replace('/\s\s+/', ' ', $text);
			$outArray	= explode(',', $cleanStr);
			$this->_cleanEmptyNodes($outArray);
			sort($outArray);
			return $outArray;
		}
		/**
		* Helper method that finds empty nodes of an array and deletes them
		*
		* @access private
		* @var $blank string The value to search for to unset
		* @var $input array The array to search
		* @return array
		*/
		function _cleanEmptyNodes ( $blank = '', &$input )
		{
			while(($search = array_search($blank,$input)) > -1) 
			unset($input[$search]);
		}			
	}
}
$page = new cimport();
$page->processRequest();
$page->show();

?>

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
0
 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
you may as well want to use var_export() which will quote values when needed and only in that case and never produce weird transtyping bugs.

on the other hand, it is prone to SQL injections if the input string contains C escape characters
in a webserver context, this should not be the case
for sure, apache, lighttpd, and thttpd and probably any other wildly used web server will protect you, no idea about IIS
0
 

Accepted Solution

by:
cuttone earned 0 total points
Comment Utility
Te developer of the program responded. It actually was not an issue with the code, but rather with how access was exporting the tables and the order of the coumns
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
How access was exporting the tables?  That may be one problem, but this from the original question clearly shows us that the apostrophe was not escaped.  That is what caused the error #1064.

SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '3' AND mailmachine_subscribers.email = 'St. John's University - NY'
0
 

Author Comment

by:cuttone
Comment Utility
The tables were being exported in the wrong order and the column with St.John's was where the e-mail address column was supposed to be, which resulted in the error, since there can not be an apostrophe in an e-mail address. When the order issue was resolved, there was no longer an error and the script worked properly.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
The script worked properly in a coincidental sort of manner.  I think the use of mysql_real_escape_string() should be made in consonance with the advice from PHP.net.

See http://us2.php.net/manual/en/function.mysql-real-escape-string.php
"This function must always (with few exceptions) be used to make data safe before sending a query to MySQL."  

The few exceptions might include internally generated values that cannot contain external data.  But if you have a string of any kind from any external source, the function is your friend.
0
 

Author Closing Comment

by:cuttone
Comment Utility
The developer of the program responded and resolved the issue
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
I hope the developer's response included the correct use of
http://php.net/manual/en/function.mysql-real-escape-string.php
0
 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
hello

<quote>
Query Error: SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '3' AND mailmachine_subscribers.email = 'St. John's University - NY'
ErrorNumber: 1064
Error Description: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's University - NY'' at line 1
</quote>

you will get this exact same error even if your database does not contain any data or even any table at all.
the error occurs while the query is being parsed, and the dataset cannot be responsible for this in any way

it is fairly possible that there was a second bug linked to the tables exports, and such stuff, but this cannot explain your probleme in any way.
this is clerly undoubtful since we all saw the (junior-my-first-experience-with-SQL) error in the code as well

if the developper said otherwise, well then he clearly lied

good luck
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now