Solved

MYSQL Error

Posted on 2011-09-14
11
344 Views
Last Modified: 2012-05-12
We are getting the error message below in an e-mail program script when trying to upload names with an ' in them, like St. John's or O'Reilly.

There is a flaw in the script anyone have any ideas? I

Query Error: SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '3' AND mailmachine_subscribers.email = 'St. John's University - NY'
ErrorNumber: 1064
Error Description: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's University - NY'' at line 1
ession_start();


//If wrapper if this function is called from a PHP4.x machine
if(!function_exists('file_get_contents')) 
{
   /**
   * Method does what the PHP5 function of the same name performs
   *
   * @access public
   * @var $file string the full path of the file you wish to open
   * @return string
   */
   function file_get_contents($file) 
   {
	   return implode('', file($file));
   }
}// end if wrapper

//If wrapper if this function is called from a PHP4.x machine 
if(!function_exists('file_put_contents'))
{
	/**
	* Method does what the PHP5 function of the same name performs
	*
	* @access public
	* @var $filename string The name of the file you want to save
	* @var $data string the stream of data you want to save to the file.
	* @var $file_append boolean Wiether or not to append or overwrite
	* @return VOID
	*/
	function file_put_contents($filename, $data, $file_append = false) 
	{
		$fp = fopen($filename, (!$file_append ? 'w+' : 'a+'));
			if(!$fp)
			{	trigger_error('file_put_contents cannot write in file.', E_USER_ERROR);
				return;
			}
		fputs($fp, $data);
		fclose($fp);
	}
}//End If wrapper

if(!defined("_cimport_"))
{
	define("_cimport_",TRUE);	
	require "cquery.php";	
	require "cmlistbaseform.php";
	require "cbatchmailer.php";
	require "cwebcombo.php";
	class cimport extends cmlistbaseform
	{
		/**
		* Constructor! 
		* Sets usage aguments for the parent and
		* makes sure the parent contstructor has
		* fired.
		*
		* @return VOID
		*/
		function cimport()
		{	
			$_REQUEST['enabled']		='Y';
			$this->secure				= true;
			if ( isset($_REQUEST['STEP']) )
			{
				$this->pagination		= true;
			} else {
				$this->pagination		= false;
			}
			$this->listRequired			= true;
			
			$this->onlyAdmin			= false;
			$this->conf					= new cconfig();
			$this->dataPath				= $this->conf->m_base_path . '/data';

			if (isset ($_REQUEST['go']))
			{
			$error=false;
			if ($_REQUEST['go'] == 'list')
				{
					if (!is_numeric($_REQUEST['list_id']))
						$error = true;

					if ($error)
					{
						header("Location: cmessage.php?msg=Wrong%20Parameter%20in%20cmainpage.php");
						exit;
					}

					setcookie("curr_list_id", $_REQUEST['list_id'], 0, "/");
					$_REQUEST['curr_list_id'] = $_REQUEST['list_id'];
					$query=new cquery();
					$query->set_query_sql("select name from mailmachine_mailing_lists where list_id=" . $_REQUEST['list_id']);
					$query->run_query();
					$row = $query->get_next_row();
					setcookie("curr_list_name", $row[0], 0, "/");
					$_REQUEST['curr_list_name'] = $row[0];
					$query->end_query();
					
				}				
			}
			$lists = new cwebcombo("lists", "select m.list_id, m.name from mailmachine_mailing_lists m, mailmachine_permissions p WHERE m.list_id=p.list_id AND p.user_id='".$_SESSION['username']."'", "list_id", "name");
			$lists->add_item('NONE SELECTED', '-2');
			$lists->set_itemindex($_REQUEST['curr_list_id']);
			parent :: cmlistbaseform();
			$this->m_template->register_variables("IMPORTFORM", array(
				"LIST_OPTIONS" => $lists->show()));
			$this->currentlist			= $_REQUEST['curr_list_id'];	
		}
		
		/**
		* Default generic named request handler
		*
		* Method decides what place the system user is at in
		* in the import process and depending on the var 'step'
		* displays the correct GUI or processes the prepared and
		* validated data.
		*
		* @ return mixed
		*/ 
		function processRequest()
		{
			@$place	= $_REQUEST['STEP'];
			if ( $place == '' || !isset($place) )
			{
				$this->setCaption("<a href=\"cmainpage.php\">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_DATA}");
				$this->m_template->register_file("IMPORTFORM", "wizard_import.tpl");
				$this->m_template->register_variables("BODY", array("FORM"=> $this->m_template->parse("IMPORTFORM")));
			} else {
				switch ($place)
				{
					case '0':
						$this->setCaption('<a href="cmainpage.php">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_VALIDATE}');
						if ( $_REQUEST['importType'] == 'txt' )
						{
							$this->m_template->register_file("VALIDATEDATA","wizard_import_0.tpl");
							$result = $this->_validateTxt($_REQUEST['0']);
							if ( isset($result['ERROR']) )
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>$result['ERROR'],'DATA'=>''));
							} else {
								$this->m_template->register_file("TABLE","wizard_import_table_0.tpl");
								$this->m_template->register_file("ROWOK", "wizard_import_row_0.tpl");
								$this->m_template->register_file("ROWERR001", "wizard_import_row_0_error-001.tpl");
								$this->m_template->register_file("ROWERR002", "wizard_import_row_0_error-002.tpl");
								$this->m_template->register_file("ROWERR003", "wizard_import_row_0_error-003.tpl");
								$this->m_template->register_file("ROWERR004", "wizard_import_row_0_error-004.tpl");
								$this->m_template->register_file("ROWERR005", "wizard_import_row_0_error-005.tpl");

								$rows = '<!-- Rows -->';
								foreach ( $result as $row )
								{
									if ( $row['VALID'] == '001' )
									{
										$this->m_template->register_variables("ROWERR001", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR001");
										$this->m_template->reinit("ROWERR001");
									} elseif ( $row['VALID'] == '002' ){
										$this->m_template->register_variables("ROWERR002", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR002");
										$this->m_template->reinit("ROWERR002");
									}
									elseif ( $row['VALID'] == '003' ){
										$this->m_template->register_variables("ROWERR003", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR003");
										$this->m_template->reinit("ROWERR003");
									}
									elseif ( $row['VALID'] == '004' ){
										$this->m_template->register_variables("ROWERR004", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR004");
										$this->m_template->reinit("ROWERR004");
									}
									elseif ( $row['VALID'] == '005' ){
										$this->m_template->register_variables("ROWERR005", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR005");
										$this->m_template->reinit("ROWERR005");
									} else {
                                                                                if (get_magic_quotes_gpc()){
                                                                                    $row['VALUE'] = stripslashes($row['VALUE']); 
                                                                                }
										$this->m_template->register_variables("ROWOK", array('VALUE'=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWOK");
										$this->m_template->reinit("ROWOK");
									}
								}
								$this->m_template->register_variables("TABLE", array('ROWS'=>$rows));
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'','DATA'=>$this->m_template->parse("TABLE")));
								$_SESSION['IMPORT'] = $result;
								if (isset($_REQUEST['optintxt']) && $_REQUEST['optintxt']=='on')
								{
									$_SESSION['optin']='Y';
								}
								if (isset($_REQUEST['resend']) && $_REQUEST['resend']=='on')
								{
									$_SESSION['resend']='Y';
								}
								$_SESSION['offset']=$_REQUEST['offsettxt'];
							}
						} elseif ( $_REQUEST['importType'] == 'csv' ){
							$this->m_template->register_file("VALIDATEDATA","wizard_import_1.tpl");
							$this->m_template->register_file("CUSTOM","wizard_import_1_custom.tpl");
							$this->m_template->register_file("TABLE", "wizard_import_table_1.tpl");
							$this->m_template->register_file("ROWS", "wizard_import_row_1.tpl");
							$this->m_template->register_file("ROWSE", "wizard_import_row_1_errors.tpl");
							$this->m_template->register_file("ROWSETABLE", "wizard_import_row_1_errtable.tpl");
							$this->m_template->register_file("ROWSERROWS", "wizard_import_row_1_errows.tpl");
							$path = $this->_storeData();
							if ( !$path )
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'Fatal Error: Uploaded file not found.','DATA'=>''));
							} else {
								$deli = $_REQUEST['deli'] == 'comma' ? ',' : "\t";
								$result = $this->_validateCSV( $path, $deli );
								$rows = '';
								$errCount = 0;
								if(is_array($result))
								{
									foreach ( $result as $row )
									{
										if ( isset($row['ERROR']) )
										{
											$errCollection = $row['ERROR'];
											$errows = '';
												foreach ( $errCollection as $err )
												{
													$this->m_template->register_variables("ROWSERROWS", array('ERRMSG' => $err));
													$errows .= $this->m_template->parse("ROWSERROWS");
													$this->m_template->reinit("ROWSERROWS");
												}
											$this->m_template->register_variables("ROWSETABLE", array('ERROWS' => $errows));
											$errTable = $this->m_template->parse("ROWSETABLE");
											$this->m_template->reinit("ROWSETABLE");
											$this->m_template->register_variables("ROWSE",  array("EMAIL" 	=> $this->_checkArrayKey('0', $row),
																								 "PASSWORD"	=> $this->_checkArrayKey('1', $row),
																								 "FNAME"	=> $this->_checkArrayKey('2', $row),
																								 "LNAME"	=> $this->_checkArrayKey('3', $row),
																								 "ADD1"		=> $this->_checkArrayKey('4', $row),
																								 "ADD2"		=> $this->_checkArrayKey('5', $row),
																								 "CITY"		=> $this->_checkArrayKey('6', $row),
																								 "STATE"	=> $this->_checkArrayKey('7', $row),
																								 "ZIP"		=> $this->_checkArrayKey('8', $row),
																								 "CONT"		=> $this->_checkArrayKey('9', $row),
																								 "PHONE"	=> $this->_checkArrayKey('10', $row),
																								 "FAX"		=> $this->_checkArrayKey('11', $row),
																								 "CUSTOM1"	=> $this->_checkArrayKey('12', $row),
																								 "CUSTOM2"	=> $this->_checkArrayKey('13', $row),
																								 "CUSTOM3"	=> $this->_checkArrayKey('14', $row),
																								 "CUSTOM4"	=> $this->_checkArrayKey('15', $row),
																								 "CUSTOM5"	=> $this->_checkArrayKey('16', $row),
																								 "ERRNUM"	=> $errCount,
																								 "ERRCOLLECTION" => $errTable));
											$rows .= $this->m_template->parse("ROWSE");
											$this->m_template->reinit("ROWSE");
											$errCount++; 
										} else {
											$this->m_template->register_variables("ROWS",  array("EMAIL" 	=> $this->_checkArrayKey('0', $row),
																								 "PASSWORD"	=> $this->_checkArrayKey('1', $row),
																								 "FNAME"	=> $this->_checkArrayKey('2', $row),
																								 "LNAME"	=> $this->_checkArrayKey('3', $row),
																								 "ADD1"		=> $this->_checkArrayKey('4', $row),
																								 "ADD2"		=> $this->_checkArrayKey('5', $row),
																								 "CITY"		=> $this->_checkArrayKey('6', $row),
																								 "STATE"	=> $this->_checkArrayKey('7', $row),
																								 "ZIP"		=> $this->_checkArrayKey('8', $row),
																								 "CONT"		=> $this->_checkArrayKey('9', $row),
																								 "PHONE"	=> $this->_checkArrayKey('10', $row),
																								 "FAX"		=> $this->_checkArrayKey('11', $row),
																								 "CUSTOM1"	=> $this->_checkArrayKey('12', $row),
																								 "CUSTOM2"	=> $this->_checkArrayKey('13', $row),
																								 "CUSTOM3"	=> $this->_checkArrayKey('14', $row),
																								 "CUSTOM4"	=> $this->_checkArrayKey('15', $row),
																								 "CUSTOM5"	=> $this->_checkArrayKey('16', $row)));
											$rows .= $this->m_template->parse("ROWS");
											$this->m_template->reinit("ROWS");																							 							
										}
										//end else
									}
								}
								$customhtml="";
								$query= new cquery();
								for ($i=1;$i<=10;$i++)
								{
								$query->set_query_sql("SELECT cf.field_label FROM mailmachine_customfields cf, mailmachine_mailing_lists ml WHERE ml.list_id='".$_REQUEST['curr_list_id']."' AND ml.custom".$i."id=cf.field_id");
								$query->run_query();
								if ($query->num_of_rows()=="0")
								{
									$resultcustom=array("field_label" => "Empty");	
								}
								else
								{
									$resultcustom=$query->get_next_hash();
									$this->m_template->register_variables("CUSTOM", $resultcustom);
									$customhtml .= $this->m_template->parse("CUSTOM");
									$this->m_template->reinit("CUSTOM");
								}				
								}
								$this->m_template->register_variables("TABLE", array('ROWS'=>$rows,'CUSTOM_FIELDS'=>$customhtml));
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'','DATA'=>$this->m_template->parse("TABLE")));
								$this->_remData($path);
								$_SESSION['IMPORT'] = $result;
								if (isset($_REQUEST['optincsv']) && $_REQUEST['optincsv']=='on')
								{
									$_SESSION['optin']='Y';
								}
								if (isset($_REQUEST['resend']) && $_REQUEST['resend']=='on')
								{
									$_SESSION['resend']='Y';
								}
								$_SESSION['offset']=$_REQUEST['offsetcsv'];							
							}
						}
					break;
					// This case handles the actual import of data into the database.
					case '1':
					    $this->setCaption('<a href="cmainpage.php">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_COMPLETE}');
						$this->m_template->register_file("VALIDATEDATA","wizard_import_msg.tpl");
						if ( isset($_SESSION['IMPORT']) )
						{
							if ($_SESSION['IMPORT']=="imported")
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> 'Already imported this data!','DATA'=>''));	
							}
							else
							{
								if ((isset($_SESSION['resend']) && $_SESSION['resend']=='Y'))
								{
									$lastsendq = new cquery();
									$lastsendq->set_query_sql("SELECT * FROM mailmachine_newsletter WHERE msg_id=( SELECT MAX(msg_id) FROM mailmachine_newsletter WHERE list_id={$_REQUEST['list_id']});");
									$lastsendq->run_query();
									$lastsend = $lastsendq->get_next_hash();
									$msg_id = $lastsend['msg_id'];
									if ($lastsend['sent']=='Y')
									{
										$lastsendq->set_query_sql("INSERT INTO `mailmachine_newsletter` (`list_id`, `type`, `subject`, `date_sent`, `msg_text`, `msg_html`, `sent`, `scheduled`, `userid`) VALUES ('{$_REQUEST['list_id']}', '{$lastsend['type']}', '".addslashes($lastsend['subject'])."', NOW(), '".addslashes($lastsend['msg_text'])."', '".addslashes($lastsend['msg_html'])."', 'N', CURDATE(), '{$lastsend['userid']}');");
										$lastsendq->run_query();
										$msg_id++;
									}
									$lastsendq->end_query();				
								}
								else
								{
									$msg_id=0;
								}
								$importCount = 0;
								if ( $_REQUEST['importType'] == 'txt' ) 
								{
									foreach ( $_SESSION['IMPORT'] as $data )
									{
										if ( $data['VALID'] == 'ok' )
										{
											$record[] = $data['VALUE'];
										}
									}
									if (isset($record) && count($record) >0)
									{
										foreach ( $record as $in )
										{
											$this->_writeRecord($in,$msg_id);
											$importCount++;
										}
									}
								} 
								else 
								{
									foreach ( $_SESSION['IMPORT'] as $record )
									{
										if ( array_key_exists('ERROR', $record) )
										{
											unset($record);
										} 
										else 
										{
										$this->_writeRecord($record,$msg_id);
										$importCount++;
										}
									}
								}
								if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
								{
									$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> $importCount . ' list subscribers will be added to the mailing list, after they have confirmed their subscription.','DATA'=>''));	
								}
								else
								{
									$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> $importCount . ' list subscribers added to the mailing list.','DATA'=>''));
								}
								$_SESSION['IMPORT']="imported";
							}
						}
						else 
						{
							$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> 'Fatal Error: Could not locate user session.','DATA'=>''));
						}
					break;
				}
				$this->m_template->register_variables("BODY", array("FORM" => $this->m_template->parse("VALIDATEDATA")));
			}
		}
		/**
		* Method adds a single record to the database
		*
		* @access private
		* @var $record array the record to add to the database
		* @return boolean
		*/
		function _writeRecord ( $record ,$msg_id)
		{
			if ( is_array($record) )  
			{ 
				$kkk = $record;
			} else {  
				$vals = $record;  
				$kkk = $this->_dbSeed(',',$vals, 22);
			}	
			@list($email,$password,$firstname, $lastname, $address1, $address2, $city, $state,
				$zip ,$country, $phone, $fax, $custom1, $custom2, $custom3, $custom4, $custom5, $custom6, $custom7, $custom8, $custom9, $custom10, $signup_date) = 
				$kkk;
			if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
			{
				$_REQUEST['enabled']='N';
			}	
			//$this->m_sqlbuilder->setValue("email", $email);
                        if (!get_magic_quotes_gpc()){
                            $this->m_sqlbuilder->setValue("email", addslashes($email));
                        }
                        else {
                            $this->m_sqlbuilder->setValue("email", $email);
                        }
            $this->m_sqlbuilder->setValue("password", $password);
			$this->m_sqlbuilder->setValue("first_name", addslashes($firstname));
			$this->m_sqlbuilder->setValue("last_name", addslashes($lastname));
			$this->m_sqlbuilder->setValue("address1", addslashes($address1));
			$this->m_sqlbuilder->setValue("address2", addslashes($address2));
			$this->m_sqlbuilder->setValue("phone", addslashes($phone));
			$this->m_sqlbuilder->setValue("fax", addslashes($fax));
			$this->m_sqlbuilder->setValue("city", addslashes($city));
			$this->m_sqlbuilder->setValue("state", addslashes($state));			
			$this->m_sqlbuilder->setValue("zipcode", addslashes($zip));
			$this->m_sqlbuilder->setValue("country", addslashes($country));
			$this->m_sqlbuilder->setValue("signup_date",'now()',0);			
			$this->m_sqlbuilder->setValue("custom1", addslashes($custom1));
			$this->m_sqlbuilder->setValue("custom2", addslashes($custom2));
			$this->m_sqlbuilder->setValue("custom3", addslashes($custom3));
			$this->m_sqlbuilder->setValue("custom4", addslashes($custom4));
			$this->m_sqlbuilder->setValue("custom5", addslashes($custom5));
			$this->m_sqlbuilder->setValue("custom6", addslashes($custom6));
			$this->m_sqlbuilder->setValue("custom7", addslashes($custom7));
			$this->m_sqlbuilder->setValue("custom8", addslashes($custom8));
			$this->m_sqlbuilder->setValue("custom9", addslashes($custom9));
			$this->m_sqlbuilder->setValue("custom10", addslashes($custom10));
			$this->m_sqlbuilder->setValue("signup_method","Admin import");
			$this->m_sqlbuilder->setValue("signup_ip","Admin");
			$this->m_sqlbuilder->setValue("bounce_count", 0);
			$this->m_sqlbuilder->setValue("offset", $_SESSION['offset']);
			$this->m_sqlbuilder->setValue("date_reinvited", "N/A");
			$this->m_sqlbuilder->setValue("number_reinvited", 0);
			$this->m_sqlbuilder->setValue("receive_latest", 0);
			
			if (isset($_SESSION['receive_latest']) && $_SESSION['receive_latest']==1){
					$this->m_sqlbuilder->setValue("receive_latest", 1);					
				}
			$sql = $this->m_sqlbuilder->getinsertquery("mailmachine_subscribers");	
			$this->m_database->execute_query($sql);
			$insert_id = $this->m_database->get_last_id();
			if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
			{
				$mailer = new cbatchmailer();
				$this->opt_in = $mailer->send_optin_mail($insert_id);	
			}else{
				if (isset($_SESSION['receive_latest']) && $_SESSION['receive_latest']==1){
					$mailer = new cbatchmailer();
					$this->lastest = $mailer->send_lastest_mail($email, $this->getListId());					
				}
				if ((isset($_SESSION['resend']) && $_SESSION['resend']=='Y'))
				{
					$insertq = new cquery();
					$insertq->set_query_sql("INSERT INTO mailmachine_sub_msgs (sub_id,msg_id,msg_sent) VALUES ($insert_id,$msg_id,'N')");
					$insertq->run_query();
					$insertq->end_query();				
				}
			}
			return true;				
		}
		/** strips out the values of an array and puts it into a csv string
		*
		* @access private
		* @var $record array
		* @return string
		*/
		function _valString ( $record )
		{
			$s = '';
			foreach ( $record as $r )
			{
				$s .= $r . ',';
			}
			$s=rtrim($s, ',');
			return $s;
		}
		/**
		* Method merges a single record row array into an array for import into the database
		*
		* @access private
		* @var $sep string the delimiter
		* @var $array array the source array
		* @var $number_values interger the number of fields to format to
		* @var $pad string
		* @return array
		*/
		function _dbSeed($sep, $array, $number_values, $pad = '') 
		{ 
			return array_pad(explode($sep, $array, $number_values), $number_values, $pad); 
		}
		/**
		* Takes an array and if array key exists returns key value. 
		* If there is no such key in the array returns key value as null.
		*
		* @access private
		* @var $arrKey string
		* @var $arrRow array
		* @return mixed
		**/
		function _checkArrayKey($arrKey, $arrRow)
		{
		$arrVal = '';
		if (is_array($arrRow) || is_object($arrRow))
		{	
		if(array_key_exists($arrKey,$arrRow))
			{
				$arrVal = $arrRow[$arrKey];
			} 
		else 
			{
				$arrVal = NULL;
			}
		}
		else 
		{
			$arrVal = NULL;
		}
		return $arrVal;
		}
		/**
		* Stores an uploaded file in the data directory.
		* will return either the full path to the file stored or false.
		*
		* @access private
		* @return mixed
		*/
		function _storeData()
		{
			
			if(isset($_FILES["1"]["error"]))
			{
				if ($_FILES['1']['error'] == 0) 
				{
					move_uploaded_file($_FILES["1"]["tmp_name"], $this->dataPath . '/' . $_FILES["1"]["name"]);
					return $this->dataPath . '/' . $_FILES["1"]["name"];
				} else {
					return false;
				}
			}
		}
		/**
		* deletes a csv file from the server once the import is done.
		*
		* @acess private
		* @return VOID
		*/
		function _remData( $path )
		{
			unlink ( $path );
		}
		/**
		* Parses and pre-validates a CSV file to match the database schama
		* will return errors for any row that does conform with the db schema
		*
		* @access private
		* @var $file string Full path to the file
		* @return array
		*/
		function _validateCSV( $file, $delimiter = ',' )
		{
			$data = $this->_arrayFromCSV( $file, false, $delimiter );
			$dCount = count($data) -1;
			$emailArray = $this->_checkArrayForDuplicates ($data);
			if ( $dCount < 0 )
			{
				return array('ERROR' => '011');
			} else {
				
				for ( $i=0; $i<=$dCount; $i++ )
				{
					if(isset($emailArray[$i]))
					{
						$result[] = $this->_validateCSVRow($data[$i]);
					}
				}
			}
			return $result;
		}
		/**
		* Checks for duplicate email addresses, unsets everything but the first match
		*/
		function _checkArrayForDuplicates ($row)
		{
			$count = count($row) -1;
			for($i =0; $i<=$count; $i++ )
			{
			  $emailArray[$i] = strtolower($row[$i][0]);
			}
			$row = array_unique($emailArray);
			return $row;
		}
		function _checkTxtArrayForDuplicates ($row)
		{
			$count = count($row) -1;
			for($i =0; $i<=$count; $i++ )
			{
			  $emailArray[$i] = strtolower($row[$i]);
			}
			$row = array_values(array_unique($emailArray));
			return $row;
		}
		/**
		* Checks the contents of a CSV file row to make sure the required fields are filled in
		*
		* @access private
		* @var $rowArray array
		* @return array
		*/
		function _validateCSVRow ( $rowArray )
		{
			$errCount = 0;
			$iCount = count($rowArray);
			if ( $iCount <> 22 )
			{
				$rowArray=array_pad($rowArray, 22, '');
			}
			if ( empty($rowArray[0]) || !$this->validate($rowArray[0],'email') )
			{
				$rowArray['ERROR'][$errCount] = 'Email Address is missing or not valid';
				$errCount++;
			}
			if ( !$this->_ckdb4addy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address already exists for this mailing list';
				$errCount++;
			}
			if ( !$this->_ckdb4bannedaddy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address has been banned';
				$errCount++;
			}
			if ( !$this->_ckdb4banneddomaddy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address belongs to a banned domain';
				$errCount++;
			}
			if (isset($_REQUEST['check_unsubcsv']) && $_REQUEST['check_unsubcsv']=="on")
			{
				if ( !$this->_ckdb4unsubaddy($rowArray[0]) )
				{	
					$rowArray['ERROR'][$errCount] = 'Email address previously unsubscribed';
					$errCount++;
				}
			}
			
			/*
			if ( empty($rowArray[1]) || !$this->validate($rowArray[1],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Password is not set';
				$errCount++;
			}
			if ( empty($rowArray[2]) || !$this->validate($rowArray[3],"alpha") )
			{
				$rowArray['ERROR'][$errCount] = 'First Name is not set or invalid';
				$errCount++;
			}
			if ( empty($rowArray[3]) || !$this->validate($$rowArray[3],"alpha") )
			{
				$rowArray['ERROR'][$errCount] = 'Last Name is not set or invalid';
				$errCount++;
			}
			if ( empty($rowArray[4]) || !$this->validate($rowArray[4],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'First (1st) address field is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[6]) || !$this->validate($rowArray[6],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'City is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[7]) || !$this->validate($rowArray[7],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'State is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[7]) || !$this->validate($rowArray[7],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Zipcode is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[8]) || !$this->validate($rowArray[8],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Country is missing or not valid';
			}
			*/
			return $rowArray;	
		}
		/**
		* Quick helper function that reads a csv file into an array
		*
		* @access private
		* @var $data string Path to the file
		* @var $hasFieldName boolean
		* @var $delimiter string
		* @var $enclosure
		* @return array
		*/
		function _arrayFromCSV($file, $hasFieldNames = false, $delimiter = ',')
		{
			$result = Array();
		   	$size = filesize($file) +1;
			$file = fopen($file, 'r');
		   	if ($hasFieldNames) $keys = fgetcsv($file, $size, $delimiter);
		   	while ( $row = fgetcsv($file, $size, $delimiter) ) 
			{
				$n = count($row); $res=array();
				for($i = 0; $i < $n; $i++) 
				{
					$idx = ($hasFieldNames) ? $keys[$i] : $i;
					$res[$idx] = $row[$i];
				}
				$result[] = $res;
			}
			fclose($file);
			return $result;
		 }		
		/**
		* Parses and pre-validates a text blob import
		*
		* @var source string
		* @return array
		*/
		function _validateTxt ( $dataString )
		{
			@$inArr = $this->_cleanString($dataString);
			if ( $inArr === false )
			{
				/**
				* @TODO Elegant error handling.
				*/
				echo 'Imported text does not meet the requirements. While parsing no commas, line breaks or carrage returns where found.'; 
				exit(1);
			} else {
				$inArr=$this->_checkTxtArrayForDuplicates($inArr);
				$inCount = count($inArr) - 1;
				if ( $inCount == 0 && $inArr[0]=="")
				{
					$outArr = array('ERROR'=> 'Imported text is not valid, zero (0) rows to import');
				} else {
					for ( $i=0; $i<=$inCount; $i++ )
					{
						if ( is_string($inArr[$i]) )
						{
							if ( !$this->validate($inArr[$i],'email') )
							{
								$v = '001';
							} 
							elseif ( !$this->_ckdb4addy($inArr[$i]) )
							{
								$v = '002';
							}
							elseif ( !$this->_ckdb4bannedaddy($inArr[$i]) )
							{
								$v='003';
							}
							elseif ( !$this->_ckdb4banneddomaddy($inArr[$i]) )
							{
								$v='004';
							}
							elseif (isset($_REQUEST['check_unsubtxt']) && $_REQUEST['check_unsubtxt']=="on")
							{
								if ( !$this->_ckdb4unsubaddy($inArr[$i]) )
								{	
									$v='005';
								}
								else
								{
									$v = 'ok';	
								}
							}
							else 
							{
								$v = 'ok';
							}
							$outArr[] = array('VALID'=>$v, 'VALUE'=>$inArr[$i]);
						}
					}
				}
				return $outArr;
			}
		}
		/**
		* Helper function that makes windows csv files work nice on *nix and php
		*
		* @access private
		* @var $file string
		* @return void
		*/
		function _win2unix ( $file ) 
		{
       		$fp 	= fopen($file,'r');
       		$fptmp 	= fopen($file.'_tmp','w');
       		while( !feof($fp) )
			{
               $line 	= chop(fgets($fp,4096));
               $ret 	= ereg_replace(chr(13) . chr(10),"\n",$line);
               $ret 	= ereg_replace(chr(13),"\n",$ret);
               fwrite($fptmp,$ret);
       		}
       		fclose($fp);
       		fclose($fptmp);
      		unlink($file);
       		copy($file.'_tmp', $file);
       		unlink($file.'_tmp');
		}
		/**
		* Helper method that searches across the database to see if an
		* email address already exists for a mailing list
		*
		* @access private
		* @var @addy string
		* @return boolean
		*/
		function _ckdb4addy( $addy )
		{
                        //$addy = addslashes($addy);
                        if (!get_magic_quotes_gpc()) {
                            $addy = addslashes($addy);    
                        }
                        else {
                            $addy = $addy; 
                        }
			$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '$this->currentlist'";
			$sql .=" AND mailmachine_subscribers.email = '$addy' ";
			$query = new cquery();			
			$query->set_query_sql($sql);			
			$query->run_query();
			$qCount = $query->num_of_rows();
			if ( $qCount >= 1 )
			{
				return false;
			} else {
				return true;
			}
		}
		function _ckdb4bannedaddy( $addy )
		{
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
                                }
                                else {
                                    $addy = $addy;
                                }
				$query =new cquery();
				$sql = "select * from mailmachine_banned_emails where ban_item='".$addy ."' and ban_type ='E'";
				$query->set_query_sql($sql);				
				$query->run_query();

				if ($query->num_of_rows()>=1)
				{								 
					return false;
				}
				else
				{
					return true;
				}			
		}
		
		function _ckdb4banneddomaddy( $addy )
		{
				$domain=explode("@",$addy);
				$query =new cquery();
				if (count($domain)=="2")
				{
					$sql = "select * from mailmachine_banned_emails where ban_item= '".$domain[1] ."' and ban_type ='D'";
					$query->set_query_sql($sql);				
					$query->run_query();
					if ($query->num_of_rows()>=1)
					{								 
							return false;
					}
					else
					{
						return true;
					}
				}
				else
				{
					return true;
				}			
		}
		function _ckdb4unsubaddy( $addy )
		{
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
                                }
                                else {
                                    $addy = $addy;
                                }
				$query =new cquery();
				$sql = "select * from mailmachine_unsubscribers where email='".$addy ."' and list_id = '$this->currentlist'";
				$query->set_query_sql($sql);				
				$query->run_query();

				if ($query->num_of_rows()>=1)
				{								 
					return false;
				}
				else
				{
					return true;
				}			
		}
		
		/** 
		* Helper method that replaces line endings with commas
		*
		* @access private
		* @var $dataString string
		* @return array
		*/
		function _cleanString( $dataString )
		{
			$search 	= array("'([\r\n])[\s]+'");
			$replace	= array(",");
			$text 		= preg_replace($search, $replace, $dataString);
			$cleanStr	= preg_replace('/\s\s+/', ' ', $text);
			$outArray	= explode(',', $cleanStr);
			$this->_cleanEmptyNodes($outArray);
			sort($outArray);
			return $outArray;
		}
		/**
		* Helper method that finds empty nodes of an array and deletes them
		*
		* @access private
		* @var $blank string The value to search for to unset
		* @var $input array The array to search
		* @return array
		*/
		function _cleanEmptyNodes ( $blank = '', &$input )
		{
			while(($search = array_search($blank,$input)) > -1) 
			unset($input[$search]);
		}			
	}
}
$page = new cimport();
$page->processRequest();
$page->show();

?>

Open in new window

0
Comment
Question by:cuttone
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 82

Expert Comment

by:hielo
ID: 36540005
on the following:
$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '$this->currentlist'";

you need to escape the value of the variable you are using to construct the query:
$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '" . addslashes($this->currentlist) . "'";

The same goes for the other queries.  Below is a modified version of your function where I added the escaped value to some variable and used that  variable in the query instead.  You'll need to apply the same method/rationale to the other queries.
function _ckdb4addy( $addy )
		{
                        //$addy = addslashes($addy);
                        if (!get_magic_quotes_gpc()) {
                            $addy = addslashes($addy);
			$currentList=$this->currentlist;
                        }
                        else {
                            $addy = $addy; 
                        }
			$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '$currentlist'";
			$sql .=" AND mailmachine_subscribers.email = '$addy' ";
			$query = new cquery();			
			$query->set_query_sql($sql);			
			$query->run_query();
			$qCount = $query->num_of_rows();
			if ( $qCount >= 1 )
			{
				return false;
			} else {
				return true;
			}
		}

Open in new window

0
 
LVL 82

Expert Comment

by:hielo
ID: 36540016
forgot to actually add the "addslashes()" part in the the function. Try the attached code:
<?php
session_start();


//If wrapper if this function is called from a PHP4.x machine
if(!function_exists('file_get_contents')) 
{
   /**
   * Method does what the PHP5 function of the same name performs
   *
   * @access public
   * @var $file string the full path of the file you wish to open
   * @return string
   */
   function file_get_contents($file) 
   {
	   return implode('', file($file));
   }
}// end if wrapper

//If wrapper if this function is called from a PHP4.x machine 
if(!function_exists('file_put_contents'))
{
	/**
	* Method does what the PHP5 function of the same name performs
	*
	* @access public
	* @var $filename string The name of the file you want to save
	* @var $data string the stream of data you want to save to the file.
	* @var $file_append boolean Wiether or not to append or overwrite
	* @return VOID
	*/
	function file_put_contents($filename, $data, $file_append = false) 
	{
		$fp = fopen($filename, (!$file_append ? 'w+' : 'a+'));
			if(!$fp)
			{	trigger_error('file_put_contents cannot write in file.', E_USER_ERROR);
				return;
			}
		fputs($fp, $data);
		fclose($fp);
	}
}//End If wrapper

if(!defined("_cimport_"))
{
	define("_cimport_",TRUE);	
	require "cquery.php";	
	require "cmlistbaseform.php";
	require "cbatchmailer.php";
	require "cwebcombo.php";
	class cimport extends cmlistbaseform
	{
		/**
		* Constructor! 
		* Sets usage aguments for the parent and
		* makes sure the parent contstructor has
		* fired.
		*
		* @return VOID
		*/
		function cimport()
		{	
			$_REQUEST['enabled']		='Y';
			$this->secure				= true;
			if ( isset($_REQUEST['STEP']) )
			{
				$this->pagination		= true;
			} else {
				$this->pagination		= false;
			}
			$this->listRequired			= true;
			
			$this->onlyAdmin			= false;
			$this->conf					= new cconfig();
			$this->dataPath				= $this->conf->m_base_path . '/data';

			if (isset ($_REQUEST['go']))
			{
			$error=false;
			if ($_REQUEST['go'] == 'list')
				{
					if (!is_numeric($_REQUEST['list_id']))
						$error = true;

					if ($error)
					{
						header("Location: cmessage.php?msg=Wrong%20Parameter%20in%20cmainpage.php");
						exit;
					}

					setcookie("curr_list_id", $_REQUEST['list_id'], 0, "/");
					$_REQUEST['curr_list_id'] = $_REQUEST['list_id'];
					$query=new cquery();
					$query->set_query_sql("select name from mailmachine_mailing_lists where list_id=" . $_REQUEST['list_id']);
					$query->run_query();
					$row = $query->get_next_row();
					setcookie("curr_list_name", $row[0], 0, "/");
					$_REQUEST['curr_list_name'] = $row[0];
					$query->end_query();
					
				}				
			}
			$lists = new cwebcombo("lists", "select m.list_id, m.name from mailmachine_mailing_lists m, mailmachine_permissions p WHERE m.list_id=p.list_id AND p.user_id='".$_SESSION['username']."'", "list_id", "name");
			$lists->add_item('NONE SELECTED', '-2');
			$lists->set_itemindex($_REQUEST['curr_list_id']);
			parent :: cmlistbaseform();
			$this->m_template->register_variables("IMPORTFORM", array(
				"LIST_OPTIONS" => $lists->show()));
			$this->currentlist			= $_REQUEST['curr_list_id'];	
		}
		
		/**
		* Default generic named request handler
		*
		* Method decides what place the system user is at in
		* in the import process and depending on the var 'step'
		* displays the correct GUI or processes the prepared and
		* validated data.
		*
		* @ return mixed
		*/ 
		function processRequest()
		{
			@$place	= $_REQUEST['STEP'];
			if ( $place == '' || !isset($place) )
			{
				$this->setCaption("<a href=\"cmainpage.php\">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_DATA}");
				$this->m_template->register_file("IMPORTFORM", "wizard_import.tpl");
				$this->m_template->register_variables("BODY", array("FORM"=> $this->m_template->parse("IMPORTFORM")));
			} else {
				switch ($place)
				{
					case '0':
						$this->setCaption('<a href="cmainpage.php">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_VALIDATE}');
						if ( $_REQUEST['importType'] == 'txt' )
						{
							$this->m_template->register_file("VALIDATEDATA","wizard_import_0.tpl");
							$result = $this->_validateTxt($_REQUEST['0']);
							if ( isset($result['ERROR']) )
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>$result['ERROR'],'DATA'=>''));
							} else {
								$this->m_template->register_file("TABLE","wizard_import_table_0.tpl");
								$this->m_template->register_file("ROWOK", "wizard_import_row_0.tpl");
								$this->m_template->register_file("ROWERR001", "wizard_import_row_0_error-001.tpl");
								$this->m_template->register_file("ROWERR002", "wizard_import_row_0_error-002.tpl");
								$this->m_template->register_file("ROWERR003", "wizard_import_row_0_error-003.tpl");
								$this->m_template->register_file("ROWERR004", "wizard_import_row_0_error-004.tpl");
								$this->m_template->register_file("ROWERR005", "wizard_import_row_0_error-005.tpl");

								$rows = '<!-- Rows -->';
								foreach ( $result as $row )
								{
									if ( $row['VALID'] == '001' )
									{
										$this->m_template->register_variables("ROWERR001", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR001");
										$this->m_template->reinit("ROWERR001");
									} elseif ( $row['VALID'] == '002' ){
										$this->m_template->register_variables("ROWERR002", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR002");
										$this->m_template->reinit("ROWERR002");
									}
									elseif ( $row['VALID'] == '003' ){
										$this->m_template->register_variables("ROWERR003", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR003");
										$this->m_template->reinit("ROWERR003");
									}
									elseif ( $row['VALID'] == '004' ){
										$this->m_template->register_variables("ROWERR004", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR004");
										$this->m_template->reinit("ROWERR004");
									}
									elseif ( $row['VALID'] == '005' ){
										$this->m_template->register_variables("ROWERR005", array("VALUE"=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWERR005");
										$this->m_template->reinit("ROWERR005");
									} else {
                                                                                if (get_magic_quotes_gpc()){
                                                                                    $row['VALUE'] = stripslashes($row['VALUE']); 
                                                                                }
										$this->m_template->register_variables("ROWOK", array('VALUE'=>$row['VALUE']));
										$rows .= $this->m_template->parse("ROWOK");
										$this->m_template->reinit("ROWOK");
									}
								}
								$this->m_template->register_variables("TABLE", array('ROWS'=>$rows));
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'','DATA'=>$this->m_template->parse("TABLE")));
								$_SESSION['IMPORT'] = $result;
								if (isset($_REQUEST['optintxt']) && $_REQUEST['optintxt']=='on')
								{
									$_SESSION['optin']='Y';
								}
								if (isset($_REQUEST['resend']) && $_REQUEST['resend']=='on')
								{
									$_SESSION['resend']='Y';
								}
								$_SESSION['offset']=$_REQUEST['offsettxt'];
							}
						} elseif ( $_REQUEST['importType'] == 'csv' ){
							$this->m_template->register_file("VALIDATEDATA","wizard_import_1.tpl");
							$this->m_template->register_file("CUSTOM","wizard_import_1_custom.tpl");
							$this->m_template->register_file("TABLE", "wizard_import_table_1.tpl");
							$this->m_template->register_file("ROWS", "wizard_import_row_1.tpl");
							$this->m_template->register_file("ROWSE", "wizard_import_row_1_errors.tpl");
							$this->m_template->register_file("ROWSETABLE", "wizard_import_row_1_errtable.tpl");
							$this->m_template->register_file("ROWSERROWS", "wizard_import_row_1_errows.tpl");
							$path = $this->_storeData();
							if ( !$path )
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'Fatal Error: Uploaded file not found.','DATA'=>''));
							} else {
								$deli = $_REQUEST['deli'] == 'comma' ? ',' : "\t";
								$result = $this->_validateCSV( $path, $deli );
								$rows = '';
								$errCount = 0;
								if(is_array($result))
								{
									foreach ( $result as $row )
									{
										if ( isset($row['ERROR']) )
										{
											$errCollection = $row['ERROR'];
											$errows = '';
												foreach ( $errCollection as $err )
												{
													$this->m_template->register_variables("ROWSERROWS", array('ERRMSG' => $err));
													$errows .= $this->m_template->parse("ROWSERROWS");
													$this->m_template->reinit("ROWSERROWS");
												}
											$this->m_template->register_variables("ROWSETABLE", array('ERROWS' => $errows));
											$errTable = $this->m_template->parse("ROWSETABLE");
											$this->m_template->reinit("ROWSETABLE");
											$this->m_template->register_variables("ROWSE",  array("EMAIL" 	=> $this->_checkArrayKey('0', $row),
																								 "PASSWORD"	=> $this->_checkArrayKey('1', $row),
																								 "FNAME"	=> $this->_checkArrayKey('2', $row),
																								 "LNAME"	=> $this->_checkArrayKey('3', $row),
																								 "ADD1"		=> $this->_checkArrayKey('4', $row),
																								 "ADD2"		=> $this->_checkArrayKey('5', $row),
																								 "CITY"		=> $this->_checkArrayKey('6', $row),
																								 "STATE"	=> $this->_checkArrayKey('7', $row),
																								 "ZIP"		=> $this->_checkArrayKey('8', $row),
																								 "CONT"		=> $this->_checkArrayKey('9', $row),
																								 "PHONE"	=> $this->_checkArrayKey('10', $row),
																								 "FAX"		=> $this->_checkArrayKey('11', $row),
																								 "CUSTOM1"	=> $this->_checkArrayKey('12', $row),
																								 "CUSTOM2"	=> $this->_checkArrayKey('13', $row),
																								 "CUSTOM3"	=> $this->_checkArrayKey('14', $row),
																								 "CUSTOM4"	=> $this->_checkArrayKey('15', $row),
																								 "CUSTOM5"	=> $this->_checkArrayKey('16', $row),
																								 "ERRNUM"	=> $errCount,
																								 "ERRCOLLECTION" => $errTable));
											$rows .= $this->m_template->parse("ROWSE");
											$this->m_template->reinit("ROWSE");
											$errCount++; 
										} else {
											$this->m_template->register_variables("ROWS",  array("EMAIL" 	=> $this->_checkArrayKey('0', $row),
																								 "PASSWORD"	=> $this->_checkArrayKey('1', $row),
																								 "FNAME"	=> $this->_checkArrayKey('2', $row),
																								 "LNAME"	=> $this->_checkArrayKey('3', $row),
																								 "ADD1"		=> $this->_checkArrayKey('4', $row),
																								 "ADD2"		=> $this->_checkArrayKey('5', $row),
																								 "CITY"		=> $this->_checkArrayKey('6', $row),
																								 "STATE"	=> $this->_checkArrayKey('7', $row),
																								 "ZIP"		=> $this->_checkArrayKey('8', $row),
																								 "CONT"		=> $this->_checkArrayKey('9', $row),
																								 "PHONE"	=> $this->_checkArrayKey('10', $row),
																								 "FAX"		=> $this->_checkArrayKey('11', $row),
																								 "CUSTOM1"	=> $this->_checkArrayKey('12', $row),
																								 "CUSTOM2"	=> $this->_checkArrayKey('13', $row),
																								 "CUSTOM3"	=> $this->_checkArrayKey('14', $row),
																								 "CUSTOM4"	=> $this->_checkArrayKey('15', $row),
																								 "CUSTOM5"	=> $this->_checkArrayKey('16', $row)));
											$rows .= $this->m_template->parse("ROWS");
											$this->m_template->reinit("ROWS");																							 							
										}
										//end else
									}
								}
								$customhtml="";
								$query= new cquery();
								for ($i=1;$i<=10;$i++)
								{
								$query->set_query_sql("SELECT cf.field_label FROM mailmachine_customfields cf, mailmachine_mailing_lists ml WHERE ml.list_id='".$_REQUEST['curr_list_id']."' AND ml.custom".$i."id=cf.field_id");
								$query->run_query();
								if ($query->num_of_rows()=="0")
								{
									$resultcustom=array("field_label" => "Empty");	
								}
								else
								{
									$resultcustom=$query->get_next_hash();
									$this->m_template->register_variables("CUSTOM", $resultcustom);
									$customhtml .= $this->m_template->parse("CUSTOM");
									$this->m_template->reinit("CUSTOM");
								}				
								}
								$this->m_template->register_variables("TABLE", array('ROWS'=>$rows,'CUSTOM_FIELDS'=>$customhtml));
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=>'','DATA'=>$this->m_template->parse("TABLE")));
								$this->_remData($path);
								$_SESSION['IMPORT'] = $result;
								if (isset($_REQUEST['optincsv']) && $_REQUEST['optincsv']=='on')
								{
									$_SESSION['optin']='Y';
								}
								if (isset($_REQUEST['resend']) && $_REQUEST['resend']=='on')
								{
									$_SESSION['resend']='Y';
								}
								$_SESSION['offset']=$_REQUEST['offsetcsv'];							
							}
						}
					break;
					// This case handles the actual import of data into the database.
					case '1':
					    $this->setCaption('<a href="cmainpage.php">{LBL_ADMINISTRATION}</a> / {LBL_IMPORT_COMPLETE}');
						$this->m_template->register_file("VALIDATEDATA","wizard_import_msg.tpl");
						if ( isset($_SESSION['IMPORT']) )
						{
							if ($_SESSION['IMPORT']=="imported")
							{
								$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> 'Already imported this data!','DATA'=>''));	
							}
							else
							{
								if ((isset($_SESSION['resend']) && $_SESSION['resend']=='Y'))
								{
									$lastsendq = new cquery();
									$lastsendq->set_query_sql("SELECT * FROM mailmachine_newsletter WHERE msg_id=( SELECT MAX(msg_id) FROM mailmachine_newsletter WHERE list_id={$_REQUEST['list_id']});");
									$lastsendq->run_query();
									$lastsend = $lastsendq->get_next_hash();
									$msg_id = $lastsend['msg_id'];
									if ($lastsend['sent']=='Y')
									{
										$lastsendq->set_query_sql("INSERT INTO `mailmachine_newsletter` (`list_id`, `type`, `subject`, `date_sent`, `msg_text`, `msg_html`, `sent`, `scheduled`, `userid`) VALUES ('{$_REQUEST['list_id']}', '{$lastsend['type']}', '".addslashes($lastsend['subject'])."', NOW(), '".addslashes($lastsend['msg_text'])."', '".addslashes($lastsend['msg_html'])."', 'N', CURDATE(), '{$lastsend['userid']}');");
										$lastsendq->run_query();
										$msg_id++;
									}
									$lastsendq->end_query();				
								}
								else
								{
									$msg_id=0;
								}
								$importCount = 0;
								if ( $_REQUEST['importType'] == 'txt' ) 
								{
									foreach ( $_SESSION['IMPORT'] as $data )
									{
										if ( $data['VALID'] == 'ok' )
										{
											$record[] = $data['VALUE'];
										}
									}
									if (isset($record) && count($record) >0)
									{
										foreach ( $record as $in )
										{
											$this->_writeRecord($in,$msg_id);
											$importCount++;
										}
									}
								} 
								else 
								{
									foreach ( $_SESSION['IMPORT'] as $record )
									{
										if ( array_key_exists('ERROR', $record) )
										{
											unset($record);
										} 
										else 
										{
										$this->_writeRecord($record,$msg_id);
										$importCount++;
										}
									}
								}
								if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
								{
									$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> $importCount . ' list subscribers will be added to the mailing list, after they have confirmed their subscription.','DATA'=>''));	
								}
								else
								{
									$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> $importCount . ' list subscribers added to the mailing list.','DATA'=>''));
								}
								$_SESSION['IMPORT']="imported";
							}
						}
						else 
						{
							$this->m_template->register_variables("VALIDATEDATA", array('MSG'=> 'Fatal Error: Could not locate user session.','DATA'=>''));
						}
					break;
				}
				$this->m_template->register_variables("BODY", array("FORM" => $this->m_template->parse("VALIDATEDATA")));
			}
		}
		/**
		* Method adds a single record to the database
		*
		* @access private
		* @var $record array the record to add to the database
		* @return boolean
		*/
		function _writeRecord ( $record ,$msg_id)
		{
			if ( is_array($record) )  
			{ 
				$kkk = $record;
			} else {  
				$vals = $record;  
				$kkk = $this->_dbSeed(',',$vals, 22);
			}	
			@list($email,$password,$firstname, $lastname, $address1, $address2, $city, $state,
				$zip ,$country, $phone, $fax, $custom1, $custom2, $custom3, $custom4, $custom5, $custom6, $custom7, $custom8, $custom9, $custom10, $signup_date) = 
				$kkk;
			if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
			{
				$_REQUEST['enabled']='N';
			}	
			//$this->m_sqlbuilder->setValue("email", $email);
                        if (!get_magic_quotes_gpc()){
                            $this->m_sqlbuilder->setValue("email", addslashes($email));
                        }
                        else {
                            $this->m_sqlbuilder->setValue("email", $email);
                        }
            $this->m_sqlbuilder->setValue("password", $password);
			$this->m_sqlbuilder->setValue("first_name", addslashes($firstname));
			$this->m_sqlbuilder->setValue("last_name", addslashes($lastname));
			$this->m_sqlbuilder->setValue("address1", addslashes($address1));
			$this->m_sqlbuilder->setValue("address2", addslashes($address2));
			$this->m_sqlbuilder->setValue("phone", addslashes($phone));
			$this->m_sqlbuilder->setValue("fax", addslashes($fax));
			$this->m_sqlbuilder->setValue("city", addslashes($city));
			$this->m_sqlbuilder->setValue("state", addslashes($state));			
			$this->m_sqlbuilder->setValue("zipcode", addslashes($zip));
			$this->m_sqlbuilder->setValue("country", addslashes($country));
			$this->m_sqlbuilder->setValue("signup_date",'now()',0);			
			$this->m_sqlbuilder->setValue("custom1", addslashes($custom1));
			$this->m_sqlbuilder->setValue("custom2", addslashes($custom2));
			$this->m_sqlbuilder->setValue("custom3", addslashes($custom3));
			$this->m_sqlbuilder->setValue("custom4", addslashes($custom4));
			$this->m_sqlbuilder->setValue("custom5", addslashes($custom5));
			$this->m_sqlbuilder->setValue("custom6", addslashes($custom6));
			$this->m_sqlbuilder->setValue("custom7", addslashes($custom7));
			$this->m_sqlbuilder->setValue("custom8", addslashes($custom8));
			$this->m_sqlbuilder->setValue("custom9", addslashes($custom9));
			$this->m_sqlbuilder->setValue("custom10", addslashes($custom10));
			$this->m_sqlbuilder->setValue("signup_method","Admin import");
			$this->m_sqlbuilder->setValue("signup_ip","Admin");
			$this->m_sqlbuilder->setValue("bounce_count", 0);
			$this->m_sqlbuilder->setValue("offset", $_SESSION['offset']);
			$this->m_sqlbuilder->setValue("date_reinvited", "N/A");
			$this->m_sqlbuilder->setValue("number_reinvited", 0);
			$this->m_sqlbuilder->setValue("receive_latest", 0);
			
			if (isset($_SESSION['receive_latest']) && $_SESSION['receive_latest']==1){
					$this->m_sqlbuilder->setValue("receive_latest", 1);					
				}
			$sql = $this->m_sqlbuilder->getinsertquery("mailmachine_subscribers");	
			$this->m_database->execute_query($sql);
			$insert_id = $this->m_database->get_last_id();
			if (isset($_SESSION['optin']) && $_SESSION['optin']=='Y')
			{
				$mailer = new cbatchmailer();
				$this->opt_in = $mailer->send_optin_mail($insert_id);	
			}else{
				if (isset($_SESSION['receive_latest']) && $_SESSION['receive_latest']==1){
					$mailer = new cbatchmailer();
					$this->lastest = $mailer->send_lastest_mail($email, $this->getListId());					
				}
				if ((isset($_SESSION['resend']) && $_SESSION['resend']=='Y'))
				{
					$insertq = new cquery();
					$insertq->set_query_sql("INSERT INTO mailmachine_sub_msgs (sub_id,msg_id,msg_sent) VALUES ($insert_id,$msg_id,'N')");
					$insertq->run_query();
					$insertq->end_query();				
				}
			}
			return true;				
		}
		/** strips out the values of an array and puts it into a csv string
		*
		* @access private
		* @var $record array
		* @return string
		*/
		function _valString ( $record )
		{
			$s = '';
			foreach ( $record as $r )
			{
				$s .= $r . ',';
			}
			$s=rtrim($s, ',');
			return $s;
		}
		/**
		* Method merges a single record row array into an array for import into the database
		*
		* @access private
		* @var $sep string the delimiter
		* @var $array array the source array
		* @var $number_values interger the number of fields to format to
		* @var $pad string
		* @return array
		*/
		function _dbSeed($sep, $array, $number_values, $pad = '') 
		{ 
			return array_pad(explode($sep, $array, $number_values), $number_values, $pad); 
		}
		/**
		* Takes an array and if array key exists returns key value. 
		* If there is no such key in the array returns key value as null.
		*
		* @access private
		* @var $arrKey string
		* @var $arrRow array
		* @return mixed
		**/
		function _checkArrayKey($arrKey, $arrRow)
		{
		$arrVal = '';
		if (is_array($arrRow) || is_object($arrRow))
		{	
		if(array_key_exists($arrKey,$arrRow))
			{
				$arrVal = $arrRow[$arrKey];
			} 
		else 
			{
				$arrVal = NULL;
			}
		}
		else 
		{
			$arrVal = NULL;
		}
		return $arrVal;
		}
		/**
		* Stores an uploaded file in the data directory.
		* will return either the full path to the file stored or false.
		*
		* @access private
		* @return mixed
		*/
		function _storeData()
		{
			
			if(isset($_FILES["1"]["error"]))
			{
				if ($_FILES['1']['error'] == 0) 
				{
					move_uploaded_file($_FILES["1"]["tmp_name"], $this->dataPath . '/' . $_FILES["1"]["name"]);
					return $this->dataPath . '/' . $_FILES["1"]["name"];
				} else {
					return false;
				}
			}
		}
		/**
		* deletes a csv file from the server once the import is done.
		*
		* @acess private
		* @return VOID
		*/
		function _remData( $path )
		{
			unlink ( $path );
		}
		/**
		* Parses and pre-validates a CSV file to match the database schama
		* will return errors for any row that does conform with the db schema
		*
		* @access private
		* @var $file string Full path to the file
		* @return array
		*/
		function _validateCSV( $file, $delimiter = ',' )
		{
			$data = $this->_arrayFromCSV( $file, false, $delimiter );
			$dCount = count($data) -1;
			$emailArray = $this->_checkArrayForDuplicates ($data);
			if ( $dCount < 0 )
			{
				return array('ERROR' => '011');
			} else {
				
				for ( $i=0; $i<=$dCount; $i++ )
				{
					if(isset($emailArray[$i]))
					{
						$result[] = $this->_validateCSVRow($data[$i]);
					}
				}
			}
			return $result;
		}
		/**
		* Checks for duplicate email addresses, unsets everything but the first match
		*/
		function _checkArrayForDuplicates ($row)
		{
			$count = count($row) -1;
			for($i =0; $i<=$count; $i++ )
			{
			  $emailArray[$i] = strtolower($row[$i][0]);
			}
			$row = array_unique($emailArray);
			return $row;
		}
		function _checkTxtArrayForDuplicates ($row)
		{
			$count = count($row) -1;
			for($i =0; $i<=$count; $i++ )
			{
			  $emailArray[$i] = strtolower($row[$i]);
			}
			$row = array_values(array_unique($emailArray));
			return $row;
		}
		/**
		* Checks the contents of a CSV file row to make sure the required fields are filled in
		*
		* @access private
		* @var $rowArray array
		* @return array
		*/
		function _validateCSVRow ( $rowArray )
		{
			$errCount = 0;
			$iCount = count($rowArray);
			if ( $iCount <> 22 )
			{
				$rowArray=array_pad($rowArray, 22, '');
			}
			if ( empty($rowArray[0]) || !$this->validate($rowArray[0],'email') )
			{
				$rowArray['ERROR'][$errCount] = 'Email Address is missing or not valid';
				$errCount++;
			}
			if ( !$this->_ckdb4addy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address already exists for this mailing list';
				$errCount++;
			}
			if ( !$this->_ckdb4bannedaddy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address has been banned';
				$errCount++;
			}
			if ( !$this->_ckdb4banneddomaddy($rowArray[0]) )
			{
				$rowArray['ERROR'][$errCount] = 'Email address belongs to a banned domain';
				$errCount++;
			}
			if (isset($_REQUEST['check_unsubcsv']) && $_REQUEST['check_unsubcsv']=="on")
			{
				if ( !$this->_ckdb4unsubaddy($rowArray[0]) )
				{	
					$rowArray['ERROR'][$errCount] = 'Email address previously unsubscribed';
					$errCount++;
				}
			}
			
			/*
			if ( empty($rowArray[1]) || !$this->validate($rowArray[1],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Password is not set';
				$errCount++;
			}
			if ( empty($rowArray[2]) || !$this->validate($rowArray[3],"alpha") )
			{
				$rowArray['ERROR'][$errCount] = 'First Name is not set or invalid';
				$errCount++;
			}
			if ( empty($rowArray[3]) || !$this->validate($$rowArray[3],"alpha") )
			{
				$rowArray['ERROR'][$errCount] = 'Last Name is not set or invalid';
				$errCount++;
			}
			if ( empty($rowArray[4]) || !$this->validate($rowArray[4],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'First (1st) address field is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[6]) || !$this->validate($rowArray[6],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'City is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[7]) || !$this->validate($rowArray[7],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'State is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[7]) || !$this->validate($rowArray[7],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Zipcode is missing or not valid';
				$errCount++;
			}
			if ( empty($rowArray[8]) || !$this->validate($rowArray[8],"str") )
			{
				$rowArray['ERROR'][$errCount] = 'Country is missing or not valid';
			}
			*/
			return $rowArray;	
		}
		/**
		* Quick helper function that reads a csv file into an array
		*
		* @access private
		* @var $data string Path to the file
		* @var $hasFieldName boolean
		* @var $delimiter string
		* @var $enclosure
		* @return array
		*/
		function _arrayFromCSV($file, $hasFieldNames = false, $delimiter = ',')
		{
			$result = Array();
		   	$size = filesize($file) +1;
			$file = fopen($file, 'r');
		   	if ($hasFieldNames) $keys = fgetcsv($file, $size, $delimiter);
		   	while ( $row = fgetcsv($file, $size, $delimiter) ) 
			{
				$n = count($row); $res=array();
				for($i = 0; $i < $n; $i++) 
				{
					$idx = ($hasFieldNames) ? $keys[$i] : $i;
					$res[$idx] = $row[$i];
				}
				$result[] = $res;
			}
			fclose($file);
			return $result;
		 }		
		/**
		* Parses and pre-validates a text blob import
		*
		* @var source string
		* @return array
		*/
		function _validateTxt ( $dataString )
		{
			@$inArr = $this->_cleanString($dataString);
			if ( $inArr === false )
			{
				/**
				* @TODO Elegant error handling.
				*/
				echo 'Imported text does not meet the requirements. While parsing no commas, line breaks or carrage returns where found.'; 
				exit(1);
			} else {
				$inArr=$this->_checkTxtArrayForDuplicates($inArr);
				$inCount = count($inArr) - 1;
				if ( $inCount == 0 && $inArr[0]=="")
				{
					$outArr = array('ERROR'=> 'Imported text is not valid, zero (0) rows to import');
				} else {
					for ( $i=0; $i<=$inCount; $i++ )
					{
						if ( is_string($inArr[$i]) )
						{
							if ( !$this->validate($inArr[$i],'email') )
							{
								$v = '001';
							} 
							elseif ( !$this->_ckdb4addy($inArr[$i]) )
							{
								$v = '002';
							}
							elseif ( !$this->_ckdb4bannedaddy($inArr[$i]) )
							{
								$v='003';
							}
							elseif ( !$this->_ckdb4banneddomaddy($inArr[$i]) )
							{
								$v='004';
							}
							elseif (isset($_REQUEST['check_unsubtxt']) && $_REQUEST['check_unsubtxt']=="on")
							{
								if ( !$this->_ckdb4unsubaddy($inArr[$i]) )
								{	
									$v='005';
								}
								else
								{
									$v = 'ok';	
								}
							}
							else 
							{
								$v = 'ok';
							}
							$outArr[] = array('VALID'=>$v, 'VALUE'=>$inArr[$i]);
						}
					}
				}
				return $outArr;
			}
		}
		/**
		* Helper function that makes windows csv files work nice on *nix and php
		*
		* @access private
		* @var $file string
		* @return void
		*/
		function _win2unix ( $file ) 
		{
       		$fp 	= fopen($file,'r');
       		$fptmp 	= fopen($file.'_tmp','w');
       		while( !feof($fp) )
			{
               $line 	= chop(fgets($fp,4096));
               $ret 	= ereg_replace(chr(13) . chr(10),"\n",$line);
               $ret 	= ereg_replace(chr(13),"\n",$ret);
               fwrite($fptmp,$ret);
       		}
       		fclose($fp);
       		fclose($fptmp);
      		unlink($file);
       		copy($file.'_tmp', $file);
       		unlink($file.'_tmp');
		}
		/**
		* Helper method that searches across the database to see if an
		* email address already exists for a mailing list
		*
		* @access private
		* @var @addy string
		* @return boolean
		*/
		function _ckdb4addy( $addy )
		{
						$currentList=$this->currentlist;
                        //$addy = addslashes($addy);
                        if (!get_magic_quotes_gpc()) {
                            $addy = addslashes($addy);
							$currentList=addslashes($this->currentlist);
                        }

			$sql = "SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '$currentlist'";
			$sql .=" AND mailmachine_subscribers.email = '$addy' ";
			$query = new cquery();			
			$query->set_query_sql($sql);			
			$query->run_query();
			$qCount = $query->num_of_rows();
			if ( $qCount >= 1 )
			{
				return false;
			} else {
				return true;
			}
		}
		function _ckdb4bannedaddy( $addy )
		{
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
                                }

				$query =new cquery();
				$sql = "select * from mailmachine_banned_emails where ban_item='".$addy ."' and ban_type ='E'";
				$query->set_query_sql($sql);				
				$query->run_query();

				if ($query->num_of_rows()>=1)
				{								 
					return false;
				}
				else
				{
					return true;
				}			
		}
		
		function _ckdb4banneddomaddy( $addy )
		{
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
                                }

				$domain=explode("@",$addy);
				$query =new cquery();
				if (count($domain)=="2")
				{
					$sql = "select * from mailmachine_banned_emails where ban_item= '".$domain[1] ."' and ban_type ='D'";
					$query->set_query_sql($sql);				
					$query->run_query();
					if ($query->num_of_rows()>=1)
					{								 
							return false;
					}
					else
					{
						return true;
					}
				}
				else
				{
					return true;
				}			
		}
		function _ckdb4unsubaddy( $addy )
		{
								$currentList=$this->currentlist;
                                //$addy = addslashes($addy);
                                if (!get_magic_quotes_gpc()) {
                                    $addy = addslashes($addy);
									$currentList=addslashes($this->currentlist);
                                }

				$query =new cquery();
				$sql = "select * from mailmachine_unsubscribers where email='".$addy ."' and list_id = '$currentList'";
				$query->set_query_sql($sql);				
				$query->run_query();

				if ($query->num_of_rows()>=1)
				{								 
					return false;
				}
				else
				{
					return true;
				}			
		}
		
		/** 
		* Helper method that replaces line endings with commas
		*
		* @access private
		* @var $dataString string
		* @return array
		*/
		function _cleanString( $dataString )
		{
			$search 	= array("'([\r\n])[\s]+'");
			$replace	= array(",");
			$text 		= preg_replace($search, $replace, $dataString);
			$cleanStr	= preg_replace('/\s\s+/', ' ', $text);
			$outArray	= explode(',', $cleanStr);
			$this->_cleanEmptyNodes($outArray);
			sort($outArray);
			return $outArray;
		}
		/**
		* Helper method that finds empty nodes of an array and deletes them
		*
		* @access private
		* @var $blank string The value to search for to unset
		* @var $input array The array to search
		* @return array
		*/
		function _cleanEmptyNodes ( $blank = '', &$input )
		{
			while(($search = array_search($blank,$input)) > -1) 
			unset($input[$search]);
		}			
	}
}
$page = new cimport();
$page->processRequest();
$page->show();

?>

Open in new window

0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36540469
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 36542518
you may as well want to use var_export() which will quote values when needed and only in that case and never produce weird transtyping bugs.

on the other hand, it is prone to SQL injections if the input string contains C escape characters
in a webserver context, this should not be the case
for sure, apache, lighttpd, and thttpd and probably any other wildly used web server will protect you, no idea about IIS
0
 

Accepted Solution

by:
cuttone earned 0 total points
ID: 36816877
Te developer of the program responded. It actually was not an issue with the code, but rather with how access was exporting the tables and the order of the coumns
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36817701
How access was exporting the tables?  That may be one problem, but this from the original question clearly shows us that the apostrophe was not escaped.  That is what caused the error #1064.

SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '3' AND mailmachine_subscribers.email = 'St. John's University - NY'
0
 

Author Comment

by:cuttone
ID: 36817928
The tables were being exported in the wrong order and the column with St.John's was where the e-mail address column was supposed to be, which resulted in the error, since there can not be an apostrophe in an e-mail address. When the order issue was resolved, there was no longer an error and the script worked properly.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36818792
The script worked properly in a coincidental sort of manner.  I think the use of mysql_real_escape_string() should be made in consonance with the advice from PHP.net.

See http://us2.php.net/manual/en/function.mysql-real-escape-string.php
"This function must always (with few exceptions) be used to make data safe before sending a query to MySQL."  

The few exceptions might include internally generated values that cannot contain external data.  But if you have a string of any kind from any external source, the function is your friend.
0
 

Author Closing Comment

by:cuttone
ID: 36908498
The developer of the program responded and resolved the issue
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 36890945
I hope the developer's response included the correct use of
http://php.net/manual/en/function.mysql-real-escape-string.php
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 36917109
hello

<quote>
Query Error: SELECT sub_id FROM mailmachine_subscribers WHERE mailmachine_subscribers.list_id = '3' AND mailmachine_subscribers.email = 'St. John's University - NY'
ErrorNumber: 1064
Error Description: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's University - NY'' at line 1
</quote>

you will get this exact same error even if your database does not contain any data or even any table at all.
the error occurs while the query is being parsed, and the dataset cannot be responsible for this in any way

it is fairly possible that there was a second bug linked to the tables exports, and such stuff, but this cannot explain your probleme in any way.
this is clerly undoubtful since we all saw the (junior-my-first-experience-with-SQL) error in the code as well

if the developper said otherwise, well then he clearly lied

good luck
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
php call to a non-object 3 32
xampp tool 12 24
Change text to radio button and calendar form 2 32
Session timeout 5 13
Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now