ik kan fout bij overgang mysql naar mysqli niet vinden

Overzicht Reageren

Sponsored by: Vacatures door Monsterboard

Lead C# Ontwikkelaar

Lead C# Ontwikkelaar vaste standplaats Nijmegen Organisatie Groeiend IT bedrijf, gericht op duurzaamheid en maatschappelijk verantwoord ondernemen. Contactpersoon Roel Kavelaar ; rkavelaar@search-consult.nl ; 06 449 49 337 Verantwoordelijkheden Meedenken over verder ontwikkelen van het bedrijf Leiding geven aan ontwikkelaars Doorspreken van lopende projecten met je teamleden Plannen en budgetteren van nieuwe projectaanvragen Met de klant en andere betrokken partijen functioneel en technisch ontwerp van de aangeboden oplossing opstellen Klanten adviseren over mogelijke oplossingen voor het koppelen van systemen Klanten adviseren over mogelijke oplossingen voor het koppelen van systemen Met de klant en andere betrokken partijen een ontwerp van de aangeboden

Bekijk vacature »

Giel van Dam

Giel van Dam

08/01/2014 12:54:42
Quote Anchor link
Beste lezer,

Onderstaand werkte tot php5.5 helemaal correct in mysql. Nadat er foutmeldingen waren omdat de queri NIET toegevoegd werd aan de atabase, probeer ik nu het geheel om te zetten naar MYSQLI. Maar het werkt niet en van de nieuwe taal weet ik te weinig om de fout te vinden. Wil iemand mij helpen?

Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
<?php

$where_form_is
="http://".$_SERVER['SERVER_NAME'].strrev(strstr(strrev($_SERVER['PHP_SELF']),"/"));

session_start();
if( ($_SESSION['security_code']==$_POST['security_code']) && (!empty($_POST['security_code'])) ) {

include("config.inc.php");
$link = mysqli_connect($db_host,$db_user,$db_pass);
/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

mysqli_select_db($db_name,$link);

$query = "INSERT into `".$db_table."` (familyname,firstnames,nationality,eu,gender,dateofbirth,adress,postalcode,city,countryofresidence,phone,skype,email,lifepartner,children,specialneeds,previousdegree,emms,emmsyear,firstproject,secondproject,cveuropass,passport,motivation,diploma,firstreclet,secondreclet,studyresults,languageresult,password) VALUES ('" . $_POST['familyname'] . "','" . $_POST['firstnames'] . "','" . $_POST['nationality'] . "','" . $_POST['eu'] . "','" . $_POST['gender'] . "','" . $_POST['dateofbirth'] . "','" . $_POST['adress'] . "','" . $_POST['postalcode'] . "','" . $_POST['city'] . "','" . $_POST['countryofresidence'] . "','" . $_POST['phone'] . "','" . $_POST['skype'] . "','" . $_POST['email'] . "','" . $_POST['lifepartner'] . "','" . $_POST['children'] . "','" . $_POST['specialneeds'] . "','" . $_POST['previousdegree'] . "','" . $_POST['emms'] . "','" . $_POST['emmsyear'] . "','" . $_POST['firstproject'] . "','" . $_POST['secondproject'] . "','".$where_form_is."files/".$cveuropass_filename."','" .$where_form_is."files/".$passport_filename. "','" .$where_form_is."files/".$motivation_filename. "','" .$where_form_is."files/".$diploma_filename. "','".$where_form_is."files/".$firstreclet_filename."','".$where_form_is."files/".$secondreclet_filename. "','".$where_form_is."files/".$studyresults_filename. "','".$where_form_is."files/".$languageresult_filename. "','" . $_POST['password'] . "')";
mysqli_query($query);

$newid = mysqli_insert_id($link);

mysqli_close($link);

mail(($_POST['email']),"Form confirmation","
Dear Madam or Sir "
. $_POST['familyname'] . ",

Thank you for your application.
Your ID-number is: $newid.
Please use this ID-number in all correspondence with the coordinator.
You will be informed if your application is eligible before end of February 2014.

If you have any further questions, you can contact the coordinator at xxxxxxxx@xxxxxxxx.xx

With kind regards,

"
);

}


?>


Toevoeging op 08/01/2014 12:56:18:

Oh ja, ter anvulling: de mail aan het eind wordt keurig verzonden maar er wordt nieuts in de database opgenomen.
 
PHP hulp

PHP hulp

25/09/2021 08:21:31
 
Kris Peeters

Kris Peeters

08/01/2014 13:04:36
Quote Anchor link
Wat zijn de symptomen van het probleem?

Indien je error reporting op je scherm krijgt, copy/paste die hier even.
 
Giel van Dam

Giel van Dam

08/01/2014 13:07:04
Quote Anchor link
Tja er komt een error rapport maar dat is zo snel overschreven door de volgende pagina dat ik geen tijd heb om het te lezen. En ik ben te weinig programmeur om te weten hoe ik dat kan voorkomen.
 
Michael -

Michael -

08/01/2014 13:18:48
Quote Anchor link
Giel van Dam op 08/01/2014 13:07:04:
Tja er komt een error rapport maar dat is zo snel overschreven door de volgende pagina dat ik geen tijd heb om het te lezen. En ik ben te weinig programmeur om te weten hoe ik dat kan voorkomen.

Dan moet je zorgen dat hij niet wordt doorgestuurd, maar dat je die foutmelding krijgt te zien anders blijft het gokken.
Ik heb wat dingetjes aangepast die je mogelijk iets verder helpen
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
session_start();
include("config.inc.php");

$link = mysqli_connect($db_host, $db_user, $db_pass, $db_name);

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}


if( ( $_SESSION['security_code'] == $_POST['security_code'] ) && ( !empty( $_POST['security_code'] ) ) ) {

    $where_form_is = "http://" . $_SERVER['SERVER_NAME'] . strrev( strstr( strrev( $_SERVER['PHP_SELF'] ),"/" ) );

    $query = "INSERT into " . $db_table . " (
    familyname,
    firstnames,
    nationality,
    eu,
    gender,
    dateofbirth,
    adress,
    postalcode,
    city,
    countryofresidence,
    phone,
    skype,
    email,
    lifepartner,
    children,
    specialneeds,
    previousdegree,
    emms,
    emmsyear,
    firstproject,
    secondproject,
    cveuropass,
    passport,
    motivation,
    diploma,
    firstreclet,
    secondreclet,
    studyresults,
    languageresult,
    password
    )
    VALUES (
    '"
. $_POST['familyname'] . "',
    '"
. $_POST['firstnames'] . "',
    '"
. $_POST['nationality'] . "',
    '"
. $_POST['eu'] . "',
    '"
. $_POST['gender'] . "',
    '"
. $_POST['dateofbirth'] . "',
    '"
. $_POST['adress'] . "',
    '"
. $_POST['postalcode'] . "',
    '"
. $_POST['city'] . "',
    '"
. $_POST['countryofresidence'] . "',
    '"
. $_POST['phone'] . "',
    '"
. $_POST['skype'] . "',
    '"
. $_POST['email'] . "',
    '"
. $_POST['lifepartner'] . "',
    '"
. $_POST['children'] . "',
    '"
. $_POST['specialneeds'] . "',
    '"
. $_POST['previousdegree'] . "',
    '"
. $_POST['emms'] . "',
    '"
. $_POST['emmsyear'] . "',
    '"
. $_POST['firstproject'] . "',
    '"
. $_POST['secondproject'] . "',
    '"
.$where_form_is."files/".$cveuropass_filename."',
    '"
.$where_form_is."files/".$passport_filename. "',
    '"
.$where_form_is."files/".$motivation_filename. "',
    '"
.$where_form_is."files/".$diploma_filename. "',
    '"
.$where_form_is."files/".$firstreclet_filename."',
    '"
.$where_form_is."files/".$secondreclet_filename. "',
    '"
.$where_form_is."files/".$studyresults_filename. "',
    '"
.$where_form_is."files/".$languageresult_filename. "',
    '"
. $_POST['password'] . "'
    )"
;
    $res = mysqli_query($query);

    if($res){

        $newid = mysqli_insert_id($link);

        mail(($_POST['email']),"Form confirmation","
        Dear Madam or Sir "
. $_POST['familyname'] . ",

        Thank you for your application.
        Your ID-number is: "
. $newid . ".
        Please use this ID-number in all correspondence with the coordinator.
        You will be informed if your application is eligible before end of February 2014.

        If you have any further questions, you can contact the coordinator at xxxxxxxx@xxxxxxxx.xx

        With kind regards,

        "
);
    }
else {
        echo 'Error ' . mysqli_error();
    }

}

mysqli_close($link);
?>

Ook gebruik je addres. Het is adres of address.
Zo zou je een error moet krijgen als de insert niet lukt. Graag horen we wat deze error is :)

Edit: Let ook even op dat je script nu zo lek is als een zeef. Post en get nooit zomaar in je database stoppen. Gebruik hier mysqli_real_escape_string()
Gewijzigd op 08/01/2014 13:21:54 door Michael -
 
Php knipper

php knipper

08/01/2014 13:19:43
Quote Anchor link
opgelet sql hacken!!


gebruik: mysqli_real_escape_string($link, $_POST['**'])

probeer ook het doorschakelen even uit te zetten zodat we de foutcode zien of kijk in je error log.
Gewijzigd op 08/01/2014 13:21:29 door php knipper
 
Michael -

Michael -

08/01/2014 13:24:17
Quote Anchor link
Php knipper op 08/01/2014 13:19:43:
opgelet sql hacken!!


gebruik: mysqli_real_escape_string($link, $_POST['**'])

probeer ook het doorschakelen even uit te zetten zodat we de foutcode zien of kijk in je error log.

Mooi filmpje! :)
Gewijzigd op 08/01/2014 13:24:28 door Michael -
 
Giel van Dam

Giel van Dam

08/01/2014 13:56:38
Quote Anchor link
Bedankt voor de hulp tot zover.
Voor zover ik kan zien, heb ik de code aangepast volgens de aanwijzingen van Michael.
De vorige keer liet ik een heleboel weg omdat daar zeker de fout niet in zat.
Nu voor de volledigheid de hele aangepaste code.

Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
<?php

session_start();

{


// File upload handling
if($_FILES['cveuropass']['name']!=''){
$cveuropass_filename = $_POST['dateofbirth'] ."-cveuropass-".date("dmYHi").substr($_FILES['cveuropass']['name'],strlen($_FILES['cveuropass']['name'])-4);
if(!move_uploaded_file($_FILES['cveuropass']['tmp_name'], "./files/".$cveuropass_filename)){
die("File " .  $_FILES['cveuropass']['name'] . " was not uploaded.");
}
}


// File upload handling
if($_FILES['passport']['name']!=''){
$passport_filename = $_POST['dateofbirth'] ."-passport-".date("dmYHi").substr($_FILES['passport']['name'],strlen($_FILES['passport']['name'])-4);
if(!move_uploaded_file($_FILES['passport']['tmp_name'], "./files/".$passport_filename)){
die("File " .  $_FILES['passport']['name'] . " was not uploaded.");
}
}


// File upload handling
if($_FILES['motivation']['name']!=''){
$motivation_filename = $_POST['dateofbirth'] ."-motivation-".date("dmYHi").substr($_FILES['motivation']['name'],strlen($_FILES['motivation']['name'])-4);
if(!move_uploaded_file($_FILES['motivation']['tmp_name'], "./files/".$motivation_filename)){
die("File " .  $_FILES['motivation']['name'] . " was not uploaded.");
}
}


// File upload handling
if($_FILES['diploma']['name']!=''){
$diploma_filename = $_POST['dateofbirth'] ."-diploma-".date("dmYHi").substr($_FILES['diploma']['name'],strlen($_FILES['diploma']['name'])-4);
if(!move_uploaded_file($_FILES['diploma']['tmp_name'], "./files/".$diploma_filename)){
die("File " .  $_FILES['diploma']['name'] . " was not uploaded.");
}
}


// File upload handling
if($_FILES['firstreclet']['name']!=''){
$firstreclet_filename = $_POST['dateofbirth'] ."-firstreclet-".date("dmYHi").substr($_FILES['firstreclet']['name'],strlen($_FILES['firstreclet']['name'])-

4);
if(!move_uploaded_file($_FILES['firstreclet']['tmp_name'], "./files/".$firstreclet_filename)){
die("File " .  $_FILES['firstreclet']['name'] . " was not uploaded.");
}
}


// File upload handling
if($_FILES['secondreclet']['name']!=''){
$secondreclet_filename = $_POST['dateofbirth'] ."-secondreclet-".date("dmYHi").substr($_FILES['secondreclet']['name'],strlen($_FILES['secondreclet']

[
'name'])-4);
if(!move_uploaded_file($_FILES['secondreclet']['tmp_name'], "./files/".$secondreclet_filename)){
die("File " .  $_FILES['secondreclet']['name'] . " was not uploaded.");
}
}


// File upload handling
if($_FILES['studyresults']['name']!=''){
$studyresults_filename = $_POST['dateofbirth'] ."-studyresults-".date("dmYHi").substr($_FILES['studyresults']['name'],strlen($_FILES['studyresults']

[
'name'])-4);
if(!move_uploaded_file($_FILES['studyresults']['tmp_name'], "./files/".$studyresults_filename)){
die("File " .  $_FILES['studyresults']['name'] . " was not uploaded.");
}
}


// File upload handling
if($_FILES['languageresult']['name']!=''){
$languageresult_filename = $_POST['dateofbirth'] ."-languageresult-".date("dmYHi").substr($_FILES['languageresult']['name'],strlen($_FILES

['languageresult']['name'])-4);
if(!move_uploaded_file($_FILES['languageresult']['tmp_name'], "./files/".$languageresult_filename)){
die("File " .  $_FILES['languageresult']['name'] . " was not uploaded.");
}
}


include("config.inc.php");

$link = mysqli_connect($db_host, $db_user, $db_pass, $db_name);

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}


if( ( $_SESSION['security_code'] == $_POST['security_code'] ) && ( !empty( $_POST['security_code'] ) ) ) {

    $where_form_is = "http://" . $_SERVER['SERVER_NAME'] . strrev( strstr( strrev( $_SERVER['PHP_SELF'] ),"/" ) );

    $query = "INSERT into " . $db_table . " (
    familyname,
    firstnames,
    nationality,
    eu,
    gender,
    dateofbirth,
    adress,
    postalcode,
    city,
    countryofresidence,
    phone,
    skype,
    email,
    lifepartner,
    children,
    specialneeds,
    previousdegree,
    emms,
    emmsyear,
    firstproject,
    secondproject,
    cveuropass,
    passport,
    motivation,
    diploma,
    firstreclet,
    secondreclet,
    studyresults,
    languageresult,
    password
    )
    VALUES (
    '"
. $_POST['familyname'] . "',
    '"
. $_POST['firstnames'] . "',
    '"
. $_POST['nationality'] . "',
    '"
. $_POST['eu'] . "',
    '"
. $_POST['gender'] . "',
    '"
. $_POST['dateofbirth'] . "',
    '"
. $_POST['adress'] . "',
    '"
. $_POST['postalcode'] . "',
    '"
. $_POST['city'] . "',
    '"
. $_POST['countryofresidence'] . "',
    '"
. $_POST['phone'] . "',
    '"
. $_POST['skype'] . "',
    '"
. $_POST['email'] . "',
    '"
. $_POST['lifepartner'] . "',
    '"
. $_POST['children'] . "',
    '"
. $_POST['specialneeds'] . "',
    '"
. $_POST['previousdegree'] . "',
    '"
. $_POST['emms'] . "',
    '"
. $_POST['emmsyear'] . "',
    '"
. $_POST['firstproject'] . "',
    '"
. $_POST['secondproject'] . "',
    '"
.$where_form_is."files/".$cveuropass_filename."',
    '"
.$where_form_is."files/".$passport_filename. "',
    '"
.$where_form_is."files/".$motivation_filename. "',
    '"
.$where_form_is."files/".$diploma_filename. "',
    '"
.$where_form_is."files/".$firstreclet_filename."',
    '"
.$where_form_is."files/".$secondreclet_filename. "',
    '"
.$where_form_is."files/".$studyresults_filename. "',
    '"
.$where_form_is."files/".$languageresult_filename. "',
    '"
. $_POST['password'] . "')";
    $res = mysqli_query($query);


    if($res){

        $newid = mysqli_insert_id($link);


mail("xxxx@xxxxx.xx","xxxxxxxxxxx - ID $newid - New form submission","There is a new application.

Form data:

ID: "
.$newid."
Family name: "
. $_POST['familyname'] . "
First name(s): "
. $_POST['firstnames'] . "
Nationality: "
. $_POST['nationality'] . "
EU/ non-EU: "
. $_POST['eu'] . "
Gender: "
. $_POST['gender'] . "
Date of birth: "
. $_POST['dateofbirth'] . "
Address: "
. $_POST['adress'] . "
Postal code: "
. $_POST['postalcode'] . "
City: "
. $_POST['city'] . "
Country of residence: "
. $_POST['countryofresidence'] . "
Phone: "
. $_POST['phone'] . "
Skype: "
. $_POST['skype'] . "
E-mail address: "
. $_POST['email'] . "
Life partner: "
. $_POST['lifepartner'] . "
Children: "
. $_POST['children'] . "
Special needs: "
. $_POST['specialneeds'] . "
Institution delivering previous degree / University of origin / Year: "
. $_POST['previousdegree'] . "
Erasmus Mundus Masters Scholarship: "
. $_POST['emms'] . "
Erasmus Mundus Masters Scholarship (Year): "
. $_POST['emmsyear'] . "
First Project: "
. $_POST['firstproject'] . "
Second Project: "
. $_POST['secondproject'] . "
CV Europass: "
.$where_form_is."files/".$cveuropass_filename." (original file name: " . $_FILES['cveuropass']['name'] . ")
Copy passport: "
.$where_form_is."files/".$passport_filename." (original file name: " . $_FILES['passport']['name'] . ")
Motivation letter: "
.$where_form_is."files/".$motivation_filename." (original file name: " . $_FILES['motivation']['name'] . ")
Copy of diploma / degree: "
.$where_form_is."files/".$diploma_filename." (original file name: " . $_FILES['diploma']['name'] . ")
First recommendation letter: "
.$where_form_is."files/".$firstreclet_filename." (original file name: " . $_FILES['firstreclet']['name'] . ")
Second recommendation letter: "
.$where_form_is."files/".$secondreclet_filename." (original file name: " . $_FILES['secondreclet']['name'] . ")
Study results: "
.$where_form_is."files/".$studyresults_filename." (original file name: " . $_FILES['studyresults']['name'] . ")
Language test result: "
.$where_form_is."files/".$languageresult_filename." (original file name: " . $_FILES['languageresult']['name'] . ")
"
);

mail(($_POST['email']),"xxxxxxxxx - Form confirmation","
Dear Madam or Sir "
. $_POST['familyname'] . ",

Thank you for your application.
Your ID-number is: "
.$newid.".
Please use this ID-number in all correspondence with the xxxxxxxxxx coordinator.
You will be informed if your application is eligible before end of February 2014.

If you have any further questions, you can contact the xxxxxxxxxxxx
coordinator at xxxxxxxxx@xxxxxxxxxxxxx.xx

With kind regards,

xxxxxxxxxxxx coordinator
xxxxxxxxxxxxx
"
);
    }
else {
        echo 'Error ' . mysqli_error();
    }

}

mysqli_close($link);

include("confirm.html");
}

else {
echo "You typed an Invalid Captcha String or a file you want to upload
is bigger then 4 MB. In that case please make it smaller."
;
}


?>



HELAAS werkt het nog niet. Er wordt niets in de database geschreven.
En het is me ook gelukt om de foutcode te lezen (uitzetten van "include("confirm.html");"; had ik moeten bedenken.
De fout is "Parse error: syntax error, unexpected T_ELSE in /home/deb33684/domains/enc-network.eu/public_html/form/processor.php on line 217"
 
Michael -

Michael -

08/01/2014 14:01:47
Quote Anchor link
Dan gaat er iets mis met } of {. Die { op regel 5 hoort daar ook niet te zwerven.
Als je wat overzichtelijker programmeert zou je sneller de fout kunnen zien.
 
Giel van Dam

Giel van Dam

08/01/2014 14:06:24
Quote Anchor link
Tja dit is ook niet mijn vak. Ik doe dit nu als geste maar zie allang dat mijn kennis niet ver genoeg gaat. Wist ik maar iemand die tegen betaling dit nu af kon ronden. Jij? En inderdaad ben ik nu haakjes aan het tellen!
 
Michael -

Michael -

08/01/2014 14:06:44
Quote Anchor link
Probeer het nog eens.
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
<?php
session_start();

include("config.inc.php");

$link = mysqli_connect($db_host, $db_user, $db_pass, $db_name);

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}


// File upload handling
if($_FILES['cveuropass']['name']!=''){
    $cveuropass_filename = $_POST['dateofbirth'] ."-cveuropass-".date("dmYHi").substr($_FILES['cveuropass']['name'],strlen($_FILES['cveuropass']['name'])-4);
    if(!move_uploaded_file($_FILES['cveuropass']['tmp_name'], "./files/".$cveuropass_filename)){
        die("File " .  $_FILES['cveuropass']['name'] . " was not uploaded.");
    }
}


// File upload handling
if($_FILES['passport']['name']!=''){
$passport_filename = $_POST['dateofbirth'] ."-passport-".date("dmYHi").substr($_FILES['passport']['name'],strlen($_FILES['passport']['name'])-4);
    if(!move_uploaded_file($_FILES['passport']['tmp_name'], "./files/".$passport_filename)){
        die("File " .  $_FILES['passport']['name'] . " was not uploaded.");
    }
}


// File upload handling
if($_FILES['motivation']['name']!=''){
$motivation_filename = $_POST['dateofbirth'] ."-motivation-".date("dmYHi").substr($_FILES['motivation']['name'],strlen($_FILES['motivation']['name'])-4);
    if(!move_uploaded_file($_FILES['motivation']['tmp_name'], "./files/".$motivation_filename)){
        die("File " .  $_FILES['motivation']['name'] . " was not uploaded.");
    }
}


// File upload handling
if($_FILES['diploma']['name']!=''){
$diploma_filename = $_POST['dateofbirth'] ."-diploma-".date("dmYHi").substr($_FILES['diploma']['name'],strlen($_FILES['diploma']['name'])-4);
    if(!move_uploaded_file($_FILES['diploma']['tmp_name'], "./files/".$diploma_filename)){
        die("File " .  $_FILES['diploma']['name'] . " was not uploaded.");
    }
}


// File upload handling
if($_FILES['firstreclet']['name']!=''){
$firstreclet_filename = $_POST['dateofbirth'] ."-firstreclet-".date("dmYHi").substr($_FILES['firstreclet']['name'],strlen($_FILES['firstreclet']['name'])-4);
    if(!move_uploaded_file($_FILES['firstreclet']['tmp_name'], "./files/".$firstreclet_filename)){
        die("File " .  $_FILES['firstreclet']['name'] . " was not uploaded.");
    }
}


// File upload handling
if($_FILES['secondreclet']['name']!=''){
    $secondreclet_filename = $_POST['dateofbirth'] ."-secondreclet-".date("dmYHi").substr($_FILES['secondreclet']['name'],strlen($_FILES['secondreclet']['name'])-4);
    if(!move_uploaded_file($_FILES['secondreclet']['tmp_name'], "./files/".$secondreclet_filename)){
        die("File " .  $_FILES['secondreclet']['name'] . " was not uploaded.");
    }
}


// File upload handling
if($_FILES['studyresults']['name']!=''){
    $studyresults_filename = $_POST['dateofbirth'] ."-studyresults-".date("dmYHi").substr($_FILES['studyresults']['name'],strlen($_FILES['studyresults']['name'])-4);
    if(!move_uploaded_file($_FILES['studyresults']['tmp_name'], "./files/".$studyresults_filename)){
        die("File " .  $_FILES['studyresults']['name'] . " was not uploaded.");
    }
}


// File upload handling
if($_FILES['languageresult']['name']!=''){
    $languageresult_filename = $_POST['dateofbirth'] ."-languageresult-".date("dmYHi").substr($_FILES['languageresult']['name'],strlen($_FILES['languageresult']['name'])-4);
    if(!move_uploaded_file($_FILES['languageresult']['tmp_name'], "./files/".$languageresult_filename)){
        die("File " .  $_FILES['languageresult']['name'] . " was not uploaded.");
    }
}


if( ( $_SESSION['security_code'] == $_POST['security_code'] ) && ( !empty( $_POST['security_code'] ) ) ) {

    $where_form_is = "http://" . $_SERVER['SERVER_NAME'] . strrev( strstr( strrev( $_SERVER['PHP_SELF'] ),"/" ) );

    $query = "INSERT into " . $db_table . " (
    familyname,
    firstnames,
    nationality,
    eu,
    gender,
    dateofbirth,
    adress,
    postalcode,
    city,
    countryofresidence,
    phone,
    skype,
    email,
    lifepartner,
    children,
    specialneeds,
    previousdegree,
    emms,
    emmsyear,
    firstproject,
    secondproject,
    cveuropass,
    passport,
    motivation,
    diploma,
    firstreclet,
    secondreclet,
    studyresults,
    languageresult,
    password
    )
    VALUES (
    '"
. $_POST['familyname'] . "',
    '"
. $_POST['firstnames'] . "',
    '"
. $_POST['nationality'] . "',
    '"
. $_POST['eu'] . "',
    '"
. $_POST['gender'] . "',
    '"
. $_POST['dateofbirth'] . "',
    '"
. $_POST['adress'] . "',
    '"
. $_POST['postalcode'] . "',
    '"
. $_POST['city'] . "',
    '"
. $_POST['countryofresidence'] . "',
    '"
. $_POST['phone'] . "',
    '"
. $_POST['skype'] . "',
    '"
. $_POST['email'] . "',
    '"
. $_POST['lifepartner'] . "',
    '"
. $_POST['children'] . "',
    '"
. $_POST['specialneeds'] . "',
    '"
. $_POST['previousdegree'] . "',
    '"
. $_POST['emms'] . "',
    '"
. $_POST['emmsyear'] . "',
    '"
. $_POST['firstproject'] . "',
    '"
. $_POST['secondproject'] . "',
    '"
.$where_form_is."files/".$cveuropass_filename."',
    '"
.$where_form_is."files/".$passport_filename. "',
    '"
.$where_form_is."files/".$motivation_filename. "',
    '"
.$where_form_is."files/".$diploma_filename. "',
    '"
.$where_form_is."files/".$firstreclet_filename."',
    '"
.$where_form_is."files/".$secondreclet_filename. "',
    '"
.$where_form_is."files/".$studyresults_filename. "',
    '"
.$where_form_is."files/".$languageresult_filename. "',
    '"
. $_POST['password'] . "')";
    $res = mysqli_query($query);


    if($res){

        $newid = mysqli_insert_id($link);

        mail("xxxx@xxxxx.xx","xxxxxxxxxxx - ID $newid - New form submission","There is a new application.

        Form data:

        ID: "
.$newid."
        Family name: "
. $_POST['familyname'] . "
        First name(s): "
. $_POST['firstnames'] . "
        Nationality: "
. $_POST['nationality'] . "
        EU/ non-EU: "
. $_POST['eu'] . "
        Gender: "
. $_POST['gender'] . "
        Date of birth: "
. $_POST['dateofbirth'] . "
        Address: "
. $_POST['adress'] . "
        Postal code: "
. $_POST['postalcode'] . "
        City: "
. $_POST['city'] . "
        Country of residence: "
. $_POST['countryofresidence'] . "
        Phone: "
. $_POST['phone'] . "
        Skype: "
. $_POST['skype'] . "
        E-mail address: "
. $_POST['email'] . "
        Life partner: "
. $_POST['lifepartner'] . "
        Children: "
. $_POST['children'] . "
        Special needs: "
. $_POST['specialneeds'] . "
        Institution delivering previous degree / University of origin / Year: "
. $_POST['previousdegree'] . "
        Erasmus Mundus Masters Scholarship: "
. $_POST['emms'] . "
        Erasmus Mundus Masters Scholarship (Year): "
. $_POST['emmsyear'] . "
        First Project: "
. $_POST['firstproject'] . "
        Second Project: "
. $_POST['secondproject'] . "
        CV Europass: "
.$where_form_is."files/".$cveuropass_filename." (original file name: " . $_FILES['cveuropass']['name'] . ")
        Copy passport: "
.$where_form_is."files/".$passport_filename." (original file name: " . $_FILES['passport']['name'] . ")
        Motivation letter: "
.$where_form_is."files/".$motivation_filename." (original file name: " . $_FILES['motivation']['name'] . ")
        Copy of diploma / degree: "
.$where_form_is."files/".$diploma_filename." (original file name: " . $_FILES['diploma']['name'] . ")
        First recommendation letter: "
.$where_form_is."files/".$firstreclet_filename." (original file name: " . $_FILES['firstreclet']['name'] . ")
        Second recommendation letter: "
.$where_form_is."files/".$secondreclet_filename." (original file name: " . $_FILES['secondreclet']['name'] . ")
        Study results: "
.$where_form_is."files/".$studyresults_filename." (original file name: " . $_FILES['studyresults']['name'] . ")
        Language test result: "
.$where_form_is."files/".$languageresult_filename." (original file name: " . $_FILES['languageresult']['name'] . ")
        "
);

        mail(($_POST['email']),"xxxxxxxxx - Form confirmation","
        Dear Madam or Sir "
. $_POST['familyname'] . ",

        Thank you for your application.
        Your ID-number is: "
.$newid.".
        Please use this ID-number in all correspondence with the xxxxxxxxxx coordinator.
        You will be informed if your application is eligible before end of February 2014.

        If you have any further questions, you can contact the xxxxxxxxxxxx
        coordinator at xxxxxxxxx@xxxxxxxxxxxxx.xx

        With kind regards,

        xxxxxxxxxxxx coordinator
        xxxxxxxxxxxxx
        "
);
    }
else {
        echo 'Error ' . mysqli_error();
    }


    include("confirm.html");
}

else {
    echo "You typed an Invalid Captcha String or a file you want to upload is bigger then 4 MB. In that case please make it smaller.";
}

mysqli_close($link);
?>
 
Giel van Dam

Giel van Dam

08/01/2014 14:19:33
Quote Anchor link
Beste Michael, je code letterlijk overgenoemn met uitzondering van regel 208. Daarvoor // gezet zodat het niet werkt.

Helaas wel foutcode:


Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/deb33684/domains/enc-network.eu/public_html/form/processor.php:1) in /home/deb33684/domains/enc-network.eu/public_html/form/processor.php on line 2

Warning: mysqli_query() expects at least 2 parameters, 1 given in /home/deb33684/domains/enc-network.eu/public_html/form/processor.php on line 145

Warning: mysqli_error() expects exactly 1 parameter, 0 given in /home/deb33684/domains/enc-network.eu/public_html/form/processor.php on line 205
Error
 
Michael -

Michael -

08/01/2014 14:27:10
Quote Anchor link
Eerste foutmelding, session_start(), komt omdat je daar nog iets voor hebt staan, html, tekst of een spatie o.i.d.

Tweede foutmelding, regel 145 veranderingen in $res = mysqli_query($link, $query);

Derde foutmelding, regel 205 veranderingen in echo 'Error ' . mysqli_error($link);
 
Giel van Dam

Giel van Dam

08/01/2014 14:37:12
Quote Anchor link
Beste Michael,
Het lijkt in orde!
Ik ga nu even controleren of echt alles goed gaat maar zo ziet het er wel uit.
Je hebt me echt geholpen.
hou je van wijn? mail dan even naar info@gielvandam.nl
Groet Giel
 
Michael -

Michael -

08/01/2014 14:44:53
Quote Anchor link
Haha nee ik houd niet van wijn. Komt nou alles in de database?
Let nog wel even op dat je echt je variabelen gaat beveiligen met mysqli_real_escape_string.
Bijv '" . mysqli_real_escape_string($_POST['familyname']) . "',
 
Giel van Dam

Giel van Dam

08/01/2014 14:48:32
Quote Anchor link
Ik ben nu aan het testen maar de eerste test is in alle opzichten in orde. Jazeker ook in de database.
En de beveiliging ga ik toevoegen.
 
Michael -

Michael -

08/01/2014 14:53:46
Quote Anchor link
Mooi! Als je daar nog vragen over hebt horen we het wel.
Vergeet het e-mailadres bij mail niet en in de 'familyname' in de mail zelf.

In principe alle POST en GET variabelen moet je beveiligen met mysqli_real_escape_string() htmlentities() htmlspecialchars() of dergelijke functies om te voorkomen dat kwaadwillende code kan worden uitgevoerd.
 
Kris Peeters

Kris Peeters

08/01/2014 14:57:55
Quote Anchor link
Michael - op 08/01/2014 14:53:46:
In principe alle POST en GET variabelen moet je beveiligen met mysqli_real_escape_string() htmlentities() htmlspecialchars() of dergelijke functies om te voorkomen dat kwaadwillende code kan worden uitgevoerd.


En zorg dat je goed beseft wat die functies doen; waarom je ze gebruikt; waartegen ze je beschermen!!!

Ga niet zomaar gelijk wat doen.

Begin met tutorials te zoeken over "SQL injection"
 



Overzicht Reageren

 
 

Om de gebruiksvriendelijkheid van onze website en diensten te optimaliseren maken wij gebruik van cookies. Deze cookies gebruiken wij voor functionaliteiten, analytische gegevens en marketing doeleinden. U vindt meer informatie in onze privacy statement.