PHP

From Network Security Wiki
Jump to navigation Jump to search


Basics

  • Linking optional files:
<?php include 'footer.php'; ?>
  • Linking Mandatory files:
<?php require 'db_connect.php'; ?>

Code Snipets

  • Redirect to another page if query is empty:
$sql = "SELECT * FROM MasterDB WHERE sr=$sr";
$results = mysqli_query($link, $sql);

if (!$results) {
        die('Invalid query: ' . mysqli_error($link));
}

if (!$result = mysqli_fetch_array($results )){
        header('Location: index.php', TRUE, 303);
        exit();
} else {
        header('Location: index2.php', TRUE, 303);
        exit();
}
  • DB connection:
define('DB_NAME', 'codered');
define('DB_USER', 'test');
define('DB_PASSWORD', 'test@123');
define('DB_HOST', 'localhost');

$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!$link) {
        die('Could not connect: ' . mysqli_connect_error($link));
}

$db_selected = mysqli_select_db($link, DB_NAME);

if (!$db_selected) {
        die('Can\'t use ' . DB_NAME . ': ' . mysqli_error($link));
}

$sr = mysqli_real_escape_string($link, $_POST['sr']);
$redirect = mysqli_real_escape_string($link, $_POST['redirect_to']);
$CustomerName = mysqli_real_escape_string($link, $_POST['CustomerName']);
$Geo = $_POST['Geo'];
$BusinessImpact = mysqli_real_escape_string($link, $_POST['BusinessImpact']);
$ProductVersion = mysqli_real_escape_string($link, $_POST['ProductVersion']);
$ProblemDescription = mysqli_real_escape_string($link, $_POST['ProblemDescription']);
$CustomerTemp = $_POST['CustomerTemp'];
$BugID = mysqli_real_escape_string($link, $_POST['BugID']);
$LastUpdate = mysqli_real_escape_string($link, $_POST['LastUpdate']);
$email = mysqli_real_escape_string($link, $_POST['email']);
$ProductionDown = $_POST['ProductionDown'];
  • Accessing DB:
//Set database access credentials
$name = 'codered';
$user = 'test';
$password = 'test@123';
$host = 'localhost';

//Set table name
$tname = 'MasterDB';

/*Open the connection to our database use the info from the config file.*/
$link = mysqli_connect($host, $user, $password);

if (!$link) {
        die('Could not connect: ' . mysqli_error($link));
}
mysqli_select_db($link, "codered") or die(mysqli_error($link));
  • Send input data to DB:
$sql = "INSERT INTO MasterDB (sr, CustomerName, Geo, BusinessImpact, ProductVersion, ProblemDescription, CustomerTemp, BugID, LastUpdate, email, ProductionDown ) VALUES ('$sr', '$CustomerName', '$Geo', '$BusinessImpact', '$ProductVersion', '$ProblemDescription', '$CustomerTemp', '$BugID', '$LastUpdate','$email', '$ProductionDown')";

if (!mysqli_query($link, $sql)) {
        die('Error ' . mysqli_error($link));
}
/*Redirect the user after a successful form submission*/
if ( !empty ( $redirect ) ) {
        header("Location: $redirect?msg=1");
} else {
        header("Location: $referred?msg=1");
}

mysqli_close($link);
  • Fetching Data from DB to Page:
$sql = "SELECT * FROM MasterDB ORDER BY id DESC LIMIT 1";

$results = mysqli_query($link, $sql);

if (!$results) {
        die('Invalid query: ' . mysqli_error($link));
}

echo '<h2>CodeRed Alert Generated with below Info:</h2>';

while($result = mysqli_fetch_array($results )){
        echo '<div style="border: 1px solid #e4e4e4; padding: 15px; margin-bottom: 10px;">';
        echo '<p>SR Number: ' . $result['sr'] . '</p>';
        echo '<p>Customer Name: ' . $result['CustomerName'] . '</p>';
        echo '<p>Country: ' . $result['Geo'] . '</p>';
        echo '<p>Business Impact: ' . $result['BusinessImpact'] . '</p>';
        echo '<p>Product Version: ' . $result['ProductVersion'] . '</p>';
        echo '<p>Problem Description: ' . $result['ProblemDescription'] . '</p>';
        echo '<p>Customer Temp: ' . $result['CustomerTemp'] . '</p>';
        echo '<p>BugID: ' . $result['BugID'] . '</p>';
        echo '<p>ProductionDown: ' . $result['ProductionDown'] . '</p>';
        echo '<p>Last Update: ' . $result['LastUpdate'] . '</p>';
        echo '<p>Engineers Email ID: ' . $result['email'] . '</p>';
        echo '</div>';
}
  • Send Email:
$to = "aman@test.com";
$subject = "Alert Mail";

$headers = "From: TestAlert<testalert@test.com>" . "\r\n" .
$headers .= "Content-type: text/html; charset=\"UTF-8\"; format=flowed \r\n";
$headers .= "Mime-Version: 1.0 \r\n";
$headers .= "Content-Transfer-Encoding: quoted-printable \r\n";
$headers .= "Cc: $email" . "\r\n";

$txt = "<p>Hi,</p>
<p>This is a Test Alert Mail.</p>
<p>Please find below the details about this Alert:<br /><br /></p>;

mail($to,$subject,$txt,$headers);



References





blog comments powered by Disqus