php - SQL injection from an Active Directory -

-

i have problem don't understand. want make php script fill sql's tables active directory.

here part of code : $result=ldap_list($connect, "ou=profs,".$base_dnref, "(ou=*)");

$res = ldap_get_entries($connect, $result);  ($i=0; $i < $res["count"]; $i++) { $result2=ldap_list($connect, "ou=".$res[$i]["ou"][0].",ou=profs,".$base_dnref, "(cn=*)"); $res2 = ldap_get_entries($connect, $result2); for($j=0;$j<$res2["count"];$j++){      $insert=$db->query("insert professeurs(nom) values ('".$res2[$j]["cn"][0]."')");     $insert->fetch(); } }     $result=ldap_list($connect, "ou=eleves,".$base_dnref, "(ou=*)");  $res = ldap_get_entries($connect, $result);  ($z=0; $z < $res["count"]; $z++) {  $insert=$db->query("insert classe(numero) values ('".strval($res[$z]["ou"][0])."')"); $insert->fetch();  $result2=ldap_list($connect, "ou=".$res[$z]["ou"][0].",ou=eleves,".$base_dnref, "(cn=*)"); $res2 = ldap_get_entries($connect, $result2);  for($y=0;$y<$res2["count"];$y++){      $insert=$db->query("insert eleve(nom) values ('".$res2[$y]["cn"][0]."')");     $insert->fetch();  } }    } catch (pdoexception $e) {    print 'exception : ' . $e->getmessage(); }`

the matter first double for works perfectly, second doesn't. used same syntax. error : "exception : sqlstate[hy000]: general error".

additionaly, query $insert=$db->query("insert classe(numero) values ('".strval($res[$z]["ou"][0])."')"); works fine half of active directory datas, other not @ all. i'm sure problem doesn't come ldap path, use ldapexplorertool this.

could me please ?

please replace below code yours:

$res = ldap_get_entries($connect, $result);  ($i=0; $i < $res["count"]; $i++) { $result2=ldap_list($connect, "ou=".$res[$i]["ou"][0].",ou=profs,".$base_dnref, "(cn=*)"); $res2 = ldap_get_entries($connect, $result2);         for($j=0;$j<$res2["count"];$j++){                 $nom = $res2[$j]["cn"][0];//store value variable further use...             $insert=$db->query("insert professeurs(nom) values ('".$nom."')");             $insert->fetch();         } }  $result=ldap_list($connect, "ou=eleves,".$base_dnref, "(ou=*)");  $res = ldap_get_entries($connect, $result);  ($z=0; $z < $res["count"]; $z++) {         $numero = strval($res[$z]["ou"][0]);//store value variable further use...         $insert=$db->query("insert classe(numero) values ('".$numero."')");         $insert->fetch();          $result2=ldap_list($connect, "ou=".$res[$z]["ou"][0].",ou=eleves,".$base_dnref, "(cn=*)");         $res2 = ldap_get_entries($connect, $result2);          for($y=0;$y<$res2["count"];$y++){                 $nom = $res2[$y]["cn"][0];//store value variable further use...             $insert=$db->query("insert eleve(nom) values ('".$res2[$y]["cn"][0]."')");               $insert->fetch();          } }

i have made slight changes have doubt. suggest use pdo statement because old 1 depreciated.

let me know if still facing error, can drill solve problem.

thanks!


Comments

Post a Comment

Popular posts from this blog

javascript - oscilloscope of speaker input stops rendering after a few seconds -

-
the following script reads audio user's microphone , renders oscilloscope on html canvas. the source taken example of mozilla developer network: visualizations web audio api and here fiddle: http://jsfiddle.net/b7j8pktp/ mozgetusermedia (note: code has no fork mechanism different browsers: works firefox) it works fine few seconds , stops rendering. whereas works totally stable: http://mdn.github.io/voice-change-o-matic/ the problem can reduced following code. microphone activation icon (next the address bar in firefox) disappears after 5 seconds: navigator.mozgetusermedia({audio: true}, function() {}, function() {} ); ( http://jsfiddle.net/b7j8pktp/2/ ) this known bug in firefox. take stream getusermedia call , hook window so: navigator.mozgetusermedia({audio: true}, function(stream) { window.stream = stream; // rest of code }, function err() { // handle error }); hopefully can fixed soon. problem we're f
Read more

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

-
i'm running nodejs 0.12.3 - gulp 3.10.8 , gulp-nodemon 2.0.3. gulpfile.js : gulp.task('serve', ['build'], function() { gulp.start('fb-flo'); nodemon({ script: paths.server, env: { 'node_env': 'development' }, // env: { 'node_env': 'production' }, execmap: { 'js': 'node_modules/babel/bin/babel-node --stage 1' //es7 cote server }, delay: '0ms', watch: ['src/shared/', 'src/server/'], ignore: ['src/shared/components'], tasks: function (changedfiles) { var tasks = []; changedfiles.foreach(function (file) { if (path.extname(file) === '.jsx' && !~tasks.indexof('bundlejs')) tasks.push('bundlejs'); if (path.extname(file) === '.less' && !~tasks.indexof('compileless')) tasks.push('compileless'); }); return tasks; }
Read more

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

-
i trying make simple python program opening list of webpages user manually download reports site. don't have previous experience preparing exe files.. , i'm in learning process python coding. of done on windows 7 x64 this python code: #!c:/python34/python.exe -u splinter import * import time import os import csv #---------------------------------- raporty = [] open('../raporty.csv', newline='') csvfile: contents = csv.reader(csvfile, delimiter=' ', quotechar='|') row in contents: r = ', '.join(row) r = r.replace(',','') raporty.append(r) #--not implemented yet zmienne = [] open('../zmienne.csv', newline='') csvfile: contents = csv.reader(csvfile, delimiter=' ', quotechar='|') row in contents: r = ', '.join(row) r = r.replace(',','') zmienne.append(r) print("start") browser = browser(
Read more