php - SQL injection from an Active Directory -


i have problem don't understand. want make php script fill sql's tables active directory.

here part of code : $result=ldap_list($connect, "ou=profs,".$base_dnref, "(ou=*)");

$res = ldap_get_entries($connect, $result);  ($i=0; $i < $res["count"]; $i++) { $result2=ldap_list($connect, "ou=".$res[$i]["ou"][0].",ou=profs,".$base_dnref, "(cn=*)"); $res2 = ldap_get_entries($connect, $result2); for($j=0;$j<$res2["count"];$j++){      $insert=$db->query("insert professeurs(nom) values ('".$res2[$j]["cn"][0]."')");     $insert->fetch(); } }     $result=ldap_list($connect, "ou=eleves,".$base_dnref, "(ou=*)");  $res = ldap_get_entries($connect, $result);  ($z=0; $z < $res["count"]; $z++) {  $insert=$db->query("insert classe(numero) values ('".strval($res[$z]["ou"][0])."')"); $insert->fetch();  $result2=ldap_list($connect, "ou=".$res[$z]["ou"][0].",ou=eleves,".$base_dnref, "(cn=*)"); $res2 = ldap_get_entries($connect, $result2);  for($y=0;$y<$res2["count"];$y++){      $insert=$db->query("insert eleve(nom) values ('".$res2[$y]["cn"][0]."')");     $insert->fetch();  } }    } catch (pdoexception $e) {    print 'exception : ' . $e->getmessage(); }` 

the matter first double for works perfectly, second doesn't. used same syntax. error : "exception : sqlstate[hy000]: general error".

additionaly, query $insert=$db->query("insert classe(numero) values ('".strval($res[$z]["ou"][0])."')"); works fine half of active directory datas, other not @ all. i'm sure problem doesn't come ldap path, use ldapexplorertool this.

could me please ?

please replace below code yours:

$res = ldap_get_entries($connect, $result);  ($i=0; $i < $res["count"]; $i++) { $result2=ldap_list($connect, "ou=".$res[$i]["ou"][0].",ou=profs,".$base_dnref, "(cn=*)"); $res2 = ldap_get_entries($connect, $result2);         for($j=0;$j<$res2["count"];$j++){                 $nom = $res2[$j]["cn"][0];//store value variable further use...             $insert=$db->query("insert professeurs(nom) values ('".$nom."')");             $insert->fetch();         } }  $result=ldap_list($connect, "ou=eleves,".$base_dnref, "(ou=*)");  $res = ldap_get_entries($connect, $result);  ($z=0; $z < $res["count"]; $z++) {         $numero = strval($res[$z]["ou"][0]);//store value variable further use...         $insert=$db->query("insert classe(numero) values ('".$numero."')");         $insert->fetch();          $result2=ldap_list($connect, "ou=".$res[$z]["ou"][0].",ou=eleves,".$base_dnref, "(cn=*)");         $res2 = ldap_get_entries($connect, $result2);          for($y=0;$y<$res2["count"];$y++){                 $nom = $res2[$y]["cn"][0];//store value variable further use...             $insert=$db->query("insert eleve(nom) values ('".$res2[$y]["cn"][0]."')");               $insert->fetch();          } } 

i have made slight changes have doubt. suggest use pdo statement because old 1 depreciated.

let me know if still facing error, can drill solve problem.

thanks!


Comments

Popular posts from this blog

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

javascript - oscilloscope of speaker input stops rendering after a few seconds -