Mercurial > hg > ywww
changeset 25:828895488948
more db column protection
| author | Robert Boland <robert@markup.co.uk> |
|---|---|
| date | Tue, 01 Jan 2019 07:30:05 -0500 |
| parents | 341d8c681357 |
| children | 55a76c257dad |
| files | php/read/getBookDetails.php xml/getAmazonInfo.php |
| diffstat | 2 files changed, 55 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/php/read/getBookDetails.php Tue Jan 01 07:29:44 2019 -0500 +++ b/php/read/getBookDetails.php Tue Jan 01 07:30:05 2019 -0500 @@ -287,13 +287,23 @@ if ($publisher and strlen($publisher)>30) { $publisher=substr($publisher,0,30); } + if ($author and strlen($author)>30) { + $author=substr($author,0,30); + } if ($title and strlen($title)>100) { $title=substr($title,0,100); } $publisher=mysqli_real_escape_string($link,$publisher); + $author=mysqli_real_escape_string($link,$author); $title=mysqli_real_escape_string($link,$title); if (strlen($pubDate)==4) { $pubDate=$pubDate."-01-01";} if (strlen($pubDate)==7) { $pubDate=$pubDate."-01";} + if (strlen($pubDate)==0) { + $pubDate="null"; + } + else { + $pubDate="\"$pubDate\""; + } /*echo $title; echo $author; echo $binding; @@ -363,7 +373,7 @@ include "../../../private/db.php"; $title = strtr($title, '"', "'"); - $queryInsert = "CALL b_addNewBook(\"$isbn\",\"$title\", \"$author\",\"$binding\",\"$imageURL\", $dewey, $salesRank,\"$pubDate\",\"$publisher\",$g1,$g2,$g3,$loc)"; + $queryInsert = "CALL b_addNewBook(\"$isbn\",\"$title\", \"$author\",\"$binding\",\"$imageURL\", $dewey, $salesRank,$pubDate,\"$publisher\",$g1,$g2,$g3,$loc)"; //echo $queryInsert; $res = mysqli_query($link, $queryInsert);
--- a/xml/getAmazonInfo.php Tue Jan 01 07:29:44 2019 -0500 +++ b/xml/getAmazonInfo.php Tue Jan 01 07:30:05 2019 -0500 @@ -309,7 +309,27 @@ $imageURL = $xml->Items->Item[0]->MediumImage->URL; $salesRank = $xml->Items->Item[0]->SalesRank; $pubDate = $xml->Items->Item[0]->ItemAttributes->PublicationDate; + if (strlen($pubDate)==4) { $pubDate=$pubDate."-01-01";} + if (strlen($pubDate)==7) { $pubDate=$pubDate."-01";} + if (strlen($pubDate)==0) { + $pubDate="null"; + } + else { + $pubDate="\"$pubDate\""; + } $publisher = $xml->Items->Item[0]->ItemAttributes->Publisher; + if ($publisher and strlen($publisher)>30) { + $publisher=substr($publisher,0,30); + } + if ($author and strlen($author)>30) { + $author=substr($author,0,30); + } + if ($title and strlen($title)>100) { + $title=substr($title,0,100); + } + $publisher=mysqli_real_escape_string($link,$publisher); + $author=mysqli_real_escape_string($link,$author); + $title=mysqli_real_escape_string($link,$title); } else { $title = $salesRank = ""; @@ -375,19 +395,38 @@ $title = strtr($title, '"', "'"); include "../../private/db.php"; $review1 = mysqli_real_escape_string($link,$review1); + if (strlen($review1)>500) { $review1=substr($review1,0,500);} $review2 = mysqli_real_escape_string($link,$review2); + if (strlen($review2)>500) { $review2=substr($review2,0,500);} $review3 = mysqli_real_escape_string($link,$review3); + if (strlen($review3)>500) { $review3=substr($review3,0,500);} if($title != "") { $queryInsert = "CALL b_addNewBook(\"$searchparameterdata\",\"$title\", \"$author\",\"$binding\",\"$imageURL\", $dewey, $salesRank,\"$pubDate\",\"$publisher\",$g1,$g2,$g3,$loc)"; //echo $queryInsert; + + $res = mysqli_query($link, $queryInsert); + if (!$res) { + $err=mysqli_error( $link ); + mysqli_close($link); + file_put_contents('/var/ywww/debug/phpDebug', + "anb failed: $err, $pubDate, $g2, $publisher, $title\n", + FILE_APPEND); + exit($err); + } $queryInsertReviews = "CALL b_insertReviews(\"$searchparameterdata\",\"$review1\",\"$review2\",\"$review3\")"; - - $resG = mysqli_query($link, $queryInsert) or exit( mysqli_error( $link )); - if($review1 != "" && $review2 != "" && $review3 != "") - $resG = mysqli_query($link, $queryInsertReviews) or exit( mysqli_error( $link )); - + if($review1 != "" && $review2 != "" && $review3 != "") { + $res = mysqli_query($link, $queryInsertReviews); + if (!$res) { + $err=mysqli_error( $link ); + mysqli_close($link); + file_put_contents('/var/ywww/debug/phpDebug', + "anr failed: $err, $pubDate, $g2, $publisher, $title\n", + FILE_APPEND); + exit($err); + } + } mysqli_close($link); //do not remove. reset is needed otherwise mysqli_fetch_array doesn't work after first loop }