Page 2 of 2 First 12
  • Jump to page:
    #16
  1. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1045
    Tina, how about you choose one forum and stick to it instead of leading 10 discussions at the same time and overlooking half of the replies?

    1. Forget about the deadline you've set yourself. This will take time and patience. Rushing it will only make it worse.
    2. If possible, take the site offline until you've at least fixed the worst security holes (I guess that's no option).
    3. Isn't there any friend, co-worker or relative who could help you with this? If not, consider hiring a programmer. But be aware that a lot of the PHP people offering code for cheap money don't know what they're doing. So set up a "test": Give them this script (without the "real_escape" stuff and ask them what they would do. If they tell you that the code is vulnerable to SQL injections and cross-site scripting and that the variables need to be escaped, you can be pretty sure you're not talking to a complete moron. If you don't wanna hire somebody, you'll have to read up on security yourself. I gave you a link (which you probably overlooked).
    4. Your programmer or you have to go through the whole code line by line and fix the security holes (and debug the code).
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  2. #17
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    10
    Rep Power
    0

    Talking Problem Solved!!!


    Well I was missing one little '.. doesn't that always seem to be the case.. Thank you to all that helped! Problem solved.. here is the code below for all those who helped and wanna peak and for those who might be having the same problem..

    PHP Code:
    <?php 
    //send data to sql database first
     
    $username="USERNAME HERE";
    $password="PASSWORD HERE";
    $database="DB HERE";
    $server="IP ADDRESS HERE";
     
    $link=mysqli_connect ($server$username$password); 
    if (!
    $link)  { 
      die(
    'Could not connect: ' mysqli_error()); 
      } 
     
    mysqli_select_db$link$database); 
     
    $APPLICANT_TO_COMPLETE_FirstName mysqli_real_escape_string($link$_POST['APPLICANT_TO_COMPLETE_FirstName']);
    $APPLICANT_TO_COMPLETE_LastName mysqli_real_escape_string($link$_POST['APPLICANT_TO_COMPLETE_LastName']);
    $DateofApplication mysqli_real_escape_string($link$_POST['DateofApplication']);
    $APPLICANT_TO_COMPLETE_PhoneNumber mysqli_real_escape_string($link$_POST['APPLICANT_TO_COMPLETE_PhoneNumber']);
    $APPLICANT_TO_COMPLETE_SecondaryPhone mysqli_real_escape_string($link$_POST['APPLICANT_TO_COMPLETE_SecondaryPhone']);
    $License1 mysqli_real_escape_string($link$_POST['License1']);
    $APPLICANT_TO_COMPLETE_CurrentAddress mysqli_real_escape_string($link$_POST['APPLICANT_TO_COMPLETE_CurrentAddress']);
    $APPLICANT_TO_COMPLETE_CurrentCity mysqli_real_escape_string($link$_POST['APPLICANT_TO_COMPLETE_CurrentCity']);
    $APPLICANT_TO_COMPLETE_CurrentState mysqli_real_escape_string($link$_POST['APPLICANT_TO_COMPLETE_CurrentState']);
    $APPLICANT_TO_COMPLETE_CurrentZip mysqli_real_escape_string($link$_POST['APPLICANT_TO_COMPLETE_CurrentZip']);
     
    $result mysqli_query($link"
      INSERT INTO Driver_applicants (
      FirstName, 
      LastName, 
      Applicationdate, 
      Phone, 
      AltPhone, 
      DL, 
      StreetAddress, 
      City, 
      State, 
      Zip) 
      VALUES (
    '
    {$APPLICANT_TO_COMPLETE_FirstName}',
    '
    {$APPLICANT_TO_COMPLETE_LastName}',
    '
    {$DateofApplication}',
    '
    {$APPLICANT_TO_COMPLETE_PhoneNumber}',
    '
    {$APPLICANT_TO_COMPLETE_SecondaryPhone}',
    '
    {$License1}',
    '
    {$APPLICANT_TO_COMPLETE_CurrentAddress}',
    '
    {$APPLICANT_TO_COMPLETE_CurrentCity}',
    '
    {$APPLICANT_TO_COMPLETE_CurrentState}',
    '
    {$APPLICANT_TO_COMPLETE_CurrentZip}')"
    ); 
     
    if (!
    $result)
      { 
      die(
    'Error: ' mysqli_error($link)); 
      } 
     
    //now send email
    $to 'PUT EMAIL ADDRESS TO SEND THIS FORM TO HERE';
    $from $_POST['ApplicantName'];
    // $status = $_POST['Project_status'];
    /* subject */ 
    $subject "Application For Employment Web Submission"
    /* message */ 
    $message '<html> 
    <head> 
    <title>Application For Employment Web Submission</title> 
    </head> 
    <body> 
    <p>Dear '
    .$to.',</p> 
    <table>
    <tr> 
    <td colspan="2">"Employment Application Details:"</td>
    </tr><tr> 
     <td>Applicant Name: </td><td>'
    .$_POST['ApplicantName'].'</td>  
     </tr>  <tr> 
      <td>Date of Application: </td><td>'
    .$_POST['DateofApplication'].'</td>
    </tr><tr> 
     <td>Company: </td><td>'
    .$_POST['Company'].'</td>  
    </tr><tr> 
    <td>Address: </td><td>'
    .$_POST['Address'].'</td>  
    </tr><tr>  
     <td>Signature: </td><td>'
    .$_POST['Signature1'].'</td>  
    </tr><tr> 
     <td>Date: </td><td>'
    .$_POST['Date'].'</td>  
    </tr>
     
    <tr> 
                      <td></h3><strong> FOR COMPANY USE</strong> </h3></td>  
    </tr>
     
    <td>&nbsp;</td>
    <tr> 
     <td>APPLICANT HIRED: </td><td>'
    .$_POST['APPLICANTHIRED'].'</td>  
    </tr>
    <tr> 
     <td>District: </td><td>'
    .$_POST['District'].'</td>  
    </tr>
    <tr> 
     <td>DATE EMPLOYED: </td><td>'
    .$_POST['DATEEMPLOYED'].'</td>  
    </tr>
    <tr> 
     <td>Interviewing Manager: </td><td>'
    .$_POST['InterviewingManager'].'</td>  
    </tr>
    <tr> 
     <td>Signature: </td><td>'
    .$_POST['InterviewingManager_Signature'].'</td>  
    </tr>
    <tr> 
     <td>Human Resources: </td><td>'
    .$_POST['HumanResources'].'</td>  
    </tr>
    <tr> 
     <td>Signature: </td><td>'
    .$_POST['HumanResources_Signature'].'</td>  
    </tr>
    <td>&nbsp;</td>
     
     
    <tr> 
                    </h3>  <strong> <td>APPLICANT TO COMPLETE</h3></strong></td>  
    </tr>
    <tr> 
     <td>LastName: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_LastName'].'</td>  
    </tr><tr> 
     <td>FirstName: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_FirstName'].'</td>  
    </tr><tr> 
     <td>SSN: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_SSN'].'</td>  
    </tr><tr> 
     <td>Phone Number: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PhoneNumber'].'</td>  
    </tr><tr> 
     <td>Secondary Phone: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_SecondaryPhone'].'</td>  
    </tr><tr> 
     <td>Position(s) applied for: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_Position_applied__for'].'</td>  
    </tr><tr> 
     <td>Rate of pay expected: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_Rate_of_pay_expected'].'</td>  
    </tr>
    <td>&nbsp;</td>
    <tr> 
                      <td></h3> <strong>Current<br />
                                Addresses</strong></h3></td>  
    </tr>
    <tr> 
     <td>Address: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_CurrentAddress'].'</td>  
    </tr><tr> 
     <td>City: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_CurrentCity'].'</td>  
    </tr><tr> 
     <td>State: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_CurrentState'].'</td>  
    </tr><tr> 
     <td>Zip: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_CurrentZip'].'</td>  
    </tr><tr> 
     <td>How Long?: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_CurrentHowLong'].'</td>  
    </tr>
    <td>&nbsp;</td>
    <tr> 
                      <td></h3> <strong>Previous Addresses</strong></h3></td>  
    </tr>
    <tr> 
     <td>Address: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousAddress1'].'</td>  
    </tr><tr> 
     <td>City: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousCity1'].'</td>  
    </tr><tr> 
     <td>State: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousState1'].'</td>  
    </tr><tr> 
     <td>Zip: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousZip1'].'</td>  
    </tr><tr> 
     <td>How Long?: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousHowLong1'].'</td>  
    </tr>
    <td>&nbsp;</td>
    <tr> 
     <td>Address: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousAddress2'].'</td>  
    </tr><tr> 
     <td>City: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousCity2'].'</td>  
    </tr><tr> 
     <td>State: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousState2'].'</td>  
    </tr><tr> 
     <td>Zip: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousZip2'].'</td>  
    </tr><tr> 
     <td>How Long?: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousHowLong2'].'</td>  
    </tr>
    <td>&nbsp;</td>
    <tr> 
     <td>Address: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousAddress3'].'</td>  
    </tr><tr> 
     <td>City: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousCity3'].'</td>  
    </tr><tr> 
     <td>State: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousState3'].'</td>  
    </tr><tr> 
     <td>Zip: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousZip3'].'</td>  
    </tr><tr> 
     <td>How Long?: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousHowLong3'].'</td>  
    </tr>
     
     
    <td>&nbsp;</td>
    <tr> 
     <td>Do you have the legal right to work in the United States? : </td><td>'
    .$_POST['Do_you_have_the_legal_right_to_work_in_the_United_States'].'</td>  
    </tr><tr> 
     <td>Date of Birth: </td><td>'
    .$_POST['APPLICANT_TO_COMPLETE_PreviousDate_of_Birth'].'</td>  
    </tr><tr> 
     <td>Can you provide proof of age?: </td>
     <td>Have you EVER been convicted for reckless driving?: </td><td>'
    .$_POST['Have_you_EVER_been_convicted_for_reckless_driving'].'</td>  
    </tr><tr> 
     <td>Have you EVER been convicted of fleeing or attempting to elude a police officer?: </td><td>'
    .$_POST['Have_you_EVER_been_convicted_of_fleeing_or_attempting_to_elude_a_police_officer'].'</td>  
    </tr><tr> 
     <td>Have you EVER been convicted of leaving the scene of an accident?: </td><td>'
    .$_POST['Have_you_EVER_been_convicted_of_leaving_the_scene_of_an_accident'].'</td>  
    </tr>
     
    <tr> 
     <td>Have you EVER been convicted of a railroad crossing violation?: </td><td>'
    .$_POST['Have_you_EVER_been_convicted_of_a_railroad_crossing_violation'].'</td>  
    </tr><tr> 
     <td>Have you EVER been convicted of passing a school bus while it is unloading or loading?: </td><td>'
    .$_POST['Have_you_EVER_been_convicted_of_passing_a_school_bus_while_it_is_unloading_or_loading'].'</td>  
    </tr><tr> 
     <td>Has your license EVER been suspended or revoked?: </td><td>'
    .$_POST['Has_your_license_EVER_been_suspended_or_revoked'].'</td>  
    </tr><tr> 
     <td>If so, please explain:: </td><td>'
    .$_POST['If_yes_explain_if_you_wish1'].'</td>  
    </tr><tr> 
     <td>Have you ever been convicted of a felony?: </td><td>'
    .$_POST['Have_you_ever_been_convicted_of_a_felony'].'</td>  
    </tr><tr> 
     <td>If so, please explain: </td><td>'
    .$_POST['If_yes_explain_if_you_wish2'].'</td>  
    </tr>
    <td>&nbsp;</td>
     
     
     
    <td> <h3>  <strong>EXPERIENCE AND QUALIFICATIONS - DRIVER</strong></h3></td> 
    <td>&nbsp;</td>
     
    <tr> 
     <td>State: </td><td>'
    .$_POST['Listalldriverlicenses_State1'].'</td>  
    </tr><tr> 
     <td>Licence: </td><td>'
    .$_POST['License1'].'</td>  
    </tr><tr> 
     <td>Class/Endorsements: </td><td>'
    .$_POST['Class_Endorsements1'].'</td>  
    </tr><tr> 
     <td>Expiration: </td><td>'
    .$_POST['Expiration1'].'</td>  
    </tr>
     
    <tr> 
     <td>State: </td><td>'
    .$_POST['Listalldriverlicenses_State2'].'</td>  
    </tr><tr> 
     <td>Licence: </td><td>'
    .$_POST['License2'].'</td>  
    </tr><tr> 
     <td>Class/Endorsements: </td><td>'
    .$_POST['Class_Endorsements2'].'</td>  
    </tr><tr> 
     <td>Expiration: </td><td>'
    .$_POST['Expiration2'].'</td>  
    </tr>
     
    <tr> 
     <td>State: </td><td>'
    .$_POST['Listalldriverlicenses_State3'].'</td>  
    </tr><tr> 
     <td>Licence: </td><td>'
    .$_POST['License3'].'</td>  
    </tr><tr> 
     <td>Class/Endorsements: </td><td>'
    .$_POST['Class_Endorsements3'].'</td>  
    </tr><tr> 
     <td>Expiration: </td><td>'
    .$_POST['Expiration3'].'</td>  
    </tr>
    <tr> 
     <td>A. Have you ever been denied a licens, permit or privilege to operate a motor vehicle?: </td><td>'
    .$_POST['Have_you_ever_been_denied_a_license'].'</td>  
    </tr>
    <tr> 
     <td>Please list any other driving experience (equipment type &amp; approximate dates/miles driven): </td><td>'
    .$_POST['If_yes_explain_if_you_wish3'].'</td>  
    </tr>
    <tr> 
     <td><strong>Education </strong>listing highest grade completed and any degrees earned </td><td>'
    .$_POST['listing_highest_grade_completed_and_any_degrees_earned'].'</td>  
    </tr>
     
    <td>&nbsp;</td>
     
     <tr> 
     <td>Signature: </td><td>'
    .$_POST['Signature'].'</td>  
    </tr>
     <tr> 
     <td>Date: </td><td>'
    .$_POST['Date1'].'</td>  
    </tr>
     
     <td>&nbsp;</td>
    </tr>
    </table> 
     
    </body> 
    </html>'
    ;
    /* To send HTML mail, set the Content-type header. */ 
    $headers  "MIME-Version: 1.0\r\n"
    $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"
    $headers .= "From: " $from "\r\n"
    /* and now mail it */ 
    /*echo $message; die;*/
    @mail($to$subject$message$headers);
     
    echo 
    "<h4>Your message has been sent to us with your full application details.<br />
                <span>We will reply soon as soon as possible to follow up with you on our hiring process.  Thank you for considering A&S Transportation, Inc. for employment.</span></h4>"
    ;
     
     
    mysqli_close($link); 
    ?>

  4. #18
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2013
    Posts
    10
    Rep Power
    0

    Jaques..


    Jaques,

    Thank you for your assistance, advice and insight. Unfortunately, I had to seek help where I could get it. Yes I did post on two separate forums.. I would consider that being resourceful.

    I have completed the code with help and plan to hire out other work. I have done the escape strings as you suggested, thank you and did not ignore them..

    Security.. true is important.. but we are such a tiny company and information on our database is so not valuable.. these applications for employement are for bus drivers who don't make a ton of money. We are a small school bus company. I don't see how any person would value enough the data we have to warrant breaking into our system.. it would be stupid and anyone with that skill has bigger fish to fry.. unless they just did it to be a jerk.. in that case.. I hope they enjoy the surprises on the server side.

    We were hacked one time and that guy.. is in JAIL now!
    What a waste of good programming talent.

    Again thank you so much for your help.

    All my best wishes,
    Tina
Page 2 of 2 First 12
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo