I am having quite the challenge. I have my function where() which tracks where users are visiting on the site, and takes the script filename and provides a description and inserts into database.
The script was working great, until recently, and unaware of the failure of this function after a recent minor update from MySQL 5.6.40 to 5.6.47
I am not sure if that had anything to do with it, but I discovered days later that it was not working anymore.
Our function:
function where($scriptname = "index", $userid, $update=1){
if (!is_valid_id($userid))
die;
if (preg_match("/details.php/i", $scriptname))
$where = "Browsing File Details (ID $_GET[id])";
elseif (preg_match("/files.php/i", $scriptname))
$where = "Browsing Files";
elseif (preg_match("/account-info.php/i", $scriptname))
$where = "Browsing Account Info (ID $_GET[id])";
elseif (preg_match("/upload.php/i", $scriptname))
$where = "Uploading File";
elseif (preg_match("/account.php/i", $scriptname))
$where = "Browsing User Control Panel";
elseif (preg_match("/search.php/i", $scriptname))
$where = "Searching For Files";
elseif (preg_match("/forums.php/i", $scriptname))
$where = "Viewing Forums";
elseif (preg_match("/index.php/i", $scriptname))
$where = "Browsing Homepage";
elseif (preg_match("/mailbox.php/i", $scriptname))
$where = "Viewing Messages";
elseif (preg_match("/comments.php/i", $scriptname))
$where = "Viewing Comments";
elseif (preg_match("/recover.php/i", $scriptname))
$where = "Recovering Account";
elseif (preg_match("/bookmarks.php/i", $scriptname))
$where = "Viewing Bookmarks";
elseif (preg_match("/getfile.php/i", $scriptname))
$where = "Downloaded File (ID $_GET[id])";
elseif (preg_match("/faq.php/i", $scriptname))
$where = "Reading FAQ Page";
elseif (preg_match("/friends.php/i", $scriptname))
$where = "Viewing Friends";
elseif (preg_match("/admin.php/i", $scriptname))
$where = "Managing Admin Panel";
else
$where = "Unknown Location";
if ($update) {
// Worked until a few days ago. No site changes were made prior for quite some time.
//$query = sprintf("UPDATE users SET page=".sqlesc($where)." WHERE id ='%s'", mysql_real_escape_string($userid));
// Now using line below, which does insert into row if I use my own variable.
$query = "UPDATE users SET last_access='" . get_date_time() . "', page=" . sqlesc($where) . " WHERE id=" . $userid;
$result = SQL_Query_exec($query);
}
return $where;
}
Now, I have tried the following code to narrow it down to what is causing it. Currently, the function above only inserts
Unknown Location
to the Database, no matter what page is viewed.
I got it down to this:
$stringtest = "This inserts into database!";
$query = "UPDATE users SET last_access='" . get_date_time() . "', page=" . sqlesc($stringtest) . " WHERE id=" . $userid;
This works great, however it is not passing any of the $where conditions.
I've tried varies regular expressions for filename matching to no avail.
Any idea what I'm doing wrong?
Thanks in advance!
For the SQL part use prepared statements, as noted above.
Assuming, the $scriptname holds filename, without extension, and not the absolute path, and based on the code provided I don't see great need for preg_match() there. Just simple switch ... case would do.
Even better, if you want to have a sort of manageable list of locations with descriptions (you reuse them every time anyway), you could had associative array (could be returned by a separate function) like below and do as follows:
$locations = array(
'index' => 'Browsing Homepage',
'forums' => 'Browsing Homepage,
// and so on for all of your files
);
// And to get the description - assuming case matters, otherwise use strtolower()
$desc = isset($locations[$scriptname]) ? $locations[$scriptname] : 'Unknown Location';