PHP Scripts execute 2 times

aiapis · **PHP Scripts execute 2 times -** 05-30-2012, 01:07 PM

I have two php scripts and they both execute twice. Does anyone know why this might be happening?

Thanks.

d3iti · 05-30-2012, 01:11 PM

If you do not show the code of the scripts it is difficult to answer.

aiapis · 01:22 PM

Thank you for your quick reply

Here is the script. There are no loops.

PHP Code:


			
<?php

/*
    Name: mysql.php
    Usage: mysql.php?d=database&q=query(&o=output)
    Where:
        database is either 'test' (for testing purposes) or 'live'
        query is a valid PHP-supported MySQL query for table management; creating or deleting databases is disabled
        output is any of the supported formats: txt (default), tbl - HTML table, csv - comma-delimited, jsn - JSON text
    Results:
        -> NO_RESULTS is returned if data was requested and the query returned none
        -> (results) - a table or other output of data is returned from a SELECT query
        -> OK is returned for queries like INSERT, DELETE,... that succeeded
        -> QUERY_ERROR is returned for any invalid query
        -> PARAM_ERROR is returned for invalid parameter values
*/

// get a connection
if (empty($_GET['d']) || ($_GET['d']!='test' && $_GET['d']!='live')) die("PARAM_ERROR"); 
$con = mysql_connect("mysql2.000webhost.com","MODIFIED BY MODERATOR" . $_GET['d'],"MODIFIED_BY_MODERATOR");

// select a database
mysql_select_db("MODIFIED BY MODERATOR" . $_GET['d'], $con);

// do the query
if (empty($_GET['q']) || ($_GET['q']=='')) die("PARAM_ERROR"); 
$query = str_ireplace('\\','',$_GET['q']);

// check for database operations:
if (stripos($query," database ")) die("QUERY_ERROR");

$result = mysql_query($query, $con);

if (is_resource($result)) // a result set was returned as in SELECT, so process it...
{
    // check for empty results and reset pointer
    if (mysql_fetch_array($result)==NULL) die("NO_RESULTS");
    mysql_data_seek($result,0);

    if ($_GET['o'] == 'txt' || empty($_GET['o']))
    {
        while ($row = mysql_fetch_array($result))
        {
            $fcount = mysql_num_fields($result)-1;
            for($i = 0;$i <= $fcount;$i++)
            {
                echo $row[$i];
                if ($i == $fcount) echo "<br />";
                else echo " ";
            }
        }
    }
    elseif ($_GET['o'] == 'csv')
    {
        while ($row = mysql_fetch_array($result))
        {
            $fcount = mysql_num_fields($result);
            for ($i=0; $i < $fcount; $i++)
            {
                echo '"' . $row[$i] . '"';
                if ($i == $fcount - 1) echo "<br />";
                else echo ",";
            }
        }
    }
    elseif ($_GET['o'] == 'tbl')
    {
        echo "<table border='1'><tr>";
        $row = mysql_fetch_array($result);
        for ($i = 0; $i < mysql_num_fields($result); $i++) echo "<th>" . mysql_field_name($result, $i) . "</th>";
        echo "</tr>";
        mysql_data_seek($result, 0); // reset row pointer
        $fcount = mysql_num_fields($result);
        while ($row = mysql_fetch_array($result))
        {
            for ($i=0; $i < $fcount; $i++) echo '<td>' . $row[mysql_field_name($result, $i)] . '</td>';
            echo "</tr>";
        }
        echo "</table>";
    }
    elseif($_GET['o']=='jsn')
    {
        $rows = array();
        while($r = mysql_fetch_assoc($result)) $rows[] = $r;
        echo json_encode($rows);
    }
    else die("PARAM_ERROR"); //csv,tbl,jsn,txt expected
}
else // not a result or error
{
    if ($result==NULL) die("QUERY_ERROR");
    if ($result=="1") echo "OK";
}
?>

aiapis · 05-30-2012, 01:19 PM

Sorry, what I meant was the script does terminate.

d3iti · 05-30-2012, 01:34 PM

Sorry I do not understand what your trying to say.

Can you ask your question again, starting with what to do the script and what results you're getting and what results you want get?

aiapis · 05-30-2012, 01:34 PM

Thanks for your help d3iti. I found the problem and a solution. I was using the 'open' link in the file manager which seems to run 2 instances of a php script. Running the php script from the web browser URL search box by entering the path to the script worked correctly.

Hatix · 05-30-2012, 01:41 PM

Didn't really understand the problem.

Leder678 · 06-28-2012, 08:08 PM

Okay, I see you've managed to get it to work, however, this script is VERY insecure.
I could probably delete your DB from that script.

kuroneko · 07-07-2012, 01:14 PM

He plainly forgot to sanitize the $_GET which we can parse our own code given if we access the script. And even if the script is backend restricted only, it's only natural to sanitize every requested variables.