Thanks Edwin nothing will work my push to inject datas not working at all .
<?php
$servername =
$username =
$password =
$dbname =
//uses https://www.ascii-code.com/
function _clean($clean) {
$clean = utf8_encode($clean);
$array_find = array("è", "ê", "é", "(" , ")" , "," , "#" , "'" , "@" , ";" , ":" , "&",".");
$array_replace = array("e","ê","é","(",")","","#","'","@",";",":","&",".");
$cleaned = str_replace( $array_find,$array_replace, $clean);
return $cleaned;
}
function clean_Num($num_cl) {
return str_replace(array( "0","1","2","3","4","5","6","7","8","9"),array("\x00","\x01","\x02","\x03","\x04","\x05","\x06","\x07","\x08","\x09"),$str);
}
/*$bpm = $_REQUEST['bpm'];
$length =$_REQUEST['len'];
$artist = $_REQUEST['artist'];
$artist= _clean($artist);
$title = $_REQUEST['title'];
$title= _clean($title);
$album = $_REQUEST['album'];
$album= _clean( $album);
$comment =$_REQUEST['comment'];
$comment= _clean($comment);
*/
//MSQ 8.0
$bpm = /*isset(*/$_REQUEST['bpm'];//) : throw new \InvalidArgumentException('value not set bpm.');
$length = /*isset(*/$_REQUEST['len'];// : throw new \InvalidArgumentException('value not set len.');
$artist = /*isset(*/$_REQUEST['artist'];//) : throw new \InvalidArgumentException('value not set artist.');
$artist= _clean($artist);
$title = /*isset(*/$_REQUEST['title'];//) : throw new \InvalidArgumentException('value not set title.');
$title= _clean($title);
$album = /*isset(*/$_REQUEST['album'];//) : throw new \InvalidArgumentException('value not set album.');
$album= _clean( $album);
$comment = $_REQUEST['comment'];
$comment= _clean($comment);
$genre= $_REQUEST['genre'];
$listeners = $_REQUEST['listeners'];
// Does not cater for ' " / 3 & in input ' presently.
// note there is now num_rows in PDO so we have to calculate.
try {
$n = 0;
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT COUNT(`datetime`) FROM `played_songs` ORDER BY `datetime` ASC";
$result = $conn->query($sql); // Use query as we are returning records.
$row=$result->fetch();
$n = $row["COUNT(`datetime`)"] - 150;
if( $n >1) { $conn->exec("DELETE FROM `played_songs` LIMIT ".$n );}
} catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
//album cover
$artwork = isset($_REQUEST['artwork']) && ($_REQUEST['artwork'] !== '') ? $_REQUEST['artwork'] : false;
if ($artwork !== false) {
$artwork = base64_decode($artwork);
$r = fopen('images/nowplaying_artwork_2.png', 'wb');
if ($r !== false) {
fwrite($r, $artwork);
fclose($r);
} else
ReturnError(500, 'Failed to write artwork to a file.');{
}
} else ReturnError(500, 'Failed to be provided artwork to write file.');
/*
$img = "http://www.deniserose.epizy.com/images/nowplaying_artwork_2.png?tr=w-200,h-200";
header('Content-Type: image/jpeg');
readfile($img);
$b64Data= base64_decode($img);
const byteCharacters = atob($b64Data);
const byteNumbers = array(byteCharacters.length);
for ($i=0; $i < byteCharacters.length; $i++) {
byteNumbers[$i] = byteCharacters.charCodeAt($i);
}
const byteArray = new Uint8Array(byteNumbers);
const blob = new Blob(byteArray, { type: "text/html" });
imagedestroy($img);
*/
// Add record to database.
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO `played_songs` (`song`, `artist`, `album`, `length`, `bpm`,`genre`, `listeners`,`track_user_rating`,`track_user_num`,`comment`) VALUES ('$title','$artist', '$album', '$length', '$bpm', '$genre','$listeners','0','0', '$comment')";
$conn->exec($sql);
echo "New record created successfully";
} catch(PDOException $e) {
//echo $sql . "<br>" . $e->getMessage();
ReturnError(500, "Failed to write record to SQL.".$e->getMessage());
}
//image.close();
$conn = null;
function ReturnError($code, $text) {
$protocol = isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0';
header($protocol . ' ' . $code . ' ' . $text);
exit();
}
?>