premium adding//updating

darthvapor · Jun 21, 2016

well im working on something for the gamecp i have and hit a snag.
1stt query will run if day is say 2016-6-19
but if date is set to say 2016-07-01 the 2nd one wont run to add to the EndDate for premium.
trying to make it so that if dont have premium it will GETDATE() then add w.e is set to
else it uses the EndDate and adds to current premium

if (!empty($account)){
connectuser2db();
if ($src_type == $src_cdn_account){
$query = mssql_query("select * from tbl_RFTestAccount where id = '$account'");
connectuserdb();
$query = mssql_query("select * from tbl_personal_billing where EndDate < dateadd(DAY,-1, GETDATE()) UPDATE tbl_personal_billing SET EndDate = GETDATE() + $amount WHERE ID = CONVERT(BINARY(13),'$account')");
}
ELSE

mssql_query("select * from tbl_personal_billing WHERE EndDate < dateadd(DAY, +1, GETDATE()) UPDATE tbl_personal_billing SET EndDate = EndDate + $amount WHERE ID ='$account'");

likertuban · Jun 21, 2016

darthvapor said:
well im working on something for the gamecp i have and hit a snag.
1stt query will run if day is say 2016-6-19
but if date is set to say 2016-07-01 the 2nd one wont run to add to the EndDate for premium.
trying to make it so that if dont have premium it will GETDATE() then add w.e is set to
else it uses the EndDate and adds to current premium

if (!empty($account)){
connectuser2db();
if ($src_type == $src_cdn_account){
$query = mssql_query("select * from tbl_RFTestAccount where id = '$account'");
connectuserdb();
$query = mssql_query("select * from tbl_personal_billing where EndDate < dateadd(DAY,-1, GETDATE()) UPDATE tbl_personal_billing SET EndDate = GETDATE() + $amount WHERE ID = CONVERT(BINARY(13),'$account')");
}
ELSE

mssql_query("select * from tbl_personal_billing WHERE EndDate < dateadd(DAY, +1, GETDATE()) UPDATE tbl_personal_billing SET EndDate = EndDate + $amount WHERE ID ='$account'");

are you using BillCrux database?

that database is quite hard to understand for me, Billing database is much easier ^^7
beside, did you seriously use this :

mssql_query("select * from tbl_RFTestAccount where id = '$account'");

dont you know about sql injection?

use PDO :3:
or someone might destroy your server...

darthvapor · Jun 21, 2016

1 this page I'm working on isn't accessible from people other than those with permission that's only a clip of the page. so don't rly have to worry about that. And I have a whole page set to protect from that kind of stuff. That's included in every single page people other than me and other owner are able to view. And it is billing thus the tbl_personal_billing.

Hope you didn't think Id post the whole page lol. Yeah that's only one small part of the whole thing. I've tested it personally and can't sql inject it. If you try it redirects to a page that says blah blah blah you have been caught trying to inject and posts your ip provider and all that crap then inserts into a log. Incase we have to report it and such

Welcome!

premium adding//updating

darthvapor

Newbie Spellweaver

likertuban

Moderator

darthvapor

Newbie Spellweaver

About Us

Online statistics

Forum statistics

RaGEZONE Sponsor