Uncaught typeerror: незаконный вызов
add_company_emp_list.php
<?php
session_start();
include('include/header.php');
include 'config.php';
//echo $_SESSION['user'];
$query = mysqli_query($conn, "SELECT company_id FROM employer_account WHERE email = '".$_SESSION['user']."' ");
$id = mysqli_fetch_array($query);
// var_dump($id);
?>
<script type="text/javascript">
$(function(){
$("#cname").keyup(function(){
var cname1 = $('#cname').val();
if(cname1.length =="") {
$('.cname_error').remove();
$('#cname').after('<span class="cname_error error">Company name is required</span>');
$('.cname_error').show();
} else {
$('.cname_error').hide();
}
});
$('#location').keyup(function(){
var loc1 = $('#location').val();
if(loc1.length == '') {
$('.loc_error').remove();
$('#location').after("<span class='loc_error error'>Location is required</span>");
$('.loc_error').show();
} else {
$('.loc_error').hide();
}
});
$('#ename').keyup(function(){
var ename1 = $('#ename').val();
if(ename1.length == '') {
$('.ename_error').remove();
$('#ename').after("<span class='ename_error error'>Employee name is required</span>");
$('.ename_error').show();
} else {
$('.ename_error').hide();
}
});
$('#job_title').keyup(function(){
var title = $('#job_title').val();
if(title.length == '') {
$('.job_title_error').remove();
$('#job_title').after("<span class='job_title_error error'>Job title is required</span>");
$('.job_title_error').show();
} else {
$('.job_title_error').hide();
}
});
$('#emp_email').keyup(function(){
var email = $('#emp_email').val();
var reg = /^([A-Za-z0-9_\-\.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/;
var validEmail = reg.test(email);
if(email.length == '') {
$('.emp_email_error').remove();
$('#emp_email').after("<span class='emp_email_error error'>Employee email is required</span>");
}
else if(!validEmail){
$('.emp_email_error').remove();
$('#emp_email').after('<span class="emp_email_error error">Invalid Employee Email</span>');
} else {
$('.emp_email_error').hide();
}
});
$('#emp_mo').keypress(function(e){
var mo = $('#emp_mo').val();
if (e.which != 8 && e.which != 0 && (e.which < 48 || e.which > 57)) {
return false;
}
});
$('#emp_mo').keyup(function(){
var mo = $('#emp_mo').val();
var reg1 = /^(\+\d{1,3}[- ]?)?\d{10}$/;
var validMobile = reg1.test(mo);
if(mo.length == '') {
$('.emp_mo_error').remove();
$('#emp_mo').after("<span class='emp_mo_error error'>Employee mobile number is required</span>");
} else if(!validMobile) {
$('.emp_mo_error').remove();
$('#emp_mo').after("<span class='emp_mo_error error'>Invalid mobile number</span>");
} else {
$('.emp_mo_error').hide();
}
});
$('#emp_addr').keyup(function(){
var addr = $('#emp_addr').val();
if(addr.length == '') {
$('.emp_addr_error').remove();
$('#emp_addr').after("<span class='emp_addr_error error'>Employee Address is required</span>");
$('.emp_addr_error').show();
} else {
$('.emp_addr_error').hide();
}
});
$('#join_on').keyup(function(){
var j_on = $('#join_on').val();
if(j_on.length == '') {
$('.join_on_error').remove();
$('#join_on').after("<span class='join_on_error error'>Employee join date is required</span>");
// $('.join_on_error').show();
} else {
$('.join_on_error').hide();
}
});
$('#leave_on').keyup(function(){
var l_on = $('#leave_on').val();
if(l_on.length == '') {
$('.leave_on_error').remove();
$('#leave_on').after("<span class='leave_on_error error'>Employee leave date is required</span>");
$('.leave_on_error').show();
} else {
$('.leave_on_error').hide();
}
});
});
</script>
<script type="text/javascript">
$(function(){
$('#submit').click(function(){
var s = $('#submit').val();
var ceid = $('#c_e_id').val();
var file_data = $('#ImageBrowse').prop('files')[0];
var form_data;
form_data = new FormData(this);
var cname1 = $('#cname').val();
var loc1 = $('#location').val();
var ename1 = $('#ename').val();
var title = $('#job_title').val();
var email = $('#emp_email').val();
var mo = $('#emp_mo').val();
var addr = $('#emp_addr').val();
var j_on = $('#join_on').val();
var reg = /^([A-Za-z0-9_\-\.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/;
var validEmail = reg.test(email);
var reg1 = /^(\+\d{1,3}[- ]?)?\d{10}$/;
var validMobile = reg1.test(mo);
form_data.append('file', file_data);
$('#dataa').html(form_data);
if(cname1.length == '') {
$('.cname_error').remove();
$('#cname').after("<span class='cname_error error'>Company name is required</span");
return false;
}
else if(loc1.length == '') {
$('.loc_error').remove();
$('#location').after("<span class='loc_error error'>Location is required</span");
return false;
}
else if(ename1.length == '') {
$('.ename_error').remove();
$('#ename').after("<span class='ename_error error'>Employee name is required</span");
return false;
}
else if(title.length == '') {
$('.job_title_error').remove();
$('#job_title').after("<span class='job_title_error error'>Job title is required</span");
return false;
}
else if(email.length == '') {
$('.emp_email_error').remove();
$('#emp_email').after("<span class='emp_email_error error'>Employee email is required</span");
return false;
}
else if(!validEmail) {
$('.emp_email_error').remove();
$('#emp_email').after("<span class='emp_email_error error'>Invalid Employee Email</span");
return false;
}
else if(mo.length == '') {
$('.emp_mo_error').remove();
$('#emp_mo').after("<span class='emp_mo_error error'>Employee mobile number is required</span");
return false;
}
else if(!validMobile) {
$('.emp_mo_error').remove();
$('#emp_mo').after("<span class='emp_mo_error error'>Invalid mobile number</span>");
return false;
}
else if(addr.length == '') {
$('.emp_addr_error').remove();
$('#emp_addr').after("<span class='emp_addr_error error'>Employee Address is required</span");
return false;
}
else if(j_on.length == '') {
$('.join_on_error').remove();
$('#join_on').after("<span class='join_on_error error'>Employee join date is required</span");
return false;
} else {
console.log('Strating ajax');
$.ajax({
url: 'ajax_add_company_emp_list.php',
type: 'post',
data: {
submit: s,
comp_emp_id: ceid,
// uploaded_file: file_data,
form_data: form_data,
cname: cname1,
location: loc1,
ename: ename1,
job_title: title,
emp_email: email,
emp_mo: mo,
emp_addr: addr,
join_on: j_on,
cache: false,
contentType: false,
processData: false,
},
success: function(data) {
window.location='company_emp_list.php';
// alert('done');
}
});
}
});
});
$(function(){
$('#update').click(function(){
var u = $('#update').val();
var ui = $('#uid').val();
// var cid1 = $('#cid').val();
var cname1 = $('#cname').val();
var loc1 = $('#location').val();
var ename1 = $('#ename').val();
var title = $('#job_title').val();
var email = $('#emp_email').val();
var mo = $('#emp_mo').val();
var addr = $('#emp_addr').val();
var j_on = $('#join_on').val();
var l_on = $('#leave_on').val();
var reg = /^([A-Za-z0-9_\-\.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/;
var validEmail = reg.test(email);
var reg1 = /^(\+\d{1,3}[- ]?)?\d{10}$/;
var validMobile = reg1.test(mo);
if(cname1.length == '') {
$('.cname_error').remove();
$('#cname').after("<span class='cname_error error'>Company name is required</span");
return false;
}
else if(ui.length == '') {
$('.uid_error').remove();
$('#uid').after("<span class='uid_error error'>User Id is required</span");
return false;
}
// else if(cid1.length == '') {
// $('.cid_error').remove();
// $('#cid').after("<span class='cid_error error'>Company Id is required</span");
// return false;
// }
else if(loc1.length == '') {
$('.loc_error').remove();
$('#location').after("<span class='loc_error error'>Location is required</span");
return false;
}
else if(ename1.length == '') {
$('.ename_error').remove();
$('#ename').after("<span class='ename_error error'>Employee name is required</span");
return false;
}
else if(title.length == '') {
$('.job_title_error').remove();
$('#job_title').after("<span class='job_title_error error'>Job title is required</span");
return false;
}
else if(email.length == '') {
$('.emp_email_error').remove();
$('#emp_email').after("<span class='emp_email_error error'>Employee email is required</span");
return false;
}
else if(!validMobile) {
$('.emp_mo_error').remove();
$('#emp_mo').after("<span class='emp_mo_error error'>Invalid mobile number</span>");
return false;
}
else if(!validEmail) {
$('.emp_email_error').remove();
$('#emp_email').after("<span class='emp_email_error error'>Invalid Employee Email</span");
return false;
}
else if(mo.length == '') {
$('.emp_mo_error').remove();
$('#emp_mo').after("<span class='emp_mo_error error'>Employee mobile number is required</span");
return false;
}
else if(addr.length == '') {
$('.emp_addr_error').remove();
$('#emp_addr').after("<span class='emp_addr_error error'>Employee Address is required</span");
return false;
}
else if(l_on.length == '') {
$('.leave_on_error').remove();
$('#leave_on').after("<span class='leave_on_error error'>Employee leave date is required</span");
return false;
} else {
console.log('Strating ajax');
$.ajax({
url: 'ajax_add_company_emp_list.php',
type: 'post',
data: {
update: u,
uid: ui,
// cid: cid1,
cname: cname1,
location: loc1,
ename: ename1,
job_title: title,
emp_email: email,
emp_mo: mo,
emp_addr: addr,
join_on: j_on,
leave_on: l_on
},
success: function(data) {
window.location='company_emp_list.php';
// alert('done');
}
});
}
});
});
</script>
<?php
if(isset($_GET['id'])) {
$id = $_GET['id'];
$query = mysqli_query($conn, "SELECT * FROM company_employee_list WHERE emp_id = '".$id."'");
$q = mysqli_fetch_array($query);
}
?>
<!-- <link rel="stylesheet" href="assets/css/signup_step_one.css" type="text/css"> -->
<div id="content" class="my-account">
<div class="container">
<div class="row">
<div class="center-box">
<div class="my-account-form">
<ul class="cd-switcher">
<li class="selected heading-title t1">
Add Employee Details
</li>
</ul>
<div id="cd-login" class="is-selected">
<div class="page-login-form">
<form role="form" class="login-form" method="post" enctype="multipart/form-data">
<div class="form-group is-empty">
<div class="input-icon">
<input type="text" id="cname" class="form-control" name="company_name" autofocus placeholder="Company Name" value="<?php if(!empty($_GET['id'])) { echo $q['company_name']; } ?>">
</div>
<span class="material-input"></span>
</div>
<div class="form-group is-empty">
<div class="input-icon">
<input type="text" id="location" class="form-control" name="location" autofocus placeholder="Location" value="<?php if(!empty($_GET['id'])) { echo $q['location']; } ?>">
</div>
<span class="material-input"></span>
</div>
<div class="form-group is-empty">
<div class="input-icon">
<input type="text" id="ename" class="form-control" name="emp_name" autofocus placeholder="Employee name" value="<?php if(!empty($_GET['id'])) { echo $q['emp_name']; } ?>">
</div>
<span class="material-input"></span>
</div>
<div class="form-group is-empty">
<div class="input-icon">
<input type="text" class="form-control" placeholder="Job Title" id="job_title" name="job_title" value="<?php if(!empty($_GET['id'])) { echo $q['job_title']; } ?>">
</div>
<span class="material-input"></span>
</div>
<div class="form-group is-empty">
<div class="input-icon">
<input type="text" class="form-control" placeholder="Employee email" id="emp_email" name="emp_email" value="<?php if(!empty($_GET['id'])) { echo $q['emp_email']; } ?>">
</div>
<span class="material-input"></span>
</div>
<div class="form-group is-empty">
<div class="input-icon">
<input type="text" id="emp_mo" class="form-control" name="emp_mo" maxlength="10" placeholder="Employee Mobile" value="<?php if(!empty($_GET['id'])) { echo $q['emp_mo']; } ?>">
</div>
<span class="material-input"></span>
</div>
<div class="form-group is-empty">
<div class="input-icon">
<input type="text" id="emp_addr" class="form-control" name="emp_addr" placeholder="Employee Address" value="<?php if(!empty($_GET['id'])) { echo $q['emp_addr']; } ?>">
</div>
<span class="material-input"></span>
</div>
<div class="form-group is-empty">
<button class="btn btn-common" name="upload" id="upload">Choose an Image</button>
<input id="ImageBrowse" type="file" name="uploaded_file">
</div>
<?php
if(isset($_GET['id'])== 0) {
?>
<div class="form-group is-empty">
<div class="input-icon">
<input type="date" id="join_on" class="form-control" name="join_on" value="<?php if(!empty($_GET['id'])) { echo $q['join_on']; } ?>">
</div>
<span class="material-input"></span>
</div>
<?php } else { ?>
<div class="form-group is-empty">
<div class="input-icon">
<input type="date" id="join_on" class="form-control" name="join_on" value="<?php if(!empty($_GET['id'])) { echo $q['join_on']; } ?>" disabled>
</div>
<span class="material-input"></span>
</div>
<div class="form-group is-empty">
<div class="input-icon">
<input type="date" id="leave_on" class="form-control" name="leave_on" value="<?php if(!empty($_GET['id'])) { echo $q['leave_on']; } ?>">
</div>
<span class="material-input"></span>
</div>
<?php } ?>
<?php
if(isset($_GET['id'])== 0) {
?>
<?php
$c_id=$id['company_id'];
$q=mysqli_query($conn,"SELECT comp_emp_id FROM company_employee_list WHERE company_id='".$c_id."'");
$e=mysqli_fetch_array($q);
$x=mysqli_num_rows($q);
?>
<input type="hidden" name="comp_emp_id" id="c_e_id" value="<?= $x+1;?>">
<button class="btn btn-common log-btn" id="submit" name="submit" type="button">Add</button>
<?php } else { ?>
<input type="hidden" name="uid" id="uid" value="<?= $_GET['id']; ?>">
<!-- <input type="hidden" name="cid" id="cid" value="<?= $cid; ?>"> -->
<button class="btn btn-common log-btn" id="update" name="update" type="button">Update</button>
<?php } ?>
</form>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="dataa">
</div>
<?php
if(!empty($_FILES['uploaded_file'])) {
// $file_name = $_FILES['uploaded_file']['name'];
// $file_tmp = $_FILES['uploaded_file']['tmp_name'];
$path = "uploads/";
$paths = $path . basename($_FILES['uploaded_file']['name']);
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $paths)) {
echo "The file". basename($_FILES['uploaded_file']['name']) . "has been uploaded";
} else {
echo "failed";
}
}
?>
<?php
include('include/footer.php');
?>
ajax_add_company_emp_list.php
<?php
session_start();
include('config.php');
$query = mysqli_query($conn, "SELECT company_id FROM employer_account WHERE email = '".$_SESSION['user']."' ");
$id = mysqli_fetch_array($query);
if(isset($_POST['submit'])) {
$c_e_id = $_POST['comp_emp_id'];
$image = $_POST['uploaded_file']
$c_name = $_POST['cname'];
$loc = $_POST['location'];
$e_name = $_POST['ename'];
$title = $_POST['job_title'];
$email = $_POST['emp_email'];
$mo = $_POST['emp_mo'];
$addr = $_POST['emp_addr'];
$j_date = $_POST['join_on'];
$query = "INSERT INTO company_employee_list(company_id, comp_emp_id, image, company_name, location, emp_name, job_title, emp_email, emp_mo, emp_addr, join_on) VALUES('".$id['company_id']."', '".$c_e_id."', '".$image."', '".$c_name."', '".$loc."', '".$e_name."', '".$title."','".$email."','".$mo."', '".$addr."', '".$j_date."')";
$q = mysqli_query($conn, $query);
if($q) {
header("Location:company_emp_list.php");
} else {
header("Location:add_company_emp_list.php");
}
}
if(isset($_POST['uid'])) {
$id = $_POST['uid'];
$c_name = $_POST['cname'];
$loc = $_POST['location'];
$e_name = $_POST['ename'];
$title = $_POST['job_title'];
$email = $_POST['emp_email'];
$mo = $_POST['emp_mo'];
$addr = $_POST['emp_addr'];
$j_date = $_POST['join_on'];
$l_date = $_POST['leave_on'];
$query = "UPDATE company_employee_list SET company_name = '".$c_name."', location = '".$loc."', emp_name = '".$e_name."', job_title = '".$title."', emp_email = '".$email."', emp_mo = '".$mo."', emp_addr = '".$addr."', join_on = '".$j_date."', leave_on = '".$l_date."' WHERE emp_id = '".$id."' ";
$q = mysqli_query($conn, $query);
if($q) {
header('Location:company_emp_list.php');
} else {
header("Location:add_company_emp_list.php");
}<pre lang="PHP"><pre lang="PHP"><pre lang="PHP"><pre lang="PHP"><pre lang="PHP"><pre lang="PHP"><pre lang="PHP"><pre lang="PHP">
}
$идентификатор = параметр $_GET['идентификатор'];
$query = mysqli_query($conn, "удалить из списка company_employee_list, где emp_id = '".$id."'");
?>
окно.местоположение='company_emp_list.php';
<pre><pre>
изображение не загружается и его показывают с ошибкой
Что я уже пробовал:
я пробовал посетить много сайтов, но не решился
Richard MacCutchan
Какая ошибка? Где это происходит?
Richard Deeming
Ваш код уязвим для SQL-инъекция[^]. НИКОГДА используйте конкатенацию строк для построения SQL-запроса. ВСЕГДА используйте параметризованный запрос.
Все, что вы хотели знать о SQL-инъекции (но боялись спросить) | Трой Хант[^]
Как я могу объяснить SQL-инъекцию без технического жаргона? | Обмен Стеками Информационной Безопасности[^]
Шпаргалка по параметризации запросов | OWASP[^]
PHP: SQL-инъекция - руководство пользователя[^]
РНР: Подготовленные инструкции и хранимые процедуры - руководство пользователя[^]