1

I am not a PHP guy and would really love to see what the below PHP script looks like in ASP.NET (I am working in 3.5 but anything that gets me started would be wonderful). I have tried downloading Microsoft's migration assistant but am having difficulties running it on my machine. Any kind soul out there willing to convert this for me?

<?php
include('dbcon.php');

if($_REQUEST['comment_text'] && $_REQUEST['post_id'])
{
    $userip = $_SERVER['REMOTE_ADDR'];

    mysql_query("INSERT INTO facebook_posts_comments (post_id,comments,userip,date_created) VALUES('".$_REQUEST['post_id']."','".$_REQUEST['comment_text']."','".$userip."','".strtotime(date("Y-m-d H:i:s"))."')");

    $result = mysql_query("SELECT *,
    UNIX_TIMESTAMP() - date_created AS CommentTimeSpent FROM facebook_posts_comments order by c_id desc limit 1");
}

while ($rows = mysql_fetch_array($result))
{
    $days2 = floor($rows['CommentTimeSpent'] / (60 * 60 * 24));
    $remainder = $rows['CommentTimeSpent'] % (60 * 60 * 24);
    $hours = floor($remainder / (60 * 60));
    $remainder = $remainder % (60 * 60);
    $minutes = floor($remainder / 60);
    $seconds = $remainder % 60; ?>
    <div class="commentPanel" id="record-<?php  echo $rows['c_id'];?>" align="left">
        <img src="small.png" width="40" class="CommentImg" style="float:left;" alt="" />
        <label class="postedComments">
            <?php  echo $rows['comments'];?>
        </label>
        <br clear="all" />

        <span style="margin-left:43px; color:#666666; font-size:11px">
        <?php

        if($days2 > 0)
        echo date('F d Y', $rows['date_created']);
        elseif($days2 == 0 && $hours == 0 && $minutes == 0)
        echo "few seconds ago";     
        elseif($days2 == 0 && $hours == 0)
        echo $minutes.' minutes ago';
        else
        echo "few seconds ago"; 

        ?>
        </span>

        <?php
        $userip = $_SERVER['REMOTE_ADDR'];
        if($rows['userip'] == $userip){?>
        &nbsp;&nbsp;<a href="#" id="CID-<?php  echo $rows['c_id'];?>" class="c_delete">Delete</a>
        <?php
        }?>
    </div>
<?php
}?>
Improve this question
4
  • It's arguable, but I find it's best not to argue :) Commented Jul 9, 2010 at 13:46
  • Your question is "Any kind soul out there willing to convert this for me?" which I believe explains the use of do-my-work tag perfectly. Essentially you want the SO community to do your work. You don't have any specific PHP question to ask, you're just unwilling to learn the language. Commented Jul 9, 2010 at 13:53
  • @Anax - I suppose if I had the luxury of time and wasn't working on a project deadline and worked at a company that wasn't 100% Microsoft 24/7 then your comment would be valid. But from my vantage point, spending a lot of time on a to learn a language I will never use at work (not to mention burning deadline time) doesn't seem the way to go. I guess if that means I am lazy to you, so be it. Commented Jul 9, 2010 at 14:03
  • your points and time pressure are understandable, but your arguments are just validating what this tag represents. If you feel offended, you need to put some work on your own. Commented Jul 9, 2010 at 14:21

2 Answers 2

Reset to default
4

I just love questions that expose SQL injection vulnerabilities.

mysql_query("INSERT INTO facebook_posts_comments
             (post_id,comments,userip,date_created)
       VALUES('".$_REQUEST['post_id']."','".$_REQUEST['comment_text']."','".$userip."','".strtotime(date("Y-m-d H:i:s"))."')");
                 ^ SQL Injection!           ^ SQL Injection!
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

wow, where do you even start with that query.. the use of $_REQUEST, unsanitized input
He may be sanitising with a foreach on the request array before getting here?
actually, looking closer, doubt it :D
Since I am not a PHP guy the SQL injection stuff isn't obvious to me but if you want to point it out to the author of this script, this link is where it came from: 99points.info/2010/07/…
PHP guy or not, any time you see a SQL command string with any kind of variable concatenated directly into it sirens should go off :)
2

If what you're looking for is a direct line-by-line conversion, you're definitely not going to find that here. There's a lot that needs to be cleaned up in that, and just directly porting it to .NET would require writing code in a way that nobody here wants to be responsible for :)

You're much better off separating out the various pieces of functionality taking place there and putting each piece into its proper context in .NET (also, are you talking web forms or MVC? makes a big difference in converting this code). Now, based on the text of your question, it sounds like you are familiar with .NET and are not familiar with PHP, and you're just trying to know what this does? Or are you not familiar with either? It's a little unclear.

If you're just trying to figure out what this code does, what specifically are you having trouble with? The request variable gathering? The database interaction? All the silly date/time math?

Improve this answer

6 Comments

Thanks David. I can figure out all the obvious conversion math. What I am unfamiliar with (as you have observed) is all the PHP syntax. I am very familiar with .NET and completely unfamiliar with PHP. To that end, the project I am working on is using web forms (a la Domain Driven Design). Thanks again.
Do you have any specific questions about the syntax? Honestly, this is a really broad one for this site. Code blocks are enclosed in ? brackets, variables start with $, $_REQUEST and $_SERVER are built-in (like Request and Server in .NET), etc. The rest seems similar enough to C-style syntax to be readable. Or, when you say .NET, do you very specifically mean VB?
Also, is the inline code/HTML mix tripping you up? Since you're using web forms you may just not be familiar with this style. If that's the case, I highly recommend some spare-time learning on the ASP.NET implementation of MVC. In fact, this may interest you (and possibly your company): mvcconf.com
Oh, maybe the string concatenation is unfamiliar to you? The "." operator in PHP is for string concatenation. C# and VB use + and & and things like that, but it's the same concept.
David - thanks for your help. I have converted the code and it wasn't hard at all. I suppose this is a case of leaping (or posting) before I looked (at the code). I guess time pressures sent me looking for a quick fix. I suppose I concede to Anax here. Anyway, thanks a bundle for getting my brain pointed in the right direction.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.