php is inserting empty data in mysql database automatically everyday

Question

I have created an application where user can send notification to other devices with php as backend and fcm notification. On successfully sending the notification it store the details of notification and notification sender(user) on mysql database with table name 'notification' and 'sender_details'. However, new empty data are being stored in these two table everyday while the app is not even opened by anybody. Please Help

<?php
include('../conn.php');
$api_key="xxx";
    
    $url="https://fcm.googleapis.com/fcm/send";
    $fields=json_encode(array('to'=>$to,'notification'=>$data));

    // Generated by curl-to-PHP: http://incarnate.github.io/curl-to-php/
    $ch = curl_init();

    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, ($fields));

    $headers = array();
    $headers[] = 'Authorization: key ='.$api_key;
    $headers[] = 'Content-Type: application/json';
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

    $result = curl_exec($ch);
    if (curl_errno($ch)) {
        echo 'Error:' . curl_error($ch);
    }
    curl_close($ch);
}

//fetching data
if (!$conn) {
  die("Connection failed: " . mysqli_connect_error());
}

$date3 = date('Y-m-d');

  $sqlm = "SELECT dateonly FROM user_details WHERE token='".$_POST['token']."' AND dateonly='$date3'";

$result3 = mysqli_query($conn, $sqlm);
        if (mysqli_num_rows($result3) > 0) {  
              echo "alreadysend";
          }else{
 
$sql = "SELECT * FROM data WHERE group='".$_POST['group']."'";
$result = mysqli_query($conn, $sql);

if (mysqli_num_rows($result) > 0) {  
  // output data of each row
  while($row = mysqli_fetch_assoc($result)) {
      
       
      $to=$row["token"];
      
      //for sending email
       $email=$row["email"];
      
      
      
     
    $time2=date_default_timezone_set('Asia/Katmandu');
$date2 = date('Y-m-d h:i:s a', time());



      $sql2 = "INSERT INTO user_details (name, phone, city)
VALUES ('".$_POST['name']."', '".$_POST['phone']."', '".$_POST['city']."')";
      
      if ($conn->query($sql2) === TRUE) {
           echo "New record created successfully";
} else {
          
  echo "Error: " . $sql2 . "<br>" . $conn->error;
}
 
//end of second sql queries
      // 2. for body of message
      
           $body = $_POST["name"].' needs ' at '.$_POST["city"].', '.$_POST["hospital"].' hospital. Contact on the following number: '.$_POST["phone"].' (Message from them: '.$_POST["message"].')';

      // 3. for title
        $title = New Notification';
      
$data=array(
    'title'=> $title,
    'body'=>$body,
      'image' => $img,
        'vibrate'   => 1
);

      $time=date_default_timezone_set('Asia/Katmandu');
$date = date('Y-m-d h:i:s a', time());

 $dateonly = date('Y-m-d');
     
      $sql3 = "INSERT INTO notifications (title, body, time, dateonly)
VALUES ('$title', '$body', '$date', '$dateonly')";
      
      if ($conn->query($sql3) === TRUE) {
           echo "New record created successfully";
} else {
          
  echo "Error: " . $sql3 . "<br>" . $conn->error;
}
 
//end of third sql queries 
      

notify($to,$data);      
      
     
  }
  
  
  
  } else {
  echo "noresults";
}


}
         
 
mysqli_close($conn);

?>

All the post data are being received from the app

Check your HTTP logs, see if you can find where the request is coming from at that time. — aynber, Oct 19 '21 at 13:00
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Oct 19 '21 at 13:02
Are you sure you don't have a cron job which calls it or something? Otherwise, yes, check your webserver logs in the first instance. Just from looking at the code which gets called we cannot tell you _how_ it gets called. — ADyson, Oct 19 '21 at 13:03
This code contains syntax errors. Please correct it and format it — Dharman, Oct 19 '21 at 13:03
going to remove the android tag here, feel free to add it back if you think this involves android — a_local_nobody, Oct 19 '21 at 13:03
if you think your problem is sql related, you can try to reproduce by removing everything that is not sql (curl, ...) and provide fully working example to reproduce the issue. what is making you thinking it comes from the code you are sharing if it happens while it is not accessible (application closed) ? — Tuckbros, Oct 19 '21 at 15:05
Check for the following: 1) access logs to see where the request is coming in from and track your date time from there if you have it stored in the db 2) Check if you have any CRON job setup 3) Check that if any of the browser tabs has that page opened in it, once you open up your browser after a restart/sleep it refreshes the old tabs and in that way the code might get triggered. — MansoorShiraz, Oct 19 '21 at 17:53

php is inserting empty data in mysql database automatically everyday

0 Answers0