jpsagrisolution.com - UnknownSec 403

UnknownSec Bypass 403

: /var/www/html/adminpnl/ [ drwxr-xr-x ]
name : SaveUpdateHoliday.php
 <?php

require_once "../config.php";
 require_once "../conclass.php";



$holidaydate = $_POST['holidaydate'];
$holidaydescription= $_POST['holidaydescription'];
     $id = $_POST['id'];
  $canteen = $_POST['canteenname'];
      $btntext = $_POST['btntext'];

    $eventArray = array();
    $eventArray=explode('-',$holidaydate);

         $strholidaydate = intval($eventArray[2])."-".intval($eventArray[1])."-".intval($eventArray[0]);
         $strholidaydatestring = intval($eventArray[0])."-".intval($eventArray[1])."-".intval($eventArray[2]);
           $creationdatetime = date("y-m-d");

        $message= "";

       $cnt="";

$query = "select count(0) as count from mastertb where  canteenName='".$canteen."' and holidaydate='".$strholidaydatestring."' and identifier='".$gHolidayIdentifier."'
            and isdeleted='".$NotDeleted."'";

          $result = mysqli_query($conn,$query);
 while($row = mysqli_fetch_array($result))
 {
              $data["count"]= $row["count"];

     }

    $message=$data["count"];

    if($btntext=="Save")
    {
      if($message=="0")
            {
              $query="insert into mastertb(holidaydate,holidaydate1,holidaydescription,identifier,isdeleted,creationDateTime,userdetailid,canteenname) Values('".$strholidaydatestring."','".$strholidaydate."','".$holidaydescription."','".$gHolidayIdentifier."','".$NotDeleted."','".$creationdatetime ."',1,'".$canteen."')";
              $result = mysqli_query($conn, $query);

              if($result==true)
               $message="1";
            }
            else
            {
              $message="2";
            }

         }
            else if($btntext=="Update")

            {

            $query = "select count(0) as count from mastertb where ID!='".$id."' and  canteenName='".$canteen."' and holidaydate='".$strholidaydatestring."' and identifier='".$gHolidayIdentifier."'
              and isdeleted='".$NotDeleted."'";
          $result = mysqli_query($conn,$query);
         while($row = mysqli_fetch_array($result))
      {
              $data["count"]= $row["count"];

      }

            if($data["count"]=="0")
                      {
                  $query="Update mastertb set holidaydate='".$strholidaydatestring."',holidaydate1='".$strholidaydate."',holidaydescription='".$holidaydescription."' where id='".$id."'";
                   $result = mysqli_query($conn, $query);

                    if($result==true)
                       $message="3";

                       }
                       else
                       {
                            $message="2";
                       }

            }
            else if($btntext=="Delete")
            {
                           $query=" delete from mastertb where id='".$id."'";
                           $result = mysqli_query($conn, $query);

                if($result==true)
                      $message="4";


            }


    echo json_encode($message);

?>