PHP Issue

Invent · 22-07-2007, 01:20 PM

If thats the WHOLE code of the file, make sure you're including the file which contains your database information.

ScottDiamond. · 22-07-2007, 01:25 PM

Originally Posted by Invent

If thats the WHOLE code of the file, make sure you're including the file which contains your database information.

Ditto. config.php, for example.

* · 22-07-2007, 05:11 PM

WOW that code is SO insecure.
By having a GET variable directly inputted into a query is suicide.
That easily allows SQL injection and could delete the whole of your database.
TOTAL FIX + SECURITY FIX:

PHP Code:


<?php

if(empty($_GET['category']) == true) {

echo "<a href="products.php?category=soccer">Soccer Trophies</a><br />"; }else{

$cat = addslashes($_GET['category']);



$query = mysql_query("SELECT * FROM catalogue WHERE category = '$cat'"); 

     

if(mysql_error()) {

print(mysql_error());

}



while($row = mysql_fetch_array($query)) {

echo(" 



<table border='1'>

<tr>

<td><img src='images/".$row[item_number].".JPG'></td>

</tr>

<br>

<tr>

<td>Item Number: ". $row['item_number']."</td>

</tr>

</tr><br>

<tr><td>".$row[price]." GBP (Great Brittish Pounds)</td></tr>

<br>

</table>

<br>

");

}

?>

Rep if this works :rolleyes:

Jamie. · 23-07-2007, 08:09 PM

PHP Code:


<?php
   $conn = mysql_connect("localhost","USERNAME","PASSWORD");
   mysql_select_db(DATABASENAME) or die(mysql_error());
if(empty($_GET['category']) == true) {
echo "<a href="products.php?category=soccer">Soccer Trophies</a><br />"; }else{
$cat = addslashes($_GET['category']);

$query = mysql_query("SELECT * FROM catalogue WHERE category = '$cat'"); 
     
if(mysql_error()) {
print(mysql_error());
}

while($row = mysql_fetch_array($query)) {
echo(" 

<table border='1'>
<tr>
<td><img src='images/".$row[item_number].".JPG'></td>
</tr>
<br>
<tr>
<td>Item Number: ". $row['item_number']."</td>
</tr>
</tr><br>
<tr><td>".$row[price]." GBP (Great Brittish Pounds)</td></tr>
<br>
</table>
<br>
");
}
?>

ScottDiamond. · 23-07-2007, 09:56 PM

Originally Posted by Jamie.

PHP Code:


<?php
   $conn = mysql_connect("localhost","USERNAME","PASSWORD");
   mysql_select_db(DATABASENAME) or die(mysql_error());
if(empty($_GET['category']) == true) {
echo "<a href="products.php?category=soccer">Soccer Trophies</a><br />"; }else{
$cat = addslashes($_GET['category']);

$query = mysql_query("SELECT * FROM catalogue WHERE category = '$cat'"); 
     
if(mysql_error()) {
print(mysql_error());
}

while($row = mysql_fetch_array($query)) {
echo(" 

<table border='1'>
<tr>
<td><img src='images/".$row[item_number].".JPG'></td>
</tr>
<br>
<tr>
<td>Item Number: ". $row['item_number']."</td>
</tr>
</tr><br>
<tr><td>".$row[price]." GBP (Great Brittish Pounds)</td></tr>
<br>
</table>
<br>
");
}
?>

No they would have to inculde the config.

Jamie. · 23-07-2007, 09:59 PM

yeh but i was just showing -.- so neh

Tomm · 24-07-2007, 08:20 AM

Create a file with this and include all the configs, etc.

PHP Code:


<?php
require_once('myconfig.php');

$query = "SHOW TABLES;";
$res = mysql_query($query) or die (mysql_error());
$rows = mysql_fetch_assoc($res);
do {
var_dump($rows);
} while($rows = mysql_fetch_assoc($res));

?>

If this returns nothing then there is a problem on the MySQL side, is it returns all the tables in the current database there is a problem with your script.

* · 24-07-2007, 12:52 PM

Jamie why take my code :S

Jamie. · 25-07-2007, 07:05 PM

i adapted it actually

~~Blob~~ · 25-07-2007, 07:24 PM

Originally Posted by Jamie.

PHP Code:


$conn = mysql_connect("localhost","USERNAME","PASSWORD");

   mysql_select_db(DATABASENAME) or die(mysql_error());

Originally Posted by *

Jamie why take my code :S

You talking about that? Because that aint your code, so he can use it all he likes.

Thread: PHP Issue

Thread Tools

Posting Permissions