wwwroth
-
Posts
2 -
Joined
-
Last visited
Posts posted by wwwroth
-
-
You're not sanitizing your database queries. Look at your first query where you insert a $_GET variable right into the SQL string. That means anything a user puts in that URL parameter goes right into your database. This can be devastating. Read more about it at the link below and here's how to solve that problem.
Instead of...
$query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$_GET['id']}'";
Make it...
$idUrl = mysql_real_escape_string($_GET['id']); $query2 = "SELECT EventFees_id, EventFees_item, EventFees_fee, EventFees_event FROM EventFees WHERE EventFees_event = '{$idUrl}'";
http://php.net/manual/en/security.database.sql-injection.php
counting issues
in MySQL Help
Posted · Edited by wwwroth
Change
to
What's happening here is you define the variable $i as 0, then every time row2[1] equals Active you notch it up 1. Then after the loop you echo the count. This is how you could count it in PHP but it's more efficient and effective to do it the way Barand mentioned. SQL will add up the total number of rows selected by that query and you could echo it by $rw['total'];