Jump to content


Staff Alumni
  • Posts

  • Joined

  • Last visited

  • Days Won


Posts posted by awjudd

  1. Do you have indexes on either of the tables?


    I would also suggest against using the ANSI JOINs (,) and move to using INNER JOINs because you will not be CROSS JOINing your dataset.


    SELECT pd.product_id, pd.product_name, pp.sales_price_inc_vat, ptc.* 
    FROM product_data pd
    JOIN product_pricing pp ON pd.product_id = pp.product_id
    JOIN products_to_categories ptc ON pp.product_id = ptc.product_id



  2. I think you are missing a / in front of the path in readfile.  As it stands right now, it is looking in a subdirectory for a var/www/vhosts... when I think you actually want it to be from /var/www .... And how is $name populated, you never said in your post.  If you echo the actual path you are passing into readfile, is it the file you expect?



  3. Are you sending in a query parameter called "userinput"?  If you aren't then your script is looking for that (i.e. $_GET['userinput'] looks there).


    Side Note: You should be careful and sanitize your input because someone could SQL inject you there.



  4. It is happening because the $_GET variable 'option' doesn't exist (i.e. it is not in your query string).


    You can resolve this by doing something like ...

    $option = '';
    if (  isset ( $_GET [ 'option' ] ) ) 
        $option = $_GET['option'];


    That said, this is a fairly big security risk leaving it open like this ...



  5. @Drummin - Oh God no!  CROSS JOINing each of the tables for this is a bad idea.  As well, you will get an ambiguous column error if you do that because $field is in all of them (not to mention your code is very susceptible to SQL injection).


    // Validate the field type
    $availableFields = array ( 'postcode', 'location', 'company_name' );
    if ( ! ( in_array ( $_POST [ 'field' ], $availableFields ) )
        die ( 'Invalid Field Selected.' );
    $field = $_POST [ 'field' ];
    $var = mysql_real_escape_string ( $_POST [ 'var' ] );
    $query = 'SELECT 'freeuser' AS usertype, id, company_name, location, postcode FROM freelistings WHERE ' . $field . ' LIKE \'%' . $var . '%\'
                    UNION ALL
                    SELECT 'basicuser' AS usertype, id, company_name, location, postcode FROM basicpackage WHERE ' . $field . ' LIKE \'%' . $var . '%\'
                    UNION ALL
                    SELECT 'premiumuser' AS usertype, id, company_name, location, postcode FROM premiumuser WHERE ' . $field . ' LIKE \'%' . $var . '%\'';


    That said, I have to agree with everyone else who suggests against using multiple tables to store this information.  It just plain old doesn't make sense.



  6. If applications made stuff, then don't delete it.  You should only mess around with stuff you created yourself.  They weren't created for no apparent reason.


    The phpmyadmin one was created so you can have the bookmarking and stuff that is built into phpmyadmin.



  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.