Jump to content

Recommended Posts

Hi Guys,

 

I have a table with 10 fields and the productid is the primary key. If the table has 10 entries and all the productid's vary (i.e. 1, 4, 7, 9, 14, 15, 19, 20, 34, 55). I want a sql query that returns the number 55 as its the highest. I can use the mysql_num_rows(); but that only gives me the number of rows (i.e. 10).

 

Help guys...

 

 

[attachment deleted by admin]

Link to comment
https://forums.phpfreaks.com/topic/151511-get-the-biggest-primary-id-in-a-table/
Share on other sites

$imageid = $_GET['imageid'];
if ($_GET['imageid'] == "") {
	$imageid = 1;
}
if ($_SESSION['loginflag'] == true) 
{
	$sql = "SELECT MAX(productid) AS MAXID from product";
	$result = mysql_query($sql);
	$row = mysql_fetch_array($result);
	$maxid = $row['MAXID'];

	$sql_products = "SELECT * FROM product WHERE productid = '$imageid'";
	$result_products = mysql_query($sql_products);
	$row_products = mysql_fetch_array($result_products);
	$image = $row_products['picture'];
	$imgdir = $_SERVER['DOCUMENT_ROOT']."/EComm/images/user";
	$imagenext = $imageid + 1;
	if ($imagenext == $maxid) {
		echo '<a href="catalogue.php?imageid=1">next</a>';
		break;
	}
	$sql_next = "SELECT * FROM product WHERE productid = '$imagenext'";
	$result_next = mysql_query($sql_next);
	$count_next=mysql_num_rows($result_next);

		While ($count_next == 0) {
			$imagenext = $imagenext + 1;
			$sql_imagenext = "SELECT * FROM product WHERE productid='$imagenext'";
			$result_imagenext = mysql_query($sql_imagenext);
			$count_next=mysql_num_rows($result_imagenext);
		}
		echo '<a href="catalogue.php?imageid='.$imagenext.'">next</a>';

	echo '<img src="images/shop/'.$image.'" alt="home" border="0" />';

}

I have attached the code that I am trying to build. I have the image displayed and a next link that takes me to the next image in the database. Now if I have reached the last image in the database then I would like the next to point to imageid 1...

 

Please do advise if you see ways of improving this.

 

Cheers

There is potential for SQL injections in this.

 

I have copied the relevant sections of code here:

 

$imageid = $_GET['imageid'];
   if ($_GET['imageid'] == "") {
      $imageid = 1;
   }
$sql_products = "SELECT * FROM product WHERE productid = '$imageid'";

 

What if they typed something like this into the $_GET['imageid']:

 

hi' or 1=1 '

 

It would get all the rows! Also they could try to add in other more annoying things in, so best to protect against it.

 

Two things you can do:

 

$imageid = addslashes($_GET['imageid']);
   if ($_GET['imageid'] == "" || !is_int(intval($_GET['imageid']))) {
      $imageid = 1;
   }

 

I've added the addslashes function to protect from injections. Also I've added the is_int into the validation. This will make sure that it is only an integer as well. Technically you don't need both but I like to be thorough!

You should use the function mysql_real_escape_string, not addslashes.

 

Ken

 

For the purposes of this I don't think it matters too much - there's always a debate as to which one to use. I do use real escape myself - but with this everything is covered by the is_int and intval I believe.

 

For abch624 you might as well use mysql_real_escape_string() but I would still use the is_int and intval as well.

Its an Int!!

 

$imageid = $_GET['imageid'];
   if ($_GET['imageid'] == "") {
      $imageid = 1;
   }
$sql_products = "SELECT * FROM product WHERE productid = '$imageid'";

to

$imageid = (int)(!empty($_GET['imageid']))?$_GET['imageid']:1; //default to 1 and forces to int
$sql_products = sprintf("SELECT * FROM product WHERE productid = %d ",$imageid);

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.