co.ador Posted August 1, 2009 Share Posted August 1, 2009 $query = 'SELECT * FROM table1 WHERE id = '.intval($id). ' LIMIT 1 ;'; // execute query $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); // see if any rows were returned if (mysql_num_rows($result) > 0) { $row = mysql_fetch_row($result); { echo '<table width="100%" border="0" cellspacing="0" cellpadding="0" class="itemdetails"> <tr> <td width="1100" height="350" bgcolor="#FFFFFF" class="tento"> <table class="cafe"><tr><td width="547"> <a href="#"><h3 align="justify" style="position:relative; height:5px; top: 10px;">',$row[2] ,'</h3></a> </td>'; echo'<tr>'; echo'<td height="4">'; $sql="SELECT rating, COUNT(rating) as total FROM rating WHERE (item_name='$shoename') GROUP BY rating"; $result=mysql_query($sql); $number = array( "one","two","three","four","five"); $total = array_fill(1, 5, 0); if (mysql_num_rows($result) >=0) { while ($row= mysql_fetch_assoc($result)) { $total[$row['rating']]= $row['total']; } foreach($number as $K =>$num) { echo'<table style="font-size:10; position:relative; left:26px;">'; echo '<td width="42"><h3>'.($K+1).' Star</h3></td> <td width="15"><ul class="rating '.$num.'star"> <li class="one">1</li> <li class="two">2</li> <li class="three">3</li> <li class="four">4</li> <li class="five">5</li> <li class="total">['.$total[$K+1].']</li> </ul></td></table>'; } } echo'</td>'; echo'</tr>'; echo'<td width="321" rowspan="10"></td> <tr> <td height="4" colspan="2"><img src="../images/line..gif" alt="df" width="330" height="7" /></td> </tr> <tr> <td width="400" height="52" class="foro"><img src="../images/itemspecifications.gif" alt="tr" /></td> </tr> <td width="400" height="4" style="font-size:11;"><ul> <li>'.$row[3] .'</li> </ul></td> <tr> <td width="400" height="4" style="font-size:11;"><ul> <li>',$row[4] ,'</li> </ul></td> </table>'; The script above uses two sql injection. The first injection uses Index [2], [3], [4] and it work good it load the information but it only display the information found in the index [2] but not [3] and [4] to the browser, Check that indexes [3] and [4] are coded after the second Slq injection $sql="SELECT rating, COUNT(rating) as total FROM rating WHERE (item_name='$shoename') GROUP BY rating";. I want to display index [3] and [4] field found in the first sql injection of table1 at the top. But indexes [3] and [4] doesn't display in the browser as I said before, I guess because php is getting confused and doesn't know if I am trying to use the indexes in the first SQL injection or second SQL injection. Can anybody help me to specify to php that the indexes I want to display information from are indexes found in the first SQL injection. not of the second injection. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.