Jump to content

Is this a parsing Problem?

co.ador

By co.ador
in PHP Coding Help

 Share

Recommended Posts

co.ador Advanced Member

co.ador

Posted
Posted 

$query = 'SELECT * FROM table1 WHERE id = '.intval($id). '  LIMIT 1 ;'; 

// execute query 
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 

// see if any rows were returned 
if (mysql_num_rows($result) > 0) { 
$row = mysql_fetch_row($result); {
echo '<table width="100%"  border="0" cellspacing="0" cellpadding="0" class="itemdetails">
<tr>
<td width="1100" height="350" bgcolor="#FFFFFF" class="tento">
<table class="cafe"><tr><td width="547">
<a href="#"><h3 align="justify" style="position:relative; height:5px; top: 10px;">',$row[2] ,'</h3></a>
</td>';

echo'<tr>';
echo'<td height="4">';  

$sql="SELECT rating, COUNT(rating) as total FROM rating WHERE (item_name='$shoename') GROUP BY rating";
$result=mysql_query($sql);
$number = array( "one","two","three","four","five");
$total = array_fill(1, 5, 0);
if (mysql_num_rows($result)  >=0) {
    while ($row= mysql_fetch_assoc($result)) {
   $total[$row['rating']]= $row['total'];
   }
   foreach($number as $K =>$num)
   {
      echo'<table style="font-size:10; position:relative; left:26px;">';
      echo '<td width="42"><h3>'.($K+1).' Star</h3></td>
      <td width="15"><ul class="rating '.$num.'star">
  <li class="one">1</li>
      <li class="two">2</li>
      <li class="three">3</li>
      <li class="four">4</li>
      <li class="five">5</li>
      <li class="total">['.$total[$K+1].']</li>
      </ul></td></table>';
   }
}

echo'</td>';
echo'</tr>';
echo'<td width="321" rowspan="10"></td>
  <tr>
    <td height="4" colspan="2"><img src="../images/line..gif" alt="df" width="330" height="7" /></td>
  </tr>
<tr>
  <td width="400" height="52" class="foro"><img src="../images/itemspecifications.gif" alt="tr" /></td>
</tr>
    <td width="400" height="4" style="font-size:11;"><ul>
      <li>'.$row[3] .'</li>
    </ul></td>
<tr>
  <td width="400" height="4" style="font-size:11;"><ul>
    <li>',$row[4] ,'</li>
  </ul></td>
</table>';

 

The script above uses two sql injection. The first injection uses Index [2], [3], [4] and it work good it load the information but it only display the information found in the index [2] but not [3] and [4] to the browser, Check that indexes [3] and [4] are coded after the second Slq injection

$sql="SELECT rating, COUNT(rating) as total FROM rating WHERE (item_name='$shoename') GROUP BY rating";
.  I want to display index [3] and [4] field found in the first sql injection of table1 at the top. But indexes [3] and [4] doesn't display in the browser as I said before, I guess because php is getting confused and doesn't know if I am trying to use the indexes in the first SQL injection or second SQL injection. Can anybody help me to specify to php that the indexes I want to display information from are indexes found in the first SQL injection. not of the second injection.

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.