Jump to content

Recommended Posts

This creates the table and inserts only one row. After refresh, no change. But if I replace $query .= with $query = and then refresh page (after first row was inserted), I get all rows, but first one duplicated.

How I can fix this - to create all rows from first time when the code is executed?

$url = file_get_contents('http://lorem.ipsum');
preg_match_all('|href/(tt\d+)|i', $url, $id);
preg_match_all('|<div id=aba>([^<]*)</div>|i', $url, $date_and_text);
$count = count($date_and_text[1]) - 1;
for ($i=0; $i <= $count; $i++)
{
   $date = substr($date_and_text[1][$i], 0, ;
   $text = substr($date_and_text[1][$i], 22);
   $tomorrow = date('d.m.Y', strtotime('+1 day'));
   $query = "CREATE TABLE `".$tomorrow."` (id varchar(255), date varchar(255), text varchar(255));";
   $query .= "INSERT INTO `".$tomorrow."` VALUES ('{$id[1][$i]}', '{$date}', '{$text}')";
   $send_to_mysql = mysqli_multi_query($connection, $query);
}
Link to comment
https://forums.phpfreaks.com/topic/287589-mysqli_multi-query-save-only-one-row/
Share on other sites

No offense, but WTF are you doing there? This is like a collection of everything you must never do when writing a web script.

 

So your PHP script has admin rights on the database. Then you fetch some data from an external site (through plain HTTP, I guess) and insert it straight into a multi query without any escaping or whitelisting whatsoever.

 

Do you not understand the implications of this? This is like a mega-SQL-injection. Not only can an attacker manipulate existing queries. They can actually write their own queries and make use of the full permissions you've granted them. Vulnerabilities like this are commonly used to take over the whole server. If this is online, take it down immediately.

 

The next problem is the weird database design. But security is much more important for now.

Example for what? Getting your server hacked?

 

You do not use multi-queries. At all. As I've just said, this is a gigantic security risk, because any injection vulnerability (like yours) allows the attacker to run arbitrary queries.

 

If you want to do a dynamic query, you use a http://www.php.net/manual/en/mysqli.prepare.php'>prepared statement. And if you wanna repeat this query multiple times, you simple execute the statement multiple times.

 

If you show us the real code, I'm sure we can help you with it.

Edited by Jacques1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.