princebana Posted October 24, 2007 Share Posted October 24, 2007 hi im working with access databases... so i tried converting the code but im have a little problem... im probably making a mistake in the functions... does an1 one know where i screwed up? <?php $conn = odbc_connect('IC2A207','',''); if(!$conn){ exit("connection failed: " . $conn); } $sql="SELECT * FROM products"; $result=odbc_exec($conn,$sql); if(!$result){ exit("error in SQL"); } if(isset($_GET['productID'])) $ID = $_GET['productID']; else $ID = 1; odbc_close($conn); ?> <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Browse Products</title> <style> <!-- .ms-color2-main { border-left-style: none; border-right-style: none; border-top-style: none; border-bottom: 1.5pt solid black; background-color: silver } .ms-color2-tl { font-weight: bold; color: white; border-left-style: none; border-right-style: none; border-top-style: none; border-bottom: 1.5pt solid black; background-color: maroon } .ms-color2-top { font-weight: bold; color: white; border-left-style: none; border-right-style: none; border-top-style: none; border-bottom: 1.5pt solid black; background-color: maroon } --> </style> </head> <body bgcolor="#669900" link="#FFFF00" vlink="#FFFFFF"> <p><b><font face="Verdana" color="#FFFF00" size="5">Browse Products</font></b></p> <table border="1" width="100%" id="table1" class="ms-color2-main"> <!-- fpstyle: 9,011111100 --> <tr> <? $sql = "SELECT * from products"; $result = odbc_query($sql); while ($row = odbc_fetch_array($result)) { ?> <td class="ms-color2-tl"><a href='browse.php?id=<?php echo($row['id']) ?>'> <?php echo($row['description']) ?></a></td> <? } ?> </tr> </table> <p> </p> <? $sql = "SELECT * FROM PRODUCTS where products=" . $ID; $result = odbc_query($sql); while ($row=odbc_fetch_array($result)) { ?> <p align="center"> </p> <table border="1" width="100%" id="products" class="ms-color2-main"> <!-- fpstyle: 9,011111100 --> <tr> <td class="ms-color2-tl" width="160"> <img border="0" src='images/<?php echo($row['picurl']) ?>' width="300" height="300"></td> <td class="ms-color2-top" rowspan="2"><?php echo($row['title']) ?></td> <td class="ms-color2-top" width="282" colspan="2">Price: $<?php echo ($row['price']) ?></td> </tr> <tr> <td class="ms-color2-tl" width="160"><?php echo($row['authors']) ?></td> <td class="ms-color2-top" width="141"> </tr> </table> <? } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
Toshiba23 Posted October 24, 2007 Share Posted October 24, 2007 I didn't read the whole thing, but I strongly suggest you change the following: if(isset($_GET['productID'])) $ID = $_GET['productID']; else $ID = 1; to $ID = (int) $_GET['productID']; $ID = (!$ID) ? 1 : $ID; the reason is, because ID's are (i'm assuming) integers, BUT! People could do an attack on your server by not using an int in the address query, another way to escape this problem is use mysql_escape_string or mysql_real_escape_string I need to sleep, but that's just a suggestion. Quote Link to comment Share on other sites More sharing options...
princebana Posted October 24, 2007 Author Share Posted October 24, 2007 thanks... Quote Link to comment Share on other sites More sharing options...
Toshiba23 Posted October 24, 2007 Share Posted October 24, 2007 an error location, or type would help... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.