Thread replies: 21
Thread images: 1
Thread images: 1
File: Screen Shot 2016-01-16 at 17.01.13.png (225KB, 1578x667px) Image search:
[Google]
225KB, 1578x667px
SO I have page where the user has to choose if he wants Age thing included in the table results. Also it needs to sort the table by whatever the user chooses in the drop-downs. When submit is clicked a PHP page should then display the table as the person has chosen to view it.
Any help why my shitty code isn't working? rewards for all who apply.
>>
Can you post link to code or paste it here? I can maybe fix it for you and test it out
>>
>>52454726
<!DOCTYPE HTML>
<html lang='en'>
<head>
<title>Reflector</title>
</head>
<h1>Success! Data Retrieved</h1>
<body>
<?php
include 'library.php';
?>
<?php
$connection = connect_db( $host, $id, $pwd, $db );
$sortOn = $_POST['sortOn'];
$sortIn = $_POST['sortIn'];
$includeAge = $_POST['includeAgeGrade'];
$var = 0;
if($includeAge === $var){
$sql = "select (RunnerID, EventID, Date, FinishTime, Position, CategoryID, PB) from Results order by $sortOn $sortIn";
}
else
{
$sql = "select * from Results order by $sortOn $sortIn";
}
$result = mysql_query($sql, $connection);
echo "<table>";
while( $row = mysql_fetch_array($result))
{
echo "<tr><td>";
echo $row['Runner ID'];
echo "</td><td>";
echo $row['Event ID'];
echo "</td></tr>";
}
echo "</table>";
// simple error check
?>
</body>
</html>
Thanks Very Much Anon
>>
No problem man! Brb gonna make a test database and figure the problem out
>>
>>52454863
Appreciate it, I'm really new to Php and SQL so I'm getting stuck, thanks
>>
Still setting up but I did notice an error where you were displaying the table. You did $row['Runner ID'] but int he database its RunnerID without any spaces. Same with the Event ID
>>
>>52454957
Hahahaha yeah no problem man! Yeah I remember starting out and doing like login bases and then moved to doing web searches and it was awesome learning!
>>
Can you post a link to your page? I'd like to check it out. Thanks
>>
>>52455042
Oh its not a public page it was just a test project for learning new PHP and MySQL. Wait do you mean my personal page?
>>
>>52454741
>what is code indentation
>why is php a shitty language
>what are sql injections
>what are deprecated APIs
>what are web frameworks
>how can I kill myself
>>
>>52455042
>>52455058
He'll probably exploit your unsanitized SQL query... l2code pls
>>
>>52454699
Wow your script is massively vulnerable to SQL injection
>>
>>52455042
Can you alsp post HTML code for page? I was rewriting it but it probably would have been better to just get it straight from the source so I can understand the calls in the PHP
>>
>>52455149
I'm new to this, have no idea what SQL injection is! just need to get this to work for College and i have like 2 days left to complete it, its the last task though
>>
>>52455154
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-type" content="text/html; charset=iso-8859-1"/>
<link rel="StyleSheet" href="styles.css" type="text/css" media="screen" />
<title>Produce a Sorted Display of Times</title>
</head>
<body>
<hr/>
<h1>Produce a Sorted Display of Times</h1>
<form action="http://bm5929.tt284.open.ac.uk/b2files/getdata.php" method="post" id="displayTimeTable">
<table>
<tr>
<td>
Include AgeGrade
<input type="radio" name="IncludeAgeGrade" value="1" />Yes
<input type="radio" name="IncludeAgeGrade" value="0" />No
</td>
</tr>
<tr>
<td>
Sort table on =
<select name="SortBy">
<option value="RunnerID" selected="selected">Runner ID</option>
<option value="EventID">Event ID</option>
<option value="Date">Date</option>
<option value="FinishTime">Finish Time</option>
<option value="Position">Position</option>
<option value="CategoryID">Category ID</option>
<option value="AgeGrade">Age Grade</option>
<option value="PB">Personal Best</option>
</select>
</td>
<td>
Sort in =
<select name="SortIn">
<option value="asc" selected="selected">Ascending order</option>
<option value="desc">Descending order</option>
</select>
</td>
</tr>
</table>
<p>
<input type="submit" name="submit" value="Submit"/>
</p>
</form>
</body>
</html>
>>
>>52455166
A SQL injection is where if you have a box in your HTML where you can enter information, people can input SQL commands and change your databases without hacking into them.
>>
>>52455207
Oh right, so potentially, now i have put this on /g/ someone is destroying my stuff? haha great news
>>
>>52455242
They cant really acess your file since your University requires a login to acess the file but if it was public and vulnerable then your databases could be edited or destroyed. But your safe since nobody can access your actual PHP file.
TL:DR - No your stuff is safe
>>
>>52455313
Thats reassuring then! Now i know, thanks surrogate teacher
>>
>>52455313
Because I work, and am doing this course through the open Uni. i do not get much help, and the tutors are useless, and the course materials are awful.
>>
>>52455313
Do you have any idea how i could get it to work?
Thread posts: 21
Thread images: 1
Thread images: 1