Announcement

Collapse
No announcement yet.

PHP Issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • PHP Issue

    Hi members,

    Is there anything wrong with the below code

    Code:
        //GET TEAM INVITATIONS
        $query = "SELECT teamid,playerid,inviterid,DATE_FORMAT(invitedate, '%M %d, %Y') FROM teammembersinv WHERE playerid='$plyr[id]' ORDER by invitedate";
        // $invitations = resource id
        $invitations = mysql_query($query);
        while(list($team,$playerid,$inviterid,$invitedate)=mysql_fetch_row($invitations)){
            $teaminfo=mysql_query("SELECT teamname FROM teams WHERE id='$team'");
            $tinfo=mysql_fetch_array($teaminfo);
            $inviterinfo=mysql_query("SELECT alias FROM users WHERE id='$inviterid'");
            $inviter=mysql_fetch_array($inviterinfo);
            $status=member_status($status);
            $invites=$invites."$out[bulletcenter] &#187; Invitation by <a href='$url[base]/$file[teams]?teamid=$team'>$tinfo[teamname]</a><br>"; //outputs the result
        }
        if(!$invites){
            $invites = "$out[bulletcenter] &#187; 0 Invitations"; 
        }

    Thanks
    Last edited by karimali831; 10-08-08, 10:42 PM.

  • #2
    Well I'm guessing that, as you posted it, yes there is something wrong with it. I assume you are getting no output and that's because there is no echo or print in there (though this could come later). There are variables and arrays that are not defined and arrays that are defined and not used but I assume that this is not the whole code. Also I would have though you could have achieved this by using a join - but without knowing if your db is properly normalised I can't really say.

    Your question is rather too vague. What did you expect it to do?
    Last edited by black-dog; 13-08-08, 12:18 AM.
    black-dog
    4theweb.co.uk Web stuff
    slipperyhill.co.uk Band

    Comment


    • #3
      oo sorry, I'm still learning. I'll try and be more specific

      Comment


      • #4
        also be sure to secure your script more im sure with that script above it is highly vulnerable to a sql injection attack where user x can pull certain information from your database and view information

        for example here

        Code:
            $query = "SELECT teamid,playerid,inviterid,DATE_FORMAT(invitedate, '%M %d, %Y') FROM teammembersinv WHERE playerid='$plyr[id]' ORDER by invitedate";
        where playerid=1
        just example id=1 is most default for web admins so a malacious user can do
        Code:
        SELECT * teamid id=1;DROP TABLE users;
        therefor pulling user 1 information

        most passwords are encrypted via md5 hash and some with rainbow added to it

        bare in mind decrypting md5 is very easy to do i highly recommend making your passwords with 1 capital letter and some numbers in it to help make it harder for decryption
        Last edited by XXxxImmortalxxXX; 27-01-09, 11:45 PM.

        Comment


        • #5
          This was posted some time ago.. thanks for the update although I no longer need it

          Comment


          • #6
            sorry dear i am still learning

            Comment

            Working...
            X