Jump to content
  • 0

TOP RITCHEST STATS PROBLEM


Question

Recommended Posts

  • 0
Posted (edited)
On 8/7/2018 at 8:38 PM, .Elfocrash said:

Your query is SQL injectable. Parameterise the parameters properly or else you expose your whole db.

its not.

PDO::ATTR_EMULATE_PREPARES

is always true by default he is using PDO not MySQL driver, plus its a closed code its not inserting data from $_POST or $_GET.

 

but ofc he could bind the data its lazy code tho.

Edited by Nightw0lf
  • 0
Posted
3 minutes ago, Nightw0lf said:

its not.


PDO::ATTR_EMULATE_PREPARES

is always true by default he is using PDO not MySQL driver, plus its a closed code its not inserting data from $_POST or $_GET.

 

but ofc he could bind the data its lazy code tho.

Yeah you're right I realised later it's internal code

  • 0
Posted

Hi. I dont want to create a new topic, so im writing in this one, with the same problem. Im adapting forum into a website and I have a problem with latest date row. I want to add latest post, and i thought i could search for it in database table by MAX command. Is it proper way to whrite sql statement like i am doing?I get that kind of an error: 

Uncaught PDOException: SQLSTATE[21000]: Cardinality violation: 1241 Operand should contain 1 column(s)

Here is my code:

$topic = 'SELECT 
										f.*, 
										u.selected_character,
										(SELECT COUNT(post_entry) number FROM forum_post WHERE post_thread = f.thread_id),
										(SELECT post_user, post_datestamp FROM forum_post WHERE post_thread = f.thread_id AND post_datestamp=(SELECT MAX(post_datestamp) FROM forum_post))
									FROM 
										forum_thread f 
									LEFT JOIN 
										accounts u on f.thread_author = u.id  
									WHERE 
										f.thread_id = :topicid 
									ORDER BY 
										f.thread_lastpost_date'; 
						$topic = $db -> prepare($topic);
						$topic -> bindValue(':topicid', $topic_id, PDO::PARAM_INT); 
						$topic ->execute();
							while($row = $topic -> fetch(PDO::FETCH_OBJ)) { 
								echo"
									<tr>
										<td style='width:5%; text-align:center' class='forumheader2'><img src='../images/forum/nonew.png' alt='' title='' style='border:0' /></td>
										<td style='width:55%' class='forumheader2'><a href='index.php?pages=forum/view_topic&id=".$row->thread_id."'>".$row->thread_name."</a><br />by <a href='forum_viewforum6512.html?11'>".$row->selected_character."</a> » ".ucwords(strftime('%a %b %d %Y, %I:%M%p ', $row->thread_author_date))."</td>
										<td style='width:10%; text-align:center' class='forumheader3'>".$row->number."</td>
										<td style='width:10%; text-align:center' class='forumheader3'>".$row->thread_views."</td>
										<td style='width:20%; text-align:center' class='forumheader3'>
											<span class='smallblacktext'>".$row->post_datestamp."<br />".$row->post_user." <a href='forum_viewtopic4232.html?64400.last'><img src='../images/forum/post2.png' alt='' title='' style='border:0; vertical-align:bottom' /></a></span>
										</td>
									</tr>
									";
							}

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...