TOP RITCHEST STATS PROBLEM

[admirolas3]

Hi, maybe someone has this statistics script? Players online time? Does the time in datase at onlinetime cell is writen in miliseconds?

[Nightw0lf]

On 8/7/2018 at 8:38 PM, .Elfocrash said:

Your query is SQL injectable. Parameterise the parameters properly or else you expose your whole db.

its not.

PDO::ATTR_EMULATE_PREPARES

is always true by default he is using PDO not MySQL driver, plus its a closed code its not inserting data from $_POST or $_GET.

 

but ofc he could bind the data its lazy code tho.

Edited August 9, 2018 by Nightw0lf

[Elfo]

3 minutes ago, Nightw0lf said:

its not.

PDO::ATTR_EMULATE_PREPARES

is always true by default he is using PDO not MySQL driver, plus its a closed code its not inserting data from $_POST or $_GET.

 

but ofc he could bind the data its lazy code tho.

Yeah you're right I realised later it's internal code

[admirolas3]

Hi. I dont want to create a new topic, so im writing in this one, with the same problem. Im adapting forum into a website and I have a problem with latest date row. I want to add latest post, and i thought i could search for it in database table by MAX command. Is it proper way to whrite sql statement like i am doing?I get that kind of an error: 

Uncaught PDOException: SQLSTATE[21000]: Cardinality violation: 1241 Operand should contain 1 column(s)

Here is my code:

$topic = 'SELECT 
										f.*, 
										u.selected_character,
										(SELECT COUNT(post_entry) number FROM forum_post WHERE post_thread = f.thread_id),
										(SELECT post_user, post_datestamp FROM forum_post WHERE post_thread = f.thread_id AND post_datestamp=(SELECT MAX(post_datestamp) FROM forum_post))
									FROM 
										forum_thread f 
									LEFT JOIN 
										accounts u on f.thread_author = u.id  
									WHERE 
										f.thread_id = :topicid 
									ORDER BY 
										f.thread_lastpost_date'; 
						$topic = $db -> prepare($topic);
						$topic -> bindValue(':topicid', $topic_id, PDO::PARAM_INT); 
						$topic ->execute();
							while($row = $topic -> fetch(PDO::FETCH_OBJ)) { 
								echo"
									<tr>
										<td style='width:5%; text-align:center' class='forumheader2'><img src='../images/forum/nonew.png' alt='' title='' style='border:0' /></td>
										<td style='width:55%' class='forumheader2'><a href='index.php?pages=forum/view_topic&id=".$row->thread_id."'>".$row->thread_name."</a><br />by <a href='forum_viewforum6512.html?11'>".$row->selected_character."</a> » ".ucwords(strftime('%a %b %d %Y, %I:%M%p ', $row->thread_author_date))."</td>
										<td style='width:10%; text-align:center' class='forumheader3'>".$row->number."</td>
										<td style='width:10%; text-align:center' class='forumheader3'>".$row->thread_views."</td>
										<td style='width:20%; text-align:center' class='forumheader3'>
											<span class='smallblacktext'>".$row->post_datestamp."<br />".$row->post_user." <a href='forum_viewtopic4232.html?64400.last'><img src='../images/forum/post2.png' alt='' title='' style='border:0; vertical-align:bottom' /></a></span>
										</td>
									</tr>
									";
							}

 

[wongerlt]

item_id = 57 AND count > 10 AND owner_id != 1484984 AND owner_id != 1484984

[wongerlt]

Just now, wongerlt said:

item_id = 57 AND count > 10 AND owner_id != 1484984 AND owner_id != 1484984

no point for one or two gm  join table.