consistant not - Dev Articles

Dev Articles Community Forums Sponsor:

Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

July 1st, 2003, 12:32 AM

stc7outlaw

Junior Member

Join Date: Jun 2003

Posts: 13

Time spent in forums: < 1 sec
Reputation Power: 0

consistant not

Can someone tell me why in this code, the images are displayed and text displayed wrong. They appear like this:
Image1
Image 2 - Description of image 1
Image 3 - Description of image 2

PHP Code:


		
			
<HTML>

<HEAD>

<TITLE>Project Pictures for <?php echo $table; ?></TITLE>

<BODY>

<div align="center"><font color="red"><h1>Project Pictures for <?php echo $table; ?></h1>

<TABLE WIDTH="100%">

 <TR>

 <TD>Pictures</TD><TD>Descriptions</TD><TD>Section</TD>

 </TR>

<?php





extract($_GET);

extract($_REQUEST);

$user = "oprods";

$pass = "breakin";

$db  = "pictures";

$table = $_REQUEST['table'];







  for ($id = 1; $id <= 3; $id++ ) {



      $conn = @mysql_connect('localhost',$user,$pass) or die(mysql_error());

    if(!is_resource($conn)) {

       die("Error connecting to mysql.\n");

    }



    @mysql_select_db($db,$conn);

    $sql = "SELECT * FROM $table WHERE id=$id";

    $result = @mysql_query($sql,$conn)or die(mysql_error());

 

     $sql2 = "SELECT * from $table";

     $num_res = mysql_query($sql2,$conn);

     $num_entries = mysql_num_rows($num_res);







     print '<TR>';

     print '<TD width=33%><img src=getdata.php?id='.$id.'&table='.$table.' width=404 height=295></TD>';

     print '<TD width=33%>'.$description.'</TD>';

     print '<TD width=33%>'.$section.'</TD>';

     print '</TR>';











     

     



      while ($newarray = @mysql_fetch_array($result, MYSQL_BOTH)) {

          $description = $newarray['description'];

           $section = $newarray['section'];

    }



  }



 //echo $description;

 //echo $section;



?>



</TABLE>





</BODY>

</HTML>

I have been agonizing over this the past 5 days and cannot seem to get it working in sync. I think it has to do with ID starting with 1 and fields starting with 0 but I dont know how to solve it. I need someone to help....I can email the full code if necessary.
Thank you for your help.

-Steve

July 1st, 2003, 07:18 AM

dhouston

Contributing User

Dev Articles Beginner (1000 - 1499 posts)

Join Date: May 2003

Location: Tennessee

Posts: 1,355

Time spent in forums: < 1 sec
Reputation Power: 7

Have you tried starting your for loop with $id=0 rather than $id=1? Seems an obvious starting point. On another note, you might want to reconsider how you're building your links. By passing the table name in the query string, you're allowing users to control what data they have access to. You may mean for them to grab data from the images table, but a malicious user could fiddle with the URL, set the table param to "auth" and have sudden access to data he shouldn't. As a minimum precaution, you should have a list of tables accessible from this script and check the passed table value against this list before running the query. And you should validate $id to make sure it's an integer.

For example, imagine I changed the query string so that my value for $id was:

PHP Code:


		
			
 0 OR id>=0; SELECT username as description password as title from auth

Instead of a list of photos with titles and descriptions, I might have a list of usernames and passwords from your user database, provided I had guessed the field and table names correctly, which typically isn't hard to do. Or if my example doesn't work precisely in this case, you can see at any rate how careful you should be about taking user input.

July 1st, 2003, 11:21 AM

stc7outlaw

Junior Member

Join Date: Jun 2003

Posts: 13

Time spent in forums: < 1 sec
Reputation Power: 0

I have tried looping from zero and the Image has an ID of 0, but the ID actually starts with 1 so there is no image to display, and the text displays on ID 2 even though it is in row 1.

July 1st, 2003, 12:11 PM

dhouston

Contributing User

Join Date: May 2003

Location: Tennessee

Posts: 1,355

Time spent in forums: < 1 sec
Reputation Power: 7

I'm a little curious: Why are you doing it this way to begin with? Typically, you'd do a query and, for each query result, print a row. You're entering a loop and then running a query for each loop iteration, adding to overhead and apparently causing a bizarre id misalignment problem. Is there a good reason for this?

Might you consider doing something like:

PHP Code:


		
			
 $sql="SELECT  * FROM $table WHERE id >0 AND id <3"; //Provided that constraint is even necessary



$result = @mysql_query($sql,$conn)or die(mysql_error());

 

while($row=mysql_fetch_array($result)){

    print $row["image"];

    print $row["title"];

    print $row["description"];

}

I know my code doesn't precisely emulate what you've got, but you see what I mean. I don't understand why you've got the nested query or the extra queries at all when you should be able to achieve your result much more easily. Can you explain your motivation?

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread: