|
PHP - Php, Mysql Hacking? - Need Advice!
For obvious reasons, I wouldn't want any links to these sites or resources in this thread. I'd like some advice on where to find *modern* hacking techniques used against php and mysql.
I'd prefer some info on PM so that not everybody is exposed to such sites - even suggested queries for google because I'm having a hard time finding reliable information. Also, does anybody have any advice on security books for say network (apache), php, mysql? I doubt I'll get a pm so if I do, I'll donate $20 to charity today! lol Similar TutorialsApologies if the title is quite vague, I suppose I am looking for some general advice on why some pages I write in PHP, which contain MySQL queries, might be running a bit slow. The following page takes up to 3 seconds to display:
<?php
session_start();
include('admin/user.php');
$connection = mysql_connect("$host","$user","$password")
or die(mysql_error());
mysql_select_db("$txt_db_name",$connection)
or die(mysql_error());
$id = $_REQUEST['id'];
// MATCH INFO
$get_details = mysql_query("
SELECT
MatchDateTime AS date,
DATE_FORMAT(MatchDateTime, '%Y-%m-%d') AS formatdate
FROM
tplss_matches
WHERE
MatchID = '$id'
LIMIT 1",$connection) or die(mysql_error());
$factsdata = mysql_fetch_array($get_details);
mysql_free_result($get_details);
$matchdate = $factsdata['date'];
$matchdate2 = $factsdata['formatdate'];
// -----------SHOW FACTS ABOUT THE STARTING LINEUP---------
echo"
<h5>Appearances & Goals To Date</h5>
<table width=100%>";
$get_starters = mysql_query("
SELECT P.PlayerID AS playerid, CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name, P.PlayerNationID AS nation, P.PlayerPositionID as pos
FROM tplss_players P, tplss_appearances A
WHERE A.AppearancePlayerID = P.PlayerID AND A.AppearanceMatchID = '$id'
ORDER BY P.PlayerPositionID ASC
",$connection) or die(mysql_error());
$get_subbies = mysql_query("
SELECT P.PlayerID AS playerid, CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name, P.PlayerNationID AS nation, P.PlayerPositionID as pos
FROM tplss_players P, tplss_substitutions S
WHERE S.SubstitutionPlayerIDIn = P.PlayerID AND S.SubstitutionMatchID = '$id'
ORDER BY P.PlayerPositionID ASC
",$connection) or die(mysql_error());
while($combstarters = mysql_fetch_array($get_starters))
{
echo"<tr>";
echo"<td><a href=\"player.php?id=$combstarters[playerid]\">$combstarters[name]</a>";
if($combstarters['pos'] == 1)
{ echo" (GK)"; }
echo"</td>";
$combpid = $combstarters['playerid'];
echo"
<td align=\"left\" style=\"vertical-align: middle;\">
<img src=\"images/flag_$combstarters[nation].jpg\" border=1>
</td>
";
$get_comb_apps = mysql_query("SELECT
COUNT(A.AppearancePlayerID) AS apps
FROM tplss_appearances A, tplss_matches M
WHERE A.AppearancePlayerID = '$combpid' AND A.AppearanceMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
",$connection) or die(mysql_error());
$get_comb_ins = mysql_query("SELECT
COUNT(S.SubstitutionPlayerIDIn) AS ins
FROM tplss_substitutions S, tplss_matches M
WHERE S.SubstitutionPlayerIDIn = '$combpid' AND S.SubstitutionMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
",$connection) or die(mysql_error());
while($combdata = mysql_fetch_array($get_comb_apps))
{
while($idata = mysql_fetch_array($get_comb_ins))
{
$totalapps = $combdata['apps'] + $idata['ins'];
if($totalapps == 1)
{ echo"<td>$totalapps app (debut)</td>"; }
else
{ echo"<td>$totalapps apps</td>"; }
}
mysql_free_result($get_comb_ins);
}
mysql_free_result($get_comb_apps);
$get_goals_all = mysql_query("
SELECT COUNT(G.GoalPlayerID) AS total_goals
FROM tplss_goals G, tplss_matches M WHERE G.GoalPlayerID = '$combpid' AND G.GoalMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate' AND G.GoalOwn != 1
GROUP BY G.GoalPlayerID
",$connection) or die(mysql_error());
if(mysql_num_rows($get_goals_all) == 0)
{ echo"<td> - </td>"; }
while($combgoals = mysql_fetch_array($get_goals_all))
{
if($combgoals['total_goals'] == 1)
{ echo"<td>$combgoals[total_goals] goal</td>"; }
else
{ echo"<td>$combgoals[total_goals] goals</td>"; }
}
mysql_free_result($get_goals_all);
echo"</tr>";
}
while($combsubbies = mysql_fetch_array($get_subbies))
{
echo"<tr>";
echo"<td><a href=\"player.php?id=$combsubbies[playerid]\">$combsubbies[name]</a> (sub)";
if($combsubbies['pos'] == 1)
{ echo" (GK)"; }
echo"</td>";
$combpid = $combsubbies['playerid'];
echo"
<td align=\"left\" style=\"vertical-align: middle;\">
<img src=\"images/flag_$combsubbies[nation].jpg\" border=1>
</td>
";
$get_comb_apps = mysql_query("SELECT
COUNT(A.AppearancePlayerID) AS apps
FROM tplss_appearances A, tplss_matches M
WHERE A.AppearancePlayerID = '$combpid' AND A.AppearanceMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
",$connection) or die(mysql_error());
$get_comb_ins = mysql_query("SELECT
COUNT(S.SubstitutionPlayerIDIn) AS ins
FROM tplss_substitutions S, tplss_matches M
WHERE S.SubstitutionPlayerIDIn = '$combpid' AND S.SubstitutionMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
",$connection) or die(mysql_error());
while($combdata = mysql_fetch_array($get_comb_apps))
{
while($idata = mysql_fetch_array($get_comb_ins))
{
$totalapps = $combdata['apps'] + $idata['ins'];
if($totalapps == 1)
{ echo"<td>$totalapps app (debut)</td>"; }
else
{ echo"<td>$totalapps apps</td>"; }
}
mysql_free_result($get_comb_ins);
}
mysql_free_result($get_comb_apps);
$get_goals_all = mysql_query("
SELECT COUNT(G.GoalPlayerID) AS total_goals
FROM tplss_goals G, tplss_matches M WHERE G.GoalPlayerID = '$combpid' AND G.GoalMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate' AND G.GoalOwn != 1
GROUP BY G.GoalPlayerID
",$connection) or die(mysql_error());
if(mysql_num_rows($get_goals_all) == 0)
{ echo"<td> - </td>"; }
while($combgoals = mysql_fetch_array($get_goals_all))
{
if($combgoals['total_goals'] == 1)
{ echo"<td>$combgoals[total_goals] goal</td>"; }
else
{ echo"<td>$combgoals[total_goals] goals</td>"; }
}
mysql_free_result($get_goals_all);
echo"</tr>";
}
echo"</table>";
// -----------SHOW FACTS ABOUT THE STARTING LINEUP---------
echo"<br>
<h5>Starting Lineup</h5>
<table width=100%>";
// GET YOUNGEST PLAYER IN STARTING LINEUP
$get_youngest_player = mysql_query("
SELECT
P.PlayerDOB AS dob,
DATE_FORMAT(P.PlayerDOB, '%d/%m/%Y') AS birth,
CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name,
P.PlayerID AS id
FROM
tplss_players P, tplss_appearances A, tplss_matches M
WHERE
P.PlayerID = A.AppearancePlayerID AND
A.AppearanceMatchID = M.MatchID AND
M.MatchDateTime = '$matchdate'
ORDER BY
dob DESC
LIMIT 0,1
",$connection) or die(mysql_error());
while($youngest = mysql_fetch_array($get_youngest_player))
{
echo"<tr>";
$dob = $youngest['dob'];
echo"<td width=30%>Youngest Player:</td><td width=70%><a href=\"player.php?id=$youngest[id]\">$youngest[name]</a> (";
$now = strtotime("$matchdate");
$your_date = strtotime("$dob");
$datediff_days = $now - $your_date;
$datediff_years = ($now - $your_date) / 365;
$days = floor($datediff_days/(60*60*24));
$years = floor($datediff_years/(60*60*24));
$remainder = floor($datediff_days/(60*60*24)) - (floor($datediff_years/(60*60*24)) * 365);
echo"$years years $remainder days)</td>
</tr>
";
}
mysql_free_result($get_youngest_player);
// GET OLDEST PLAYER IN STARTING LINEUP
$get_oldest_player = mysql_query("
SELECT
P.PlayerDOB AS dob,
DATE_FORMAT(P.PlayerDOB, '%d/%m/%Y') AS birth,
CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name,
P.PlayerID AS id
FROM
tplss_players P, tplss_appearances A, tplss_matches M
WHERE
P.PlayerID = A.AppearancePlayerID AND
A.AppearanceMatchID = M.MatchID AND
M.MatchDateTime = '$matchdate'
ORDER BY
dob ASC
LIMIT 0,1
",$connection) or die(mysql_error());
while($oldest = mysql_fetch_array($get_oldest_player))
{
echo"<tr>";
$dob = $oldest['dob'];
echo"<td width=30%>Oldest Player:</td><td width=70%><a href=\"player.php?id=$oldest[id]\">$oldest[name]</a> (";
$now = strtotime("$matchdate");
$your_date = strtotime("$dob");
$datediff_days = $now - $your_date;
$datediff_years = ($now - $your_date) / 365;
$days = floor($datediff_days/(60*60*24));
$years = floor($datediff_years/(60*60*24));
$remainder = floor($datediff_days/(60*60*24)) - (floor($datediff_years/(60*60*24)) * 365);
echo"$years years $remainder days)</td>";
echo"</tr>";
}
mysql_free_result($get_oldest_player);
// GET AVERAGE DOB OF STARTING XI
$get_average_dob = mysql_query("
SELECT
FROM_DAYS(AVG(TO_DAYS(P.PlayerDOB))) AS dob
FROM
tplss_players P, tplss_appearances A, tplss_matches M
WHERE
P.PlayerID = A.AppearancePlayerID AND
A.AppearanceMatchID = M.MatchID AND
M.MatchDateTime = '$matchdate'
",$connection) or die(mysql_error());
while($average = mysql_fetch_array($get_average_dob))
{
echo"<tr>";
$dob = $average['dob'];
$now = strtotime("$matchdate");
$your_date = strtotime("$dob");
$datediff_days = $now - $your_date;
$datediff_years = $datediff_days / 365;
$days = floor($datediff_days/(60*60*24));
$years = floor($datediff_years/(60*60*24));
$remainder = floor($datediff_days/(60*60*24)) - (floor($datediff_years/(60*60*24)) * 365);
echo"<td width=30%>Average Player Age:</td><td width=70%>$years years $remainder days</td>";
echo"</tr>";
}
mysql_free_result($get_average_dob);
$get_players = mysql_query("
SELECT
COUNT(P.PlayerID) AS players
FROM
tplss_players P, tplss_appearances A, tplss_matches M
WHERE
P.PlayerID = A.AppearancePlayerID AND
A.AppearanceMatchID = M.MatchID AND
M.MatchDateTime = '$matchdate'
GROUP BY M.MatchID
",$connection) or die(mysql_error());
$get_scots = mysql_query("
SELECT
COUNT(P.PlayerID) AS scots
FROM
tplss_players P, tplss_appearances A, tplss_matches M
WHERE
P.PlayerID = A.AppearancePlayerID AND
A.AppearanceMatchID = M.MatchID AND
M.MatchDateTime = '$matchdate' AND
P.PlayerNationID = 1
GROUP BY M.MatchID
",$connection) or die(mysql_error());
while($players = mysql_fetch_array($get_players))
{
echo"<tr>";
while($scots = mysql_fetch_array($get_scots))
{
$average = ($scots['scots'] / $players['players']) * 100;
$average = number_format((float)$average, 2, '.', '');
echo"<td width=30%>Domestic Players:</td><td width=70%>$scots[scots] ($average % of starting eleven)</td>";
}
echo"</tr>";
}
mysql_free_result($get_players);
echo"</table>";
?>
<?
// -----------SHOW FACTS ABOUT THE MATCHDAY SQUAD--------------
echo"<br>
<h5>Matchday Squad</h5>
<table width=100%>
";
// GET YOUNGEST PLAYER IN SQUAD
$get_youngest_player_all = mysql_query("
SELECT
P.PlayerDOB AS dob,
CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name,
P.PlayerID AS id
FROM
tplss_players P
INNER JOIN
(
SELECT AppearancePlayerID as PlayerID
, AppearanceMatchID as MatchID
FROM tplss_appearances
UNION
SELECT SubstitutePlayerID as PlayerID
, SubstituteMatchID as MatchID
FROM tplss_substitutes
)
as total USING (PlayerID)
INNER JOIN tplss_matches M USING (MatchID)
WHERE
M.MatchDateTime = '$matchdate'
ORDER BY
dob DESC
LIMIT 0,1
",$connection) or die(mysql_error());
while($youngest_all = mysql_fetch_array($get_youngest_player_all))
{
echo"<tr>";
$dob = $youngest_all['dob'];
echo"<td width=30%>Youngest Player:</td><td width=70%><a href=\"player.php?id=$youngest_all[id]\">$youngest_all[name]</a> (";
$now = strtotime("$matchdate");
$your_date = strtotime("$dob");
$datediff_days = $now - $your_date;
$datediff_years = ($now - $your_date) / 365;
$days = floor($datediff_days/(60*60*24));
$years = floor($datediff_years/(60*60*24));
$remainder = floor($datediff_days/(60*60*24)) - (floor($datediff_years/(60*60*24)) * 365);
echo"$years years $remainder days)</td>";
echo"</tr>";
}
// GET OLDEST PLAYER IN SQUAD
$get_oldest_player_all = mysql_query("
SELECT
P.PlayerDOB AS dob,
CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name,
P.PlayerID AS id
FROM
tplss_players P
INNER JOIN
(
SELECT AppearancePlayerID as PlayerID
, AppearanceMatchID as MatchID
FROM tplss_appearances
UNION
SELECT SubstitutePlayerID as PlayerID
, SubstituteMatchID as MatchID
FROM tplss_substitutes
)
as total USING (PlayerID)
INNER JOIN tplss_matches M USING (MatchID)
WHERE
M.MatchDateTime = '$matchdate'
ORDER BY
dob ASC
LIMIT 0,1
",$connection) or die(mysql_error());
while($oldest_all = mysql_fetch_array($get_oldest_player_all))
{
echo"<tr>";
$dob = $oldest_all['dob'];
echo"<td width=30%>Oldest Player:</td><td width=70%><a href=\"player.php?id=$oldest_all[id]\">$oldest_all[name]</a> (";
$now = strtotime("$matchdate");
$your_date = strtotime("$dob");
$datediff_days = $now - $your_date;
$datediff_years = ($now - $your_date) / 365;
$days = floor($datediff_days/(60*60*24));
$years = floor($datediff_years/(60*60*24));
$remainder = floor($datediff_days/(60*60*24)) - (floor($datediff_years/(60*60*24)) * 365);
echo"$years years $remainder days)</td>";
echo"</tr>";
}
// GET AVERAGE DOB OF WHOLE SQUAD
$get_average_dob_all = mysql_query("
SELECT
FROM_DAYS(AVG(TO_DAYS(P.PlayerDOB))) AS dob
FROM
tplss_players P
INNER JOIN
(
SELECT AppearancePlayerID as PlayerID
, AppearanceMatchID as MatchID
FROM tplss_appearances
UNION
SELECT SubstitutePlayerID as PlayerID
, SubstituteMatchID as MatchID
FROM tplss_substitutes
)
as total USING (PlayerID)
INNER JOIN tplss_matches M USING (MatchID)
WHERE
M.MatchDateTime = '$matchdate'
",$connection) or die(mysql_error());
while($average_all = mysql_fetch_array($get_average_dob_all))
{
echo"<tr>";
$dob = $average_all['dob'];
$now = strtotime("$matchdate");
$your_date = strtotime("$dob");
$datediff_days = $now - $your_date;
$datediff_years = ($now - $your_date) / 365;
$days = floor($datediff_days/(60*60*24));
$years = floor($datediff_years/(60*60*24));
$remainder = floor($datediff_days/(60*60*24)) - (floor($datediff_years/(60*60*24)) * 365);
echo"<td width=30%>Average Player Age:</td><td width=70%>$years years $remainder days</td>";
echo"</tr>";
}
$get_players_all = mysql_query("
SELECT
COUNT(P.PlayerID) AS allplayers
FROM
tplss_players P
INNER JOIN
(
SELECT AppearancePlayerID as PlayerID
, AppearanceMatchID as MatchID
FROM tplss_appearances
UNION
SELECT SubstitutePlayerID as PlayerID
, SubstituteMatchID as MatchID
FROM tplss_substitutes
)
as total USING (PlayerID)
INNER JOIN tplss_matches M USING (MatchID)
WHERE
M.MatchDateTime = '$matchdate'
GROUP BY M.MatchID
",$connection) or die(mysql_error());
$get_scots_all = mysql_query("
SELECT
COUNT(P.PlayerID) AS scots
FROM
tplss_players P
INNER JOIN
(
SELECT AppearancePlayerID as PlayerID
, AppearanceMatchID as MatchID
FROM tplss_appearances
UNION
SELECT SubstitutePlayerID as PlayerID
, SubstituteMatchID as MatchID
FROM tplss_substitutes
)
as total USING (PlayerID)
INNER JOIN tplss_matches M USING (MatchID)
WHERE
M.MatchDateTime = '$matchdate' AND
P.PlayerNationID = 1
GROUP BY M.MatchID
",$connection) or die(mysql_error());
while($players_all = mysql_fetch_array($get_players_all))
{
while($scots_all = mysql_fetch_array($get_scots_all))
{
echo"<tr>";
$average = ($scots_all['scots'] / $players_all['allplayers']) * 100;
$average = number_format((float)$average, 2, '.', '');
echo"<td width=30%>Domestic Players:</td><td width=70%>$scots_all[scots] ($average % of matchday squad)</td>";
echo"</tr>";
}
}
echo"</table>";
?>
<?
//--------------CHECK FOR ANY DEBUTS----------------
// GET STARTING XI FOR DEBUTS
$get_debuts = mysql_query("
SELECT CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name, P.PlayerID AS id, DATE_FORMAT(P.PlayerSigned, '%M %D, %Y') AS signed
FROM tplss_players P, tplss_appearances A
WHERE A.AppearanceMatchID = '$id' AND P.PlayerID = A.AppearancePlayerID
ORDER BY name",$connection);
// GET SUBS FOR DEBUTS
$get_sub_debuts = mysql_query("
SELECT CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name, P.PlayerID AS id, DATE_FORMAT(P.PlayerSigned, '%M %D, %Y') AS signed
FROM tplss_players P, tplss_substitutions S
WHERE S.SubstitutionMatchID = '$id' AND P.PlayerID = S.SubstitutionPlayerIDIn
ORDER BY name",$connection);
echo"<br><h5>First Team Debuts</h5>
<table width=100%>";
// SHOW ANY DEBUTS FOR PLAYERS IN STARTING XI
while($appdata = mysql_fetch_array($get_debuts))
{
$appplayerid = $appdata['id'];
$get_starts = mysql_query("
SELECT COUNT(A.AppearancePlayerID) AS total
FROM tplss_appearances A, tplss_matches M
WHERE A.AppearancePlayerID = $appplayerid AND A.AppearanceMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
GROUP BY A.AppearancePlayerID
",$connection) or die(mysql_error());
$starts = mysql_fetch_array($get_starts);
$get_subst = mysql_query("
SELECT COUNT(S.SubstitutionPlayerIDIn) AS total
FROM tplss_substitutions S, tplss_matches M
WHERE S.SubstitutionPlayerIDIn = $appplayerid AND S.SubstitutionMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
GROUP BY S.SubstitutionPlayerIDIn
",$connection) or die(mysql_error());
$subst = mysql_fetch_array($get_subst);
$total_apps = $starts['total'] + $subst['total'];
$head_url = "images/heads/" . $appplayerid . ".jpg";
if($total_apps == 1)
{ echo"<tr>
<td width=20%>
<img src=\"";
if(file_exists($head_url))
{ echo"images/heads/$appplayerid.jpg"; }
else
{ echo"images/heads/none.jpg"; }
echo"\" width=\"50\" style=\"border:0px solid; border-radius:25px;\">
</td>
<td width=40%><a href=\"player.php?id=$appplayerid\">$appdata[name]</a></td><td width=40%>(Signed $appdata[signed])</td>"; }
else
{ echo""; }
}
mysql_free_result($get_debuts);
// SHOW ANY DEBUTS FOR PLAYERS COMING OFF BENCH
while($appdatas = mysql_fetch_array($get_sub_debuts))
{
$appplayerid = $appdatas['id'];
$get_starts = mysql_query("
SELECT COUNT(A.AppearancePlayerID) AS total
FROM tplss_appearances A, tplss_matches M
WHERE A.AppearancePlayerID = $appplayerid AND A.AppearanceMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
GROUP BY A.AppearancePlayerID
",$connection) or die(mysql_error());
$starts = mysql_fetch_array($get_starts);
$get_subst = mysql_query("
SELECT COUNT(S.SubstitutionPlayerIDIn) AS total
FROM tplss_substitutions S, tplss_matches M
WHERE S.SubstitutionPlayerIDIn = $appplayerid AND S.SubstitutionMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
GROUP BY S.SubstitutionPlayerIDIn
",$connection) or die(mysql_error());
$subst = mysql_fetch_array($get_subst);
$total_apps = $starts['total'] + $subst['total'];
$head_url = "images/heads/" . $appplayerid . ".jpg";
if($total_apps == 1)
{ echo"<tr>
<td width=20%>
<img src=\"";
if(file_exists($head_url))
{ echo"images/heads/$appplayerid.jpg"; }
else
{ echo"images/heads/none.jpg"; }
echo"\" width=\"50\" style=\"border:0px solid; border-radius:25px;\">
</td>
<td width=40%><a href=\"player.php?id=$appplayerid\">$appdatas[name]</a></td><td width=40%>(Signed $appdatas[signed])</td>"; }
else
{ echo""; }
}
mysql_free_result($get_sub_debuts);
echo"</table>";
?>
<?php
// --------------------CHECK FOR ANY MILESTONES----------------
// GET STARTING XI FOR MILESTONES
$get_milestones = mysql_query("
SELECT CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name, P.PlayerID AS id
FROM tplss_players P, tplss_appearances A
WHERE A.AppearanceMatchID = '$id' AND P.PlayerID = A.AppearancePlayerID
ORDER BY name",$connection);
// GET SUBS FOR MILESTONES
$get_sub_milestones = mysql_query("
SELECT CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name, P.PlayerID AS id
FROM tplss_players P, tplss_substitutions S
WHERE S.SubstitutionMatchID = '$id' AND P.PlayerID = S.SubstitutionPlayerIDIn
ORDER BY name",$connection);
// GET SCORERS FOR GOAL CHECKS
$get_goals = mysql_query("
SELECT CONCAT(P.PlayerFirstName, ' ', P.PlayerLastName) AS name, P.PlayerID AS id
FROM tplss_players P, tplss_goals G
WHERE G.GoalMatchID = '$id' AND P.PlayerID = G.GoalPlayerID AND G.GoalOwn != 1
ORDER BY name",$connection);
echo"<Br><h5>Milestones</h5>
<table width=100%>";
// SHOW MILESTONES FOR STARTING XI
while($appdatam = mysql_fetch_array($get_milestones))
{
$appplayerid = $appdatam['id'];
$get_starts = mysql_query("
SELECT COUNT(A.AppearancePlayerID) AS total
FROM tplss_appearances A, tplss_matches M
WHERE A.AppearancePlayerID = $appplayerid AND A.AppearanceMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
GROUP BY A.AppearancePlayerID
",$connection) or die(mysql_error());
$starts = mysql_fetch_array($get_starts);
$get_subst = mysql_query("
SELECT COUNT(S.SubstitutionPlayerIDIn) AS total
FROM tplss_substitutions S, tplss_matches M
WHERE S.SubstitutionPlayerIDIn = $appplayerid AND S.SubstitutionMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
GROUP BY S.SubstitutionPlayerIDIn
",$connection) or die(mysql_error());
$subst = mysql_fetch_array($get_subst);
$total_apps = $starts['total'] + $subst['total'];
echo"";
if($total_apps == '50')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatam[name]</a> played his 50th major competitive game for the Club.</td></tr>"; }
elseif($total_apps == '100')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatam[name]</a> played his 100th major competitive game for the Club.</td></tr>"; }
elseif($total_apps == '200')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatam[name]</a> made his 200th competitive appearance for the Club.</td></tr>"; }
elseif($total_apps == '250')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatam[name]</a> played his 250th major competitive game for the Club.</td></tr>"; }
elseif($total_apps == '300')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatam[name]</a> made his 300th competitive appearance for the Club.</td></tr>"; }
elseif($total_apps == '400')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatam[name]</a> played his 400th major competitive game for the Club.</td></tr>"; }
elseif($total_apps == '500')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatam[name]</a> made his 500th competitive appearance for the Club.</td></tr>"; }
else
{ echo""; }
echo"";
}
mysql_free_result($get_milestones);
// SHOW MILESTONES FOR SUBS
while($appdatams = mysql_fetch_array($get_sub_milestones))
{
$appplayerid = $appdatams['id'];
$get_starts = mysql_query("
SELECT COUNT(A.AppearancePlayerID) AS total
FROM tplss_appearances A, tplss_matches M
WHERE A.AppearancePlayerID = $appplayerid AND A.AppearanceMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
GROUP BY A.AppearancePlayerID
",$connection) or die(mysql_error());
$starts = mysql_fetch_array($get_starts);
$get_subst = mysql_query("
SELECT COUNT(S.SubstitutionPlayerIDIn) AS total
FROM tplss_substitutions S, tplss_matches M
WHERE S.SubstitutionPlayerIDIn = $appplayerid AND S.SubstitutionMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
GROUP BY S.SubstitutionPlayerIDIn
",$connection) or die(mysql_error());
$subst = mysql_fetch_array($get_subst);
$total_apps = $starts['total'] + $subst['total'];
if($total_apps == '50')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatams[name]</a> played his 50th major competitive game for the Club.</td></tr>"; }
elseif($total_apps == '100')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatams[name]</a> played his 100th major competitive game for the Club.</td></tr>"; }
elseif($total_apps == '200')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatams[name]</a> made his 200th competitive appearance for the Club.</td></tr>"; }
elseif($total_apps == '250')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatams[name]</a> played his 250th major competitive game for the Club.</td></tr>"; }
elseif($total_apps == '300')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatams[name]</a> made his 300th competitive appearance for the Club.</td></tr>"; }
elseif($total_apps == '400')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatams[name]</a> played his 400th major competitive game for the Club.</td></tr>"; }
elseif($total_apps == '500')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$appdatams[name]</a> made his 500th competitive appearance for the Club.</td></tr>"; }
else
{ echo""; }
}
mysql_free_result($get_sub_milestones);
// SHOW MILESTONES FOR STARTING XI
while($goaldata = mysql_fetch_array($get_goals))
{
$appplayerid = $goaldata['id'];
$get_goal_totals = mysql_query("
SELECT COUNT(G.GoalPlayerID) AS total
FROM tplss_goals G, tplss_matches M
WHERE G.GoalPlayerID = $appplayerid AND G.GoalMatchID = M.MatchID AND M.MatchDateTime <= '$matchdate'
GROUP BY G.GoalPlayerID
",$connection) or die(mysql_error());
$goals = mysql_fetch_array($get_goal_totals);
$total_goals = $goals['total'];
if($total_goals == '1')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$goaldata[name]</a> scored his first goal for the Club.</td></tr>"; }
elseif($total_goals == '10')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$goaldata[name]</a> reached 10 goals for the Club.</td></tr>"; }
elseif($total_goals == '25')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$goaldata[name]</a> scored for the 25th time for the Club.</td></tr>"; }
elseif($total_goals == '30')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$goaldata[name]</a> reached 30 goals for the Club.</td></tr>"; }
elseif($total_goals == '50')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$goaldata[name]</a> scored his 50th goal for the Club.</td></tr>"; }
elseif($total_goals == '75')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$goaldata[name]</a> reached 75 goals for the Club.</td></tr>"; }
elseif($total_goals == '100')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$goaldata[name]</a> scored his 100th goal for the Club.</td></tr>"; }
elseif($total_goals == '200')
{ echo"<tr><td width=100%><a href=\"player.php?id=$appplayerid\">$goaldata[name]</a> scored his 200th goal for the Club.</td></tr>"; }
else
{ echo""; }
}
echo"</table>";
mysql_free_result($get_goals);
?>
<hr>
Any suggestions or general advice would be greatly appreciated.
I am creating a site to display some products. For ease of updating I want it to run off a MySQL database. I have created the database and php scripts to output and input data etc. I know want to show that data in my web pages. My question is.... Is it best to insert HTML into the php output script to display the information and make the site look how I want....OR ....... should I create a template of the site in HTML and then somehow call the php output script (and the particular row of the database...) Basically... should I put the html code into the php - OR - put the php into the HTML?? I hope this make sense...... thanks Hi there I have a problem here, I think I may know what it is but just wanted some guidance on this issue. I took the logic from a previous help from the people on this forum and here is my landing page: <?php // ini_set("display_errors", 1); // randomly starts a session! session_name("jeremyBasicLogin"); session_start(); if(isset($_SESSION['username'])) { // display whatever when the user is logged in: echo <<<ADDENTRY <html> <head> <title>User is now signed in:<title> </head> <body> <h1>You are now signed in!</h1> <p>You can do now what you want to do!</p> </body> </html> ADDENTRY; } else { // If anything else dont allow access and send back to original page! header("location: signin.php"); } ?> This is where the user goes to when they go to this system (not a functional system, ie it doesnt actually do anything its more for my own theory. As you wont have a session on the first turn to this page it goes to: signin.php which contains: <?php // ini_set("display_errors", 1); require_once('func.db.connect.php'); if(array_key_exists('submit',$_POST)) { dbConnect(); // connect to database anyways! // Do a procedure to log the user in: // Santize User Inputs $username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); // cleans up with PHP first! $password = trim(stripslashes(mysql_real_escape_string(md5($_POST['password'])))); // cleans up with PHP first! $sql = "SELECT * FROM users WHERE username='$username' AND password='$password'"; $result = mysql_query($sql); if(mysql_num_rows($result) == 1) { session_name("jeremyBasicLogin"); session_start(); $_SESSION['is_logged_in'] = true; $_SESSION['username'] = $username; //print_r($_SESSION); // debug purposes only! $_SESSION['time_loggedin'] = time(); // this is adding to the array (have seen the output in the SESSION vars! // call function to update the time stamp in MySQL? header("location: index.php"); } else if(mysql_num_rows($result) != 1) { $message = "You typed the wrong password or Username Please retry!"; } } else { $message = ""; } // displays the login page: echo <<<LOGIN <html> <body> <h1>Example Login</h1> <form id="login" name="login" action="{$_SERVER['PHP_SELF']}" method="post"> <label for="username">Username: </label><input type="text" id="username" name="username" value="" /><br> <label for="password">Password: </label><input type="text" id="password" name="password" value="" /><br> <input type="submit" id="submit" name="submit" value="Login" /> </form> LOGIN; echo "<p>" . $message . "</p>"; echo <<<LOGIN <p>Please Login to View and Edit Your Entries</p> <p><a href="register.php">Click Here To Signup</a><p> </body> </html> LOGIN; ?> This checks through user inputs and hopefully logs them in, when Ive inserted the data into the database itself it works, if I try and login but if a user fills in this form: signup.php: <?php //ini_set("display_errors", 1); $message =''; require_once('func.db.connect.php'); if(array_key_exists('submit',$_POST)) { dbConnect(); // connect to database anyways! // do some safe protecting of the users variables, apply it to all details! $username = trim(stripslashes(mysql_real_escape_string($_POST['username']))); // cleans up with PHP first! $email = trim(stripslashes(mysql_real_escape_string($_POST['email']))); // cleans up with PHP first! $password = trim(stripslashes(mysql_real_escape_string(md5($_POST['password'])))); // does as above but also encrypts it using the md5 function! $password2 = trim(stripslashes(mysql_real_escape_string(md5($_POST['password2'])))); // does as above but also encrypts it using the md5 function! if($username != '' && $email != '' && $password != '' && $password2 != '') { // do whatever when not = to nothing/empty fields! if($password === $password2) { // do database stuff to enter users details $sql = "INSERT INTO `test`.`users` (`id` ,`username` ,`password`) VALUES ('' , '$username', MD5( '$password' ));"; $result = mysql_query($sql); if($result) { $message = 'You may now login by clicking <a href="index.php">here</a>'; } } else { // echo out a user message says they got their 2 passwords incorrectly typed: $message = 'Pleae re enter your password'; } } else { // they where obviously where empty $message = 'You missed out some required fields, please try again'; } } echo <<<REGISTER <html> <body> <h1>Register Form</h1> <p>Please fill in this form to register</p> <form id="register" name="register" action="{$_SERVER['PHP_SELF']}" method="post"> <table> <tr> <td><label for="username">Username: </label></td> <td><input type="text" id="username" name="username" value="" /></td> </tr> <tr> <td><label for="email">Email: </label></td> <td><input type="text" id="email" name="email" value="" /></td> </tr> <tr> <td><label for="password">Password: </label></td> <td><input type="text" id="password" name="password" value="" /></td> </tr> <tr> <td><label for="password">Confirm Password: </label></td> <td><input type="text" id="password2" name="password2" value="" /></td> </tr> <tr> <td><input type="submit" id="submit" name="submit" value="Register" /></td> </tr> <table> REGISTER; echo "<p>" . $message . "</p>"; echo <<<REGISTER </form> </body> </html> REGISTER; ?> As I said when the user signs up when submitting the above form, it doesnt work, keeps coming up with a different value for the password, so I am about 99% certain its the password, but I have been maticulous about copying in the sanitize function for SQL injections and it just doesnt still work, really puzzled now. Any helps appreciated, Jeremy. Hi all, I have a security problem with my website who is a social network (like facebook). Let's me Explain : You can execute this page on my website. www.SocialNetWork.com/ChangeStatus.php?param=Hello So your status become "Hello". On your profile, you can create a link to a picture on the web, for example : <img src='http://www.hacking.com/pic.jpg'> The problem is that a "hacker" create several russian girl profile and made links to pic.jpg on his server, and this .jpg file rewrite URL to : www.SocialNetWork.com/ChangeStatus.php?param=Suck. So when you visite his profil, the php code is launched, and the status OF THE VISITOR is changed ! I have no idea of how to stop this ? If i check the variable : $_SERVER['HTTP_REFERER'] The value is empty or www.SocialNetWork.com, but never www.hacking.com ... How can i stop the fact that a foreign picture could launch a php page on my website ? thanks for help ! ps: sorry for my english Hi, when i submit the form using the following text... -1 OR 1=1) AND 1=(SELECT IF((IFNULL(ASCII(SUBSTRING((SELECT @@VERSION),1,1)),0)>25),1,2)) that was sent by the hacker in my website i am trying to escape the above and filter it ... am using the mysql_Real_escape_string and trim function.. but nothing escaped... can u give me a suggestion , pls help me This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=321745.0 and doing sql injections i have enabled mysql logging and i can find where they did the query, but it only shows the query, it doesn't show what location or what url or how they did it so how can i fix it? thanks also lighttpd logs doesn't show... this sucks Code: [Select] if ($indovina!=$indovinata) { if ($tentativi>=6) { echo ("\n<p>Sorry, you hanged yourself. The word you had to guess was: ".$indovina."</p>\n"); } else { $scelt = preg_split('//', $scelte, -1, PREG_SPLIT_NO_EMPTY); echo ("\n<p>\n"); foreach ($alfabeto as $lettalf) { $contrl = false; foreach ($scelt as $lett) { if (!strcasecmp ($lettalf, $lett)) { $contrl = true; } } if ($contrl) { print (' <img src="images/lr_'.$lettalf.'.gif" style="border:0;width:20px;height:20px" alt="'.$lettalf.'" />'); } else { print (' <a href="'.$_SERVER['PHP_SELF'].'?letter='.$lettalf.'"><img src="images/lb_'.$lettalf.'.gif" style="border:0;width:20px;height:20px" alt="'.$lettalf.'" /></a>'); } if ($lettalf=='m') echo ("\n <br />"); echo ("\n"); } echo ("</p>\n"); } } else if ($indovinata){ echo ("\n<p>Congratulations! You guessed the word.</p>\n"); $DB->query("UPDATE ibf_members set gold=gold+5 WHERE id = {$ibforums->member['id']}"); } Look at the bottom, ok so if the person wins the hangman game, it will show "Congrats" but then people will just beable to refresh the page, and that query will run again and again and that person will gain +5 gold each time....we need to fix this!! any help? Hi, basically i have data in my database i want to represent as cash, i currently put the dollar sign infront of each echo which is fine, but how would i go about adding , to the php code itself as you cannot do this from the sql database.. for those of you who don't know i am creating a piece of forum software called ASF. Ive done it by myself so far but as it grows i find it harder to write the code and keep organised. my code is a mess and things arent done the way they should be. So if anyone can give me advice or wants to help i could post some of the files for download. Even if you just want to have a look and let me know waht you think. Thanks Carl http://www.thevault.cz.cc In short i want to use the following code below, when someone selects there option and submits it, it would bring up details from the database on this user from the selected table, can you explain what it would be called doing this so i can look it up, Sorry to be a pain, Cheers. Code: [Select] <select name="target2" id="target2"> <option value=""></option> <?php $sql = "SELECT player_id, friend_id, name, is_active FROM contacts as c JOIN players as p ON c.friend_id = p.id WHERE c.player_id = $playerID AND is_active = 1 ORDER BY name ASC"; $que = mysql_query($sql) or die(mysql_error()); while($list = mysql_fetch_array($que)) { ?> <option value="<?php echo $list['friend_id'] ?>"><?php echo $list['name'] ?></option> <?php } ?> </select> So here's my problem I'm not sure how to approach this: I have a table with user_items which are stored together separated by commas. Code: [Select] 13,12,11,9,27,15,16,22,21,23,24,26,29,30,31,32,33 Now, I have a script where the user is in a trade and I want to verify the item they are trying to trade, but is there an alternative other than grabbing all of that users' items and checking that one item with all of the records? I've tried using Code: [Select] SELECT * FROM MYTABLE WHERE user_item_id IN(33) As an example to see if it will pull the rows with that ID. It didn't seem to work, am I doing it wrong? if so, forgive me. Any suggestions/help? The main problem is I don't want to have to explode that data and use a foreach to check that one item against all of that users items, as they could have well over 500. Hello, can someone please advice me on what scripts I will need to accomplish the following. I want users to be able to login to their personal page, on there will be items such as pdf files, jpeg files etc, that they will be able to download. Are there any free scripts out there that can do this, that anyone knows of? I don't mind paying if its a cheapish script for one of you to make for me, but money is a bit tight at the moment so a free script would be my 1st choice... Thanks for all your help Hi all, I am looking as a pet project to develop a review site, with the info stored in a database by id and the information grabbed bet get id and then displayed on a dynamic page, eg review.php?id=1 My question is this, if i throw keywords into the mix for each review, will search engines cache a review like this? Or would I need static pages for google etc to find the info? Thanks Right now I have a SESSION so when users flip though pages they carry their info with them, what I'm trying to do now is that userhome.php can't be accesses unless the user just was succesful in cracking there system.. game I'm creating for those of you helping and following me while I do this! it's a virutal hacking simulation and where I'm now is that the user's passwordcracker was compared to the target systems 'systemkey' and either granted him access or didn't, if it did it displayed a progress bar then fowarded to userhome.php where the target users info will lay, right now though if I just type in userhome.php i get there without haveing the crack it.... any ideas? hello i need someone to take a look on this , General comments on the code process and how should i continue !!! [attachment deleted by admin] This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=328588.0 I've been trying to find a good, up-to-date source on how to secure the authentication credentials for my db connection. I've done some PHP coding and would like to learn more. There's plenty information available, but I often find books inevitably have typos in the code. Also most of the online tutorials are either at least several years old or deal more with user login security. User authentication is one thing, but what are the best ways to secure the connection to the database itself? Obviously your basic newbie method of unencrypted host, username, password, and database stored in a connectvar file is just open invitation--or maybe not since it doesn't present a challenge to a hacker. Some say to encrypt the credentials with something like MD5 and store them in .htaccess. Other sources say not to use MD5. Any advice on where to find some good resources on this? Cheers! Hi everyone This is not really about php code...sorry. But i want some advice if you dont mind. I am working on a system, but i would like it to be available for PC use, aswell as for mobile use. What would be the best? To create two websites, one for mobile other for PC, and upload them to .mobi and .com domains, or should i create only one... I need this to be as user-friendly as possible...because the clients who are going to use this, is those ppl that is not comfortable with a PC, not to mention the web. Thanks I have a restricted page for members of a website. This restricted area is within a directory called 'download.' There is a login form on two pages (home and support pages, found in the main menu). These pages are on the site root directory. When the user successfully logs in they are taken inside the download directory to index.php. This index.php has a different look to the site root design. I have since redesigned this page to have the same structure as the site root pages. I would love for the user to able to navigate around the main site if they wanted, and when they clicked support in the menu they would have all the download files there on the page, instead of a login form. My question is how would I implement this login so that when the user logs in the support page changes from the login page to the page with the files. I don't want to to duplicate the site within the download directory, I was hoping for an efficient method, but I am unsure how to go about it. |
|||||||