Hi,
I have a problem in PHP about Query of concating.
Please, guide me
1: test.sql is dump file
-- PHP Version: 4.4.2
--
-- Database: `pradeep`
--
-- --------------------------------------------------------
--
-- Table structure for table `test`
--
CREATE TABLE `test` (
`id` int(11) NOT NULL,
`fullname` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `test`
--
INSERT INTO `test` (`id`, `fullname`) VALUES (1, 'ankur patil'),
(2, 'avinash chaudhary'),
(3, 'raju za'),
(4, 'tanmay wagh');
2:bkslash.html
<html>
<body>
<form action=bkslash2.php method=post>
<input type="text" name="input1">
<select name=fields>
<option value='id'>id</option>
<option value=concat(concat(Fullname,','),id)>Fullname & Id</option>
</select>
<input type=submit >
</form>
</body>
</html>
3:bkslash2.php
<?php
mysql_connect("localhost","proex")or die("Database Failed");
mysql_select_db("pradeep")or die("Failed to Connect Database");
$str="select fullname from test where ".$_REQUEST['fields']." like '%".
$_REQUEST['input1']."%'";
echo $str;
$res=mysql_query($str) or die("resultset error");
$row=mysql_fetch_row($res);
echo "<br>result<hr>";
print_r($row);
?>
here, in output, if i enter any value (let 3) in text box & in combo
box
select Fullname & id then it gives me resultant error
& Query becomes
select fullname from test where concat(concat(Fullname,\',\'),id) like
'%3%'
so, how i get right output ?
Please, guide me. 2 1559
pradeep kirjoitti:
Hi,
I have a problem in PHP about Query of concating.
Please, guide me
1: test.sql is dump file
-- PHP Version: 4.4.2
--
-- Database: `pradeep`
--
-- --------------------------------------------------------
--
-- Table structure for table `test`
--
CREATE TABLE `test` (
`id` int(11) NOT NULL,
`fullname` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
--
-- Dumping data for table `test`
--
INSERT INTO `test` (`id`, `fullname`) VALUES (1, 'ankur patil'),
(2, 'avinash chaudhary'),
(3, 'raju za'),
(4, 'tanmay wagh');
2:bkslash.html
<html>
<body>
<form action=bkslash2.php method=post>
<input type="text" name="input1">
<select name=fields>
<option value='id'>id</option>
<option value=concat(concat(Fullname,','),id)>Fullname & Id</option>
</select>
<input type=submit >
</form>
</body>
</html>
3:bkslash2.php
<?php
mysql_connect("localhost","proex")or die("Database Failed");
mysql_select_db("pradeep")or die("Failed to Connect Database");
$str="select fullname from test where ".$_REQUEST['fields']." like '%".
$_REQUEST['input1']."%'";
echo $str;
$res=mysql_query($str) or die("resultset error");
$row=mysql_fetch_row($res);
echo "<br>result<hr>";
print_r($row);
?>
here, in output, if i enter any value (let 3) in text box & in combo
box
select Fullname & id then it gives me resultant error
& Query becomes
select fullname from test where concat(concat(Fullname,\',\'),id) like
'%3%'
so, how i get right output ?
Please, guide me.
stripslashes($_REQUEST['fields']);
-- Ra*********@gmail.com
"Olemme apinoiden planeetalla."
pradeep wrote:
<option value=concat(concat(Fullname,','),id)>
<option value="concat(concat(Fullname,','),id)">
$str="select fullname from test where ".$_REQUEST['fields']." like '%".
$_REQUEST['input1']."%'";
That line just scared the bejeezus out of me!
Big, big security problem right here.
--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
* = I'm getting there! This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Jakob Simon-Gaarde |
last post by:
Some project includes files from different libraries lib1,lib2 and
lib3 all having each there own version header file. I need to be able
to pick up these values in a single define value...
|
by: JS |
last post by:
I am trying to add an element to an array like this:
var ty = ;
zz = "ty";
var ab = null;
zz+="";
ab = eval(zz);
document.write(ab.length);
|
by: Joel |
last post by:
Hi,
I incorporated a function in my code that whenever I use a string variable
in an sql statement if the string contains a single quote it will encase it
in double quotes else single quotes.
...
|
by: Paminu |
last post by:
In math this expression:
(a < b) && (b < c)
would be described as:
a < b < c
But why is it that in C these two expressions evaluate to something
different for the same values of a, b and...
|
by: FP |
last post by:
I have a javascript variable set to the contents of a database comments
field.
To set the js variable I used the PHP addslashes function which encodes
the apostrophe, double quotes and the...
|
by: pradeep |
last post by:
Hello,
I have problem in PHP String concatination with html select combo
box.
There are 3 files
addressbook.sql :
concat1.php
concat2.php
|
by: Jay Loden |
last post by:
Hi all,
First, apologies if anyone gets this twice, but it took me quite a
while to figure out that Python.org is evidently rejecting all mail
from my mail server because I don't have reverse...
|
by: Mark B |
last post by:
Hi experts,
I'm converting a homebrew AD management progam I wrote, from VB6 to VB 2008.
I've got some code that sticks values in to Active Directory like this:-
objOU.PutEx...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |