0
好吧,我必須表格,他們是沿着相同的路線,但一個列出所有商店出售的商品,一個是我們出售的產品。MySQL兩個選擇,但完全不同
認爲它像水果和蔬菜完全不同。
我需要解決的是,如果有7個水果,我們需要8個清單,然後去獲得一個隨機蔬菜,並顯示在相同的結果。
這是我們的查詢當前的樣子。你會發現,我們可以發送$計數,我們爲8發,但我們可能要提高到10,甚至使它4.
public function realcashoffers($state,$count)
{
$this->state = $state;
$this->number = $count;
//print count($this->JSONselect("business_stores","*",NULL,NULL),1);
print $this->JSONselect("approved_business, business_stores, Real_Cash_Offers"," *, group_concat(offer ORDER BY offer ASC SEPARATOR ',') as offers"," approved_business.id = business_stores.business_id AND Real_Cash_Offers.business_id = approved_business.id AND Real_Cash_Offers.storeid = business_stores.storeid AND business_stores.state = '{$this->state}'","GROUP BY id ORDER BY RAND(), approved_business.id DESC LIMIT {$this->number} ");
}
這個 - > JSONselect去
//JSON select
public function JSONselect($table,$options,$where,$orderby)
{
$options = empty($options) ? "*" : $options;
$where = empty($where) ? "1=1" : $where;
$orderby = empty($orderby) ? "" : $orderby;
$qry = "SELECT $options FROM $table WHERE $where $orderby ";
//print $qry;
$result = mysql_query($qry) or die(json_encode(array("error",mysql_error())));
while(($row = mysql_fetch_assoc($result))){ $resultArray[] = $row; }
//print json_encode($resultArray);
return count($resultArray) < 1 ? print "[".json_encode(array("error"=>"sorry"))."]" : json_encode($resultArray);
}
'realca shoffers(「approved_business; drop table approved_business; - 」,「haha pwned」);' – CanSpice 2012-02-09 00:24:56
不起作用,因爲我們的設置已設置爲用戶名和密碼不能丟失數據 – RussellHarrower 2012-02-09 00:39:09
@RussellHarrower - 不想丟棄它離主題太遠,但攻擊者可以在不改變數據的情況下造成很大的損失。想象一下,能夠注入一些加入查詢的東西,從'users'表中獲取用戶名和密碼到您現有的查詢中。如果巧妙地完成,攻擊者可能會讓您打印該數據以進行屏幕顯示。 – SimonMayer 2012-02-09 02:51:36