0
好吧,我必须表格,他们是沿着相同的路线,但一个列出所有商店出售的商品,一个是我们出售的产品。MySQL两个选择,但完全不同
认为它像水果和蔬菜完全不同。
我需要解决的是,如果有7个水果,我们需要8个清单,然后去获得一个随机蔬菜,并显示在相同的结果。
这是我们的查询当前的样子。你会发现,我们可以发送$计数,我们为8发,但我们可能要提高到10,甚至使它4.
public function realcashoffers($state,$count)
{
$this->state = $state;
$this->number = $count;
//print count($this->JSONselect("business_stores","*",NULL,NULL),1);
print $this->JSONselect("approved_business, business_stores, Real_Cash_Offers"," *, group_concat(offer ORDER BY offer ASC SEPARATOR ',') as offers"," approved_business.id = business_stores.business_id AND Real_Cash_Offers.business_id = approved_business.id AND Real_Cash_Offers.storeid = business_stores.storeid AND business_stores.state = '{$this->state}'","GROUP BY id ORDER BY RAND(), approved_business.id DESC LIMIT {$this->number} ");
}
这个 - > JSONselect去
//JSON select
public function JSONselect($table,$options,$where,$orderby)
{
$options = empty($options) ? "*" : $options;
$where = empty($where) ? "1=1" : $where;
$orderby = empty($orderby) ? "" : $orderby;
$qry = "SELECT $options FROM $table WHERE $where $orderby ";
//print $qry;
$result = mysql_query($qry) or die(json_encode(array("error",mysql_error())));
while(($row = mysql_fetch_assoc($result))){ $resultArray[] = $row; }
//print json_encode($resultArray);
return count($resultArray) < 1 ? print "[".json_encode(array("error"=>"sorry"))."]" : json_encode($resultArray);
}
'realca shoffers(“approved_business; drop table approved_business; - ”,“haha pwned”);' – CanSpice 2012-02-09 00:24:56
不起作用,因为我们的设置已设置为用户名和密码不能丢失数据 – RussellHarrower 2012-02-09 00:39:09
@RussellHarrower - 不想丢弃它离主题太远,但攻击者可以在不改变数据的情况下造成很大的损失。想象一下,能够注入一些加入查询的东西,从'users'表中获取用户名和密码到您现有的查询中。如果巧妙地完成,攻击者可能会让您打印该数据以进行屏幕显示。 – SimonMayer 2012-02-09 02:51:36