Skip navigation.
Home
The PHP WTF
Home

When I was your age I didn't have luxuries like...

Submitted by phrax on Mon, 2004-11-22 15:27. Bad Architecture

being able to select more than one column from the database at a time!
(thanks to Nightflyer for this submission)

<?php
$server      = "localhost";
  $user        = "root";
  $password    = "";
  $database    = "mmnetrix";
  $tbl_content = "netcard";

  $db_connect  = mysql_connect($server, $user, $password);
  $db_close    = mysql_close($db_connect);
  $db_select   = mysql_select_db($database, $db_connect);

  $id = $_GET['id'];

  $sql_name         = mysql_query("SELECT name FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_strasse      = mysql_query("SELECT strasse FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_plz          = mysql_query("SELECT plz FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_ort          = mysql_query("SELECT ort FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_tel          = mysql_query("SELECT tel FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_fax          = mysql_query("SELECT fax FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_email        = mysql_query("SELECT email FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_inet         = mysql_query("SELECT inet FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_ansprpartner = mysql_query("SELECT ansprpartner FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_hlkurztext   = mysql_query("SELECT hlkurztext FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_kurztext     = mysql_query("SELECT kurztext FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_hllangtext   = mysql_query("SELECT hllangtext FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_langtext     = mysql_query("SELECT langtext FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_hlliste      = mysql_query("SELECT hlliste FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_liste        = mysql_query("SELECT liste FROM $tbl_content WHERE id = '$id'", $db_connect);
  $sql_grafik       = mysql_query("SELECT grafik FROM $tbl_content WHERE id = '$id'", $db_connect);
?>

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Submitted by Isotopp (not verified) on Tue, 2004-11-23 02:55.
Older versions of serendipity exhibited similar behaviour when accessing the plugin configuration entries as a side effect of the nature of the plugin API. In my blog, 87 queries were being made to create the front page. Fixes in current S9Y reduced that number to 7.
» reply

Submitted by eth0 (not verified) on Tue, 2004-11-23 02:59.
Oh Lord, this can't be...

First, connecting to the MySQL server as root without a password.

Second, closing the MySQL connection right after connecting and even without checking if the connection actually succeeded.

Third, making one query by each field. Terrible.

And fourth, not escaping the $id variable before placing it into the SQL queries.

Well, at least he took the time to align all the equals signs...
» reply

Submitted by elias (not verified) on Tue, 2004-11-23 03:22.
i know this code, the author is an php/mysql newbie. this was just
a first try to get into mysql.
but it's really funny to see how newbies write down code without
thinking :)
» reply

Submitted by Drum D. (not verified) on Tue, 2004-11-23 04:56.
Why do we always get noobcode from Germans??? We are not ALL that bad :(
And the root-without-password thing really shows s/he's working with an environment that's (hopefully) been newly set up for training purposes.
» reply

Submitted by elias (not verified) on Tue, 2004-11-23 06:17.
like i said he is a noob. but he's getting help from some good
coders, so don't be afraid. the code looks better now.

greeting from germany ;)
» reply

Submitted by Atomic (not verified) on Tue, 2004-11-23 13:23.
The answer is simple..

Professional Germans write code in English because german letters like "�", "�", "�" and "�" can't be used in variable-names or function names and so on.
German noobs are just kiddies who are not be able to speak English.

Thats all.
» reply

Submitted by paul (not verified) on Wed, 2004-11-24 00:58.
uh...you guys don't think that...just maybe...the password was removed before this was posted on the world-wide internet?
» reply

Submitted by Drum D. (not verified) on Wed, 2004-11-24 01:47.
R O F L O L.
Well I haven't thought about that but probably paul is right and this script noe has access to ALL MySQL instances on the planet MUAHAHAHA
» reply

Submitted by Aaron Wormus (not verified) on Wed, 2004-11-24 06:56.
Or maybe they are trying to use a database where the table names are in German.

My MySQL database on my testbed inside my firewalled network is running on Windows as root with no password. Big deal!
» reply

Post new comment




*

  • Web and e-mail addresses are automatically converted into links.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre> <p> <br /> <br>
More information about formatting options