#1
  1. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0

    Are These Sql Injection proof ?


    Php Experts,

    Is this code sql injection proof ?
    I did not write it. I just added the sessions and changed the column names. Copy & paste you might claim. If it does not need PREP STMT then I will leave it as is.
    It does not need PREP STMT now does it ?
    It displays all rows from all columns from a table.
    PHP Code:
    <?php 

    //Required PHP Files. 
    include 'config.php'
    include 
    'header.php'

    //Check if User is already logged-in or not. Get the login_check() FUNCTION to check. 
    if (login_check() === FALSE

        
    //Redirect User to Log-in Page after 2 secs. 
        
    header("refresh:2; url=login.php"); 
        exit(); 

    else 

        
    //Grab User details from Session Variables and echo them. 
        
    $user $_SESSION["user"]; 
        
        
    $id $_SESSION["id"]; 
        
    $account_activation_status $_SESSION["account_activation_status"]; 
        
    $id_video_verification_status $_SESSION["id_video_verification_status"]; 
        
    $id_video_verification_url $_SESSION["id_video_verification_url"]; 
        
    $sponsor_username $_SESSION["sponsor_username"]; 
        
    $recruits_number $_SESSION["recruits_number"]; 
        
    $on_day_number_on_7_days_wish_list $_SESSION["on_day_number_on_7_days_wish_list"]; 
        
    $primary_website_domain $_SESSION["primary_website_domain"]; 
        
    $primary_website_email $_SESSION["primary_website_email"]; 
        
    $username $_SESSION["username"]; 
        
    $first_name $_SESSION["first_name"]; 
        
    $middle_name $_SESSION["middle_name"]; 
        
    $surname $_SESSION["surname"]; 
        
    $gender $_SESSION["gender"]; 
        
    $date_of_birth $_SESSION["date_of_birth"]; 
        
    $age_range $_SESSION["age_range"]; 
        
    $religion $_SESSION["religion"]; 
        
    $marital_status $_SESSION["marital_status"]; 
        
    $working_status $_SESSION["working_status"]; 
        
    $profession $_SESSION["profession"]; 
        
    $home_city $_SESSION["home_city"]; 
        
    $home_country $_SESSION["home_country"]; 
        
    ?> 
        <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional/EN"> 
        <html> 
        <head> 
        <meta content="text/html; charset=ISO-8859-1"  http-equiv="content-type"> 
        <title><?php echo $site_name?> User's Browsing Histories in <?php echo $server_time?> time.</title> 
        </head> 
        <body> 
        <br> 
        <center><span style="font-weight: bold;"><?php echo $site_name?> User's Browsing Histories in <?php echo $server_time?> time.</span></center> 
        <br> 
        <br> 
        <?php 
        
    //Connect to Mysql Server. 

        //Get Data from Table "browsing_histories". 
        
    $sql "SELECT * FROM browsing_histories"
        
    $result mysqli_query($conn,$sql); 
        
    //Total Number of Records 
        
    $rows_num mysqli_num_rows($result); 
        
    //Total Number of Pages Records to spread-over. 
        
    $page_count 10
        
    $page_size ceil($rows_num $page_count); 
        
    //Get the Page Number, Default is 1 (First Page). 
        
    $page_number $_GET["page_number"]; 
        if (
    $page_number == ""$page_number 1
            
    $offset = ($page_number -1) * $page_size
            
            
    $sql .= " limit {$offset},{$page_size}"
            
    $result mysqli_query($conn,$sql); 
        
    ?> 
        <table width="1500" border="0" cellpadding="5" cellspacing="2" bgcolor="#666666"> 
        <?php if($rows_num) {?> 
        <tr name="headings"> 
        <td bgcolor="#FFFFFF" name="column-heading_submission-number">Submission Number</td> 
        <td bgcolor="#FFFFFF" name="column-heading_browsed-page">Browsed Page</td> 
        <td bgcolor="#FFFFFF" name="column-heading_logging-server-date-&-time">Date & Time in <?php echo $server_time?></td> 
        <td bgcolor="#FFFFFF" name="column-heading_username">Username</td> 
        <td bgcolor="#FFFFFF" name="column-heading_username">Gender</td> 
        <td bgcolor="#FFFFFF" name="column-heading_username">Age Range</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_religion">Religion</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_education">Education</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_profession">Profession</td> 
        <td bgcolor="#FFFFFF" name="column-heading_working_status">Working Status</td> 
        <td bgcolor="#FFFFFF" name="column-heading_Marital_status">Marital Status</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_town">Home Town</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_borough">Home Borough</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_city">Home City</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_county">Home County</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_region">Home Region</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_state">Home State</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_country">Home Country</td> 
        <td bgcolor="#FFFFFF" name="column-heading_contact-page">Contact Page</td> 
        </tr> 
        <?php while($row mysqli_fetch_array($result)){ ?> 
        <tr name="user-details"> 
        <td bgcolor="#FFFFFF" name="submission-number"><?php echo $row['id']; ?></td> 
        <td bgcolor="#FFFFFF" name="logging-server-date-&-time"><?php echo $row['date_and_time']; ?></td> 
        <td bgcolor="#FFFFFF" name="browsed-page"><?php echo "<a href='"
                                                              echo 
    $row['browsed_page']; 
                                                              echo 
    "'>"
                                                              echo 
    "Browsed Page</a>"?></td> 
        <td bgcolor="#FFFFFF" name="username"><?php echo $row['username']; ?></td> 
        <td bgcolor="#FFFFFF" name="gender"><?php echo $row['gender']; ?></td> 
        <td bgcolor="#FFFFFF" name="age-range"><?php echo $row['age_range']; ?></td> 
        <td bgcolor="#FFFFFF" name="religion"><?php echo $row['religion']; ?></td> 
        <td bgcolor="#FFFFFF" name="education"><?php echo $row['education']; ?></td> 
        <td bgcolor="#FFFFFF" name="profession"><?php echo $row['profession']; ?></td> 
        <td bgcolor="#FFFFFF" name="working-status"><?php echo $row['working_status']; ?></td> 
        <td bgcolor="#FFFFFF" name="marital-status"><?php echo $row['marital_status']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-town"><?php echo $row['home_town']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-borough"><?php echo $row['home_borough']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-city"><?php echo $row['home_city']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-county"><?php echo $row['home_county']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-region"><?php echo $row['home_region']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-state"><?php echo $row['home_state']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-country"><?php echo $row['home_country']; ?></td> 
        <td bgcolor="#FFFFFF" name="contact-page"><?php echo "<a href='"
                                                              echo 
    $row['contact_page']; 
                                                              echo 
    "'>"
                                                              echo 
    "Contact Page</a>"?></td> 
        </tr> 
        <?php ?> 
        <tr name="pagination"> 
        <td colspan="19" bgcolor="#FFFFFF"> Result Pages: 
        <?php 
            
    if($rows_num <= $page_size
            { 
                echo 
    "Page 1"
            } 
            else 
            { 
                for(
    $i=1;$i<=$page_count;$i++) 
                echo 
    "<a href=\"{$_SERVER['PHP_SELF']}?page_number={$i}\">{$i}</a>  "
            } 
            
    ?> 
        </td> 
        </tr> 
        <?php } else { ?> 
        <tr> 
        <td bgcolor="FFFFFF">No record found! Try another time.</td> 
        </tr> 
        <?php }?> 
        </table> 
        <br> 
        <br> 
        <center><span style="font-weight: bold;"><?php echo $site_name?> Users' Browsing Histories in <?php echo $server_time?> time.</span></center> 
        <br> 
        <br> 
    </div> 
    <br> 
    </body> 
    </html> 
    <?php 

    ?>
    Q1. What do you think ?
    After replying, kindly reply to my next questions in my upcoming posts.
    Last edited by UniqueIdeaMan; March 28th, 2018 at 06:38 AM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Php Masters,

    The following code is my own code. I built it on the skeleton of the above code I grabbed from somewhere about 2yrs back.
    I added PREP STMT and I got the final page to show the pagination numbers in reverse order such as: 10,9,8,7,6,5,4,3,2,1.
    It is supposed to show all rows from the tbl.
    Q2. What do you think ? Is it sql injection proof now ?

    Compare the 2 codes and give me rating from 1-10 where 1 is RUBBISH and 10 is GREAT to show me how well I did.
    PHP Code:
    <?php   

    //Required PHP Files.   
    include 'config.php';   
    include 
    'header.php';   

    //Check if User is already logged-in or not. Get the login_check() FUNCTION to check.   
    if (login_check() === FALSE)   
    {  
        
    //Redirect User to Log-in Page after 2 secs.   
        
    header("refresh:2; url=login.php");   
        exit();   
    }   
    else   
    {   
        
    $user $_SESSION["user"];   
          
        
    $id $_SESSION["id"];   
        
    $account_activation_status $_SESSION["account_activation_status"];   
        
    $id_video_verification_status $_SESSION["id_video_verification_status"];   
        
    $id_video_verification_url $_SESSION["id_video_verification_url"];   
        
    $sponsor_username $_SESSION["sponsor_username"];   
        
    $recruits_number $_SESSION["recruits_number"];   
        
    $on_day_number_on_7_days_wish_list $_SESSION["on_day_number_on_7_days_wish_list"];   
        
    $primary_website_domain $_SESSION["primary_website_domain"];   
        
    $primary_website_email $_SESSION["primary_website_email"];   
        
    $username $_SESSION["username"];   
        
    $first_name $_SESSION["first_name"];   
        
    $middle_name $_SESSION["middle_name"];   
        
    $surname $_SESSION["surname"];   
        
    $gender $_SESSION["gender"];   
        
    $age_range $_SESSION["age_range"];   
        
    $religion $_SESSION["religion"];   
        
    $marital_status $_SESSION["marital_status"];   
        
    $working_status $_SESSION["working_status"];   
        
    $profession $_SESSION["profession"];   
          
        
    $recipient_username $user;  

        
    ?>   
        <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional/EN">   
        <html>   
        <head>   
          <meta content="text/html; charset=ISO-8859-1"  http-equiv="content-type">   
        <title><?php echo "$user "?>Notices in <?php echo "$server_time ";?> time.</title> 
        </head>   
        <body>   
        <br>   
        <center><span style="font-weight: bold;"><?php echo "$user ";?>Notices in <?php echo "$server_time ";?> time.</span></center>   
        <br>   
        <br>   
          
        <?php     
        
            
    //Get the Page Number, Default is 1 (First Page).      
            
    $page_number $_GET["page_number"];  
            if (
    $page_number == "")  
            {     
               
    $page_number 1;  
            }         

        
    $sender_username "admin123";
        
    $recipient_username "admin123";
        
    $links_per_page 2
        
    $max_result 100
        
    $offset = ($page_number-1)*$links_per_page;
        
    //$offset = ($page_number*$links_per_page)-$links_per_page;
        
    $query_1 "SELECT COUNT(*) as total FROM notices WHERE recipient_username = ? AND sender_username = ?";
        
    $stmt_1 mysqli_prepare($conn$query_1);     
        
    mysqli_stmt_bind_param($stmt_1,'ss',$recipient_username,$sender_username); 
        
    mysqli_stmt_execute($stmt_1);  
        
    $result_1 mysqli_stmt_bind_result($stmt_1,$matching_rows_count); 
        
    mysqli_stmt_fetch($stmt_1);
        
    mysqli_stmt_free_result($stmt_1); 
        
        
    printf(" %d rows found.\n",$matching_rows_count); ?><br><?php 
        $total_pages 
    ceil($matching_rows_count/$links_per_page);     
        
        
    $query_2 "SELECT id,date_and_time,recipient_username,sender_username,notice FROM notices WHERE recipient_username = ? AND sender_username = ? ORDER BY id LIMIT ? OFFSET ?"
        
    $stmt_2 mysqli_prepare($conn$query_2);    
        
    mysqli_stmt_bind_param($stmt_2,'ssii',$recipient_username,$sender_username,$links_per_page,$offset);      
        
    mysqli_stmt_execute($stmt_2);  
        
    $result_2 mysqli_stmt_bind_result($stmt_2,$id,$date_and_time,$recipient_username,$sender_username,$notice);
        
    mysqli_stmt_fetch($stmt_2);    
        
        
    ?> 
        <table width="1500" border="0" cellpadding="5" cellspacing="2" bgcolor="#666666"> 
        
        <?php if(!$stmt_2)  
        {  
            
    ?>  
            <tr>  
            <td bgcolor="FFFFFF">No record found! Try another time.</td>  
            </tr>  
            <?php  
        

        else 
        { 
            if((
    $offset+1)<=$max_result)             
            {  
            
    ?>  
            
            <tr name="headings">  
            <td bgcolor="#FFFFFF" name="column-heading_submission-number">Submission Number</td>  
            <td bgcolor="#FFFFFF" name="column-heading_logging-server-date-&-time">Date & Time in <?php echo $server_time ?></td>  
            <td bgcolor="#FFFFFF" name="column-heading_to">To</td>  
            <td bgcolor="#FFFFFF" name="column-heading_from">From</td>  
            <td bgcolor="#FFFFFF" name="column-heading_notice">Notice</td>  
            </tr>      
            <tr name="user-details">   
                <td bgcolor="#FFFFFF" name="submission-number"><?php printf("%s"$id); ?></td>   
                <td bgcolor="#FFFFFF" name="logging-server-date-and-time"><?php printf("%s"$date_and_time); ?></td>   
                <td bgcolor="#FFFFFF" name="recipient_username"><?php printf("%s"$recipient_username); ?></td>   
                <td bgcolor="#FFFFFF" name="sender_username"><?php printf("%s"$sender_username); ?></td>   
                <td bgcolor="#FFFFFF" name="notice"><?php printf("%s"$notice); ?></td>   
                </tr>         
            <?php 
            
    //Use this technique: http://php.net/manual/en/mysqli-stmt.fetch.php
            
    while(mysqli_stmt_fetch($stmt_2))        
                
    ?>  
                <tr name="user-details">   
                <td bgcolor="#FFFFFF" name="submission-number"><?php printf("%s"$id); ?></td>   
                <td bgcolor="#FFFFFF" name="logging-server-date-and-time"><?php printf("%s"$date_and_time); ?></td>   
                <td bgcolor="#FFFFFF" name="recipient_username"><?php printf("%s"$recipient_username); ?></td>   
                <td bgcolor="#FFFFFF" name="sender_username"><?php printf("%s"$sender_username); ?></td>   
                <td bgcolor="#FFFFFF" name="notice"><?php printf("%s"$notice); ?></td>   
                </tr> 
                <?php  
                ?>
     
                <tr name="pagination">  
                <td colspan="10" bgcolor="#FFFFFF"> Result Pages:  
                <?php  
                 
                
    if($page_number $total_pages)  
                {  
                    for(
    $i=1;$i<=$total_pages;$i++) //Show Page Numbers in Serial Order. Eg. 1,2,3.
                    
    echo "<a href=\"{$_SERVER['PHP_SELF']}?user=$user&page_number={$i}\">{$i}</a>  "
                }  
                else  
                {  
                    for(
    $i=$total_pages;$i>=1;$i--) //Show Page Numbers in Reverse Order. Eg. 3,2,1. 
                    
    echo "<a href=\"{$_SERVER['PHP_SELF']}?user=$user&page_number={$i}\">{$i}</a>  "
                }               
                
    ?>  
                </td>  
                </tr>  
                <?php  
        
    }
    }    
    ?>  
        </table>  
        <br>  
        <br>  
        <center><span style="font-weight: bold;"><?php echo "$site_name $user "?>User's Notices in <?php echo "$server_time "?> time.</span></center> 
        <br>  
        <br>  
    </div>  
    <br>  
    </body>  
    </html>  
    <?php  

    //Free Result Set  
    mysqli_stmt_free_result($stmt_2);  

    //Close Database Connection  
    mysqli_stmt_close($stmt_2); 

    mysqli_close($conn); 
    }  

    ?>
    Note that, the original code (previous post) had code like this:
    PHP Code:
        //Get Data from Table "browsing_histories". 
        
    $sql "SELECT * FROM browsing_histories"
        
    $result mysqli_query($conn,$sql); 
        
    //Total Number of Records 
        
    $rows_num mysqli_num_rows($result); 
        
    //Total Number of Pages Records to spread-over. 
        
    $page_count 10
        
    $page_size ceil($rows_num $page_count); 
        
    //Get the Page Number, Default is 1 (First Page). 
        
    $page_number $_GET["page_number"]; 
        if (
    $page_number == ""$page_number 1
            
    $offset = ($page_number -1) * $page_size
            
            
    $sql .= " limit {$offset},{$page_size}"
            
    $result mysqli_query($conn,$sql); 
    I did not understand all that concatenation stuff (adv stuff) here and so got rid of them and coded things my beginner level way:
    PHP Code:
    //Get the Page Number, Default is 1 (First Page).      
            $page_number = $_GET["page_number"];  
            if ($page_number == "")  
            {     
               $page_number = 1;  
            }         

        $sender_username = "admin123";
        $recipient_username = "admin123";
        $links_per_page = 2; 
        $max_result = 100; 
        $offset = ($page_number-1)*$links_per_page;
        //$offset = ($page_number*$links_per_page)-$links_per_page;
        $query_1 = "SELECT COUNT(*) as total FROM notices WHERE recipient_username = ? AND sender_username = ?";
        $stmt_1 = mysqli_prepare($conn, $query_1);     
        mysqli_stmt_bind_param($stmt_1,'ss',$recipient_username,$sender_username); 
        mysqli_stmt_execute($stmt_1);  
        $result_1 = mysqli_stmt_bind_result($stmt_1,$matching_rows_count); 
        mysqli_stmt_fetch($stmt_1);
        mysqli_stmt_free_result($stmt_1); 
        
        printf(" %d rows found.\n",$matching_rows_count); ?><br><?php 
        $total_pages 
    ceil($matching_rows_count/$links_per_page);     
        
        
    $query_2 "SELECT id,date_and_time,recipient_username,sender_username,notice FROM notices WHERE recipient_username = ? AND sender_username = ? ORDER BY id LIMIT ? OFFSET ?"
        
    $stmt_2 mysqli_prepare($conn$query_2);    
        
    mysqli_stmt_bind_param($stmt_2,'ssii',$recipient_username,$sender_username,$links_per_page,$offset);      
        
    mysqli_stmt_execute($stmt_2);  
        
    $result_2 mysqli_stmt_bind_result($stmt_2,$id,$date_and_time,$recipient_username,$sender_username,$notice);
        
    mysqli_stmt_fetch($stmt_2);
    More code on my beginner level code I agree but it's well worth it for me since I understand my code and learnt a few things on the way from you guys and the php manual.
    Last edited by UniqueIdeaMan; March 29th, 2018 at 04:56 AM.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Php Gurus,

    The following code is my own code. I built it on the skeleton of the above 2 codes where the 1st one I grabbed from somewhere about 2yrs back and the 2nd one was my work on the 1st one's skeleton.
    I added PREP STMT and I got the final page to show the pagination numbers in reverse order such as: 10,9,8,7,6,5,4,3,2,1.
    And, it is only supposed to show the final row of the tbl. That is all.

    Q3. What do you think ? Is it sql injection proof now ?

    Compare this code with the above post's code and give me rating from 1-10 where 1 is RUBBISH and 10 is GREAT to show me how well I did.
    PHP Code:
    <?php   

    //Required PHP Files.   
    include 'config.php';   
    include 
    'header.php';   

    //Check if User is already logged-in or not. Get the login_check() FUNCTION to check.   
    if (login_check() === FALSE)   
    {  
        
    //Redirect User to Log-in Page after 2 secs.   
        
    header("refresh:2; url=login.php");   
        exit();   
    }   
    else   
    {   
        
    $user $_SESSION["user"];   
          
        
    $id $_SESSION["id"];   
        
    $account_activation_status $_SESSION["account_activation_status"];   
        
    $id_video_verification_status $_SESSION["id_video_verification_status"];   
        
    $id_video_verification_url $_SESSION["id_video_verification_url"];   
        
    $sponsor_username $_SESSION["sponsor_username"];   
        
    $recruits_number $_SESSION["recruits_number"];   
        
    $on_day_number_on_7_days_wish_list $_SESSION["on_day_number_on_7_days_wish_list"];   
        
    $primary_website_domain $_SESSION["primary_website_domain"];   
        
    $primary_website_email $_SESSION["primary_website_email"];   
        
    $username $_SESSION["username"];   
        
    $first_name $_SESSION["first_name"];   
        
    $middle_name $_SESSION["middle_name"];   
        
    $surname $_SESSION["surname"];   
        
    $gender $_SESSION["gender"];   
        
    $age_range $_SESSION["age_range"];   
        
    $religion $_SESSION["religion"];   
        
    $marital_status $_SESSION["marital_status"];   
        
    $working_status $_SESSION["working_status"];   
        
    $profession $_SESSION["profession"];   
          
        
    $recipient_username $user;  

        
    ?>   
        <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional/EN">   
        <html>   
        <head>   
          <meta content="text/html; charset=ISO-8859-1"  http-equiv="content-type">   
        <title><?php echo "$user "?>Final Notices in <?php echo "$server_time ";?> time.</title> 
        </head>   
        <body>   
        <br>   
        <center><span style="font-weight: bold;"><?php echo "$user ";?>Final Notice in <?php echo "$server_time ";?> time.</span></center>   
        <br>   
        <br>   
          
        <?php     
        
        $sender_username 
    "admin123";
        
    $recipient_username "admin123";
        
    $result_limit 1
        
        
    //FORMULA $query = SELECT fields FROM table ORDER BY id DESC LIMIT 1;
        
    $query "SELECT id,date_and_time,recipient_username,sender_username,notice FROM notices WHERE recipient_username = ? AND sender_username = ? ORDER BY id DESC LIMIT ?"
        
    $stmt mysqli_prepare($conn$query);    
        
    mysqli_stmt_bind_param($stmt,'ssi',$recipient_username,$sender_username,$result_limit);      
        
    mysqli_stmt_execute($stmt);  
        
    $result mysqli_stmt_bind_result($stmt,$id,$date_and_time,$recipient_username,$sender_username,$notice);
        
    mysqli_stmt_fetch($stmt);    
        
        echo 
    "id: $id";?><br><?php 
        
    echo "date & time: $date_and_time";?><br><?php 
        
    echo "recipient username: $recipient_username";?><br><?php 
        
    echo "sender_username: $sender_username";?><br><?php   
         
        ?>
     
        <table width="1500" border="0" cellpadding="5" cellspacing="2" bgcolor="#666666"> 
        
        <?php if(!$stmt)  
        {  
            
    ?>  
            <tr>  
            <td bgcolor="FFFFFF">No record found! Try another time.</td>  
            </tr>  
            <?php  
        

        else 
        { 
            
    ?>
            <tr name="headings">  
            <td bgcolor="#FFFFFF" name="column-heading_submission-number">Submission Number</td>  
            <td bgcolor="#FFFFFF" name="column-heading_logging-server-date-&-time">Date & Time in <?php echo $server_time ?></td>  
            <td bgcolor="#FFFFFF" name="column-heading_to">To</td>  
            <td bgcolor="#FFFFFF" name="column-heading_from">From</td>  
            <td bgcolor="#FFFFFF" name="column-heading_notice">Notice</td>  
            </tr>      
            <tr name="user-details">   
                <td bgcolor="#FFFFFF" name="submission-number"><?php printf("%s"$id); ?></td>   
                <td bgcolor="#FFFFFF" name="logging-server-date-and-time"><?php printf("%s"$date_and_time); ?></td>   
                <td bgcolor="#FFFFFF" name="recipient_username"><?php printf("%s"$recipient_username); ?></td>   
                <td bgcolor="#FFFFFF" name="sender_username"><?php printf("%s"$sender_username); ?></td>   
                <td bgcolor="#FFFFFF" name="notice"><?php printf("%s"$notice); ?></td>   
                </tr>         
        </table>  
        <?php  
        
    }
    }
    ?>
        <br>  
        <br>  
        <center><span style="font-weight: bold;"><?php echo "$site_name $user "?>Final Notice in <?php echo "$server_time "?> time.</span></center> 
        <br>  
        <br>  
    </div>  
    <br>  
    </body>  
    </html>  
    <?php  

    //Free Result Set  
    mysqli_stmt_free_result($stmt);  

    //Close Database Connection  
    mysqli_stmt_close($stmt);  
     

    ?>
    More code on my beginner level code I agree compared to the 1st post's original code by someone but it's well worth it for me since I understand my code and learnt a few things on the way from you guys and the php manual.
  6. #4
  7. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,270
    Rep Power
    4193

    Comments on this post

    • Catacaustic agrees : I couldn't have said it better myself
    • UniqueIdeaMan agrees : I couldn't have agreed better myself! You went thru all that length to build this diagram which would be handy for all newbies. I actually knew the answers to my questions but nevertheless I needed the seniors to confirm incase I overlooked anything.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Php Lovers,

    The following snippet is from my 2nd post.
    As you can see, there are 2 queries (query_1 & query_2). Now, I was so much into PREP STMTs that I overlooked something. Do you see both queries using PREP STMT ? Yes.
    Now, looking at the 2nd query, the final parameter is $offset which is a user inpu via the $_GET and therefore, I believe you will agree that I have used the PREP STMT here as I should.

    But, it has come to my attention this instant that the 1st query ($query_1) does not have it's parameters fed by the user but by the script/programmer. Therefore, I guess I should not be using PREP STMT here atall and so do you suggest I rid the PREP STMT or do you reckon I should I just leave it as it is ?
    Another question, if I use PREP STMT on a query that have parameters that are not user inputs but variables from $_SESSIONs or $_COOKIEs then would that harm my code or script or anything in any way if the query contained PREP STMTs ? If not, then I might aswell just leave things as it is just incase $_SESSION or $_Cookie variables can be sql injected in the future (if not now). That way, I save myself having to update the script.
    That brings me to the question:
    Can $_COOKIEs and $_SESSIONs get sql injected at present and do you reckon they will get sql injected in the future if they can't be sql injected at present ?
    Good question, hey ?


    PHP Code:
    $user = $_SESSION["user"];   
          
        $id = $_SESSION["id"];   
        $account_activation_status = $_SESSION["account_activation_status"];   
        $id_video_verification_status = $_SESSION["id_video_verification_status"];   
        $id_video_verification_url = $_SESSION["id_video_verification_url"];   
        $sponsor_username = $_SESSION["sponsor_username"];   
        $recruits_number = $_SESSION["recruits_number"];   
        $on_day_number_on_7_days_wish_list = $_SESSION["on_day_number_on_7_days_wish_list"];   
        $primary_website_domain = $_SESSION["primary_website_domain"];   
        $primary_website_email = $_SESSION["primary_website_email"];   
        $username = $_SESSION["username"];   
        $first_name = $_SESSION["first_name"];   
        $middle_name = $_SESSION["middle_name"];   
        $surname = $_SESSION["surname"];   
        $gender = $_SESSION["gender"];   
        $age_range = $_SESSION["age_range"];   
        $religion = $_SESSION["religion"];   
        $marital_status = $_SESSION["marital_status"];   
        $working_status = $_SESSION["working_status"];   
        $profession = $_SESSION["profession"];   
          
        $recipient_username = $user;  

        ?>   
        <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional/EN">   
        <html>   
        <head>   
          <meta content="text/html; charset=ISO-8859-1"  http-equiv="content-type">   
        <title><?php echo "$user "?>Notices in <?php echo "$server_time ";?> time.</title> 
        </head>   
        <body>   
        <br>   
        <center><span style="font-weight: bold;"><?php echo "$user ";?>Notices in <?php echo "$server_time ";?> time.</span></center>   
        <br>   
        <br>   
          
        <?php     
        
            
    //Get the Page Number, Default is 1 (First Page).      
            
    $page_number $_GET["page_number"];  
            if (
    $page_number == "")  
            {     
               
    $page_number 1;  
            }         

        
    $sender_username "admin123";
        
    $recipient_username "admin123";
        
    $links_per_page 2
        
    $max_result 100
        
    $offset = ($page_number-1)*$links_per_page;
        
    //$offset = ($page_number*$links_per_page)-$links_per_page;
        
    $query_1 "SELECT COUNT(*) as total FROM notices WHERE recipient_username = ? AND sender_username = ?";
        
    $stmt_1 mysqli_prepare($conn$query_1);     
        
    mysqli_stmt_bind_param($stmt_1,'ss',$recipient_username,$sender_username); 
        
    mysqli_stmt_execute($stmt_1);  
        
    $result_1 mysqli_stmt_bind_result($stmt_1,$matching_rows_count); 
        
    mysqli_stmt_fetch($stmt_1);
        
    mysqli_stmt_free_result($stmt_1); 
        
        
    printf(" %d rows found.\n",$matching_rows_count); ?><br><?php 
        $total_pages 
    ceil($matching_rows_count/$links_per_page);     
        
        
    $query_2 "SELECT id,date_and_time,recipient_username,sender_username,notice FROM notices WHERE recipient_username = ? AND sender_username = ? ORDER BY id LIMIT ? OFFSET ?"
        
    $stmt_2 mysqli_prepare($conn$query_2);    
        
    mysqli_stmt_bind_param($stmt_2,'ssii',$recipient_username,$sender_username,$links_per_page,$offset);      
        
    mysqli_stmt_execute($stmt_2);  
        
    $result_2 mysqli_stmt_bind_result($stmt_2,$id,$date_and_time,$recipient_username,$sender_username,$notice);
        
    mysqli_stmt_fetch($stmt_2);    
        
        
    ?>
    Last edited by UniqueIdeaMan; March 31st, 2018 at 05:19 AM.
  10. #6
  11. Wiser? Not exactly.
    Devshed God 2nd Plane (6000 - 6499 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    6,270
    Rep Power
    4193
    But, it has come to my attention this instant that the 1st query ($query_1) does not have it's parameters fed by the user but by the script/programmer. Therefore, I guess I should not be using PREP STMT here atall and so do you suggest I rid the PREP STMT or do you reckon I should I just leave it as it is ?
    There no real reason to not use parameter binding. While it's not necessary for safe non-user input, it doesn't hurt either. I generally use bound parameters for everything just to be consistent, it's not worth my time to think about whether some variable is safe or not and could be used directly vs needing to be bound, just bind everything.


    Another question, if I use PREP STMT on a query that have parameters that are not user inputs but variables from $_SESSIONs or $_COOKIEs
    $_COOKIE is user input.
    $_SESSION may or may not be user input, depending on the original source of the data.
    Recycle your old CD's



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Originally Posted by kicken
    There no real reason to not use parameter binding. While it's not necessary for safe non-user input, it doesn't hurt either. I generally use bound parameters for everything just to be consistent, it's not worth my time to think about whether some variable is safe or not and could be used directly vs needing to be bound, just bind everything.



    $_COOKIE is user input.
    $_SESSION may or may not be user input, depending on the original source of the data.
    Thanks Kicken! I might aswell leave things as they are (keep the binding_result even if there are no binding_params).
    I don't know what happened. Either I had edited my original code or I did not but I do now see my code here having parameters:
    MySql, Php & Prep Stmt

    I was asked by Barand why I am using a prepared statement for a query that has no parameters?:
    http://forums.devshed.com/php-develo...ml#post2984298
    He is referring to this query:
    PHP Code:
    $result mysqli_query($conn$sql
    But, throughout my thread I now do not see this query in any of my codes:
    MySql, Php & Prep Stmt
    Anyway, all the questions now about whether I should use PREP STMTS on queries that are not user inputs but programmer or cookie or session inputs arose from that question of Barand.
    Anyway, I am glad he brought this to my attention: That PREP STMTS are not necessary on queries that have no params as I got so much stuck into PREP STMTS that I always now use PREP STMTs and with that habit I was trying to convert this following code (which I grabbed from online somewhere 2yrs back) to convert it to PREP STMT using mysqli where it is not really necessary to do the conversion and so been wasting over a month on it for nothing. Been trying for over a month and coming across lots of obstacles and learning a lot of things from you guys on the way such as to use Count(*) over mysqli_num_rows or mysqli_stmt_num_rows if I just want the row count without the row data and learnt a few more things on the bumpy way and so been a little worth it all that time wasting. I can now call it "time spent a little too much" over "time wasted all for nothing".
    PHP Code:
    <?php 

    //Required PHP Files. 
    include 'config.php'
    include 
    'header.php'

    //Check if User is already logged-in or not. Get the login_check() FUNCTION to check. 
    if (login_check() === FALSE

        
    //Redirect User to Log-in Page after 2 secs. 
        
    header("refresh:2; url=login.php"); 
        exit(); 

    else 

        
    //Grab User details from Session Variables and echo them. 
        
    $user $_SESSION["user"]; 
        
        
    $id $_SESSION["id"]; 
        
    $account_activation_status $_SESSION["account_activation_status"]; 
        
    $id_video_verification_status $_SESSION["id_video_verification_status"]; 
        
    $id_video_verification_url $_SESSION["id_video_verification_url"]; 
        
    $sponsor_username $_SESSION["sponsor_username"]; 
        
    $recruits_number $_SESSION["recruits_number"]; 
        
    $on_day_number_on_7_days_wish_list $_SESSION["on_day_number_on_7_days_wish_list"]; 
        
    $primary_website_domain $_SESSION["primary_website_domain"]; 
        
    $primary_website_email $_SESSION["primary_website_email"]; 
        
    $username $_SESSION["username"]; 
        
    $first_name $_SESSION["first_name"]; 
        
    $middle_name $_SESSION["middle_name"]; 
        
    $surname $_SESSION["surname"]; 
        
    $gender $_SESSION["gender"]; 
        
    $date_of_birth $_SESSION["date_of_birth"]; 
        
    $age_range $_SESSION["age_range"]; 
        
    $religion $_SESSION["religion"]; 
        
    $marital_status $_SESSION["marital_status"]; 
        
    $working_status $_SESSION["working_status"]; 
        
    $profession $_SESSION["profession"]; 
        
    $home_city $_SESSION["home_city"]; 
        
    $home_country $_SESSION["home_country"]; 
        
    ?> 
        <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional/EN"> 
        <html> 
        <head> 
        <meta content="text/html; charset=ISO-8859-1"  http-equiv="content-type"> 
        <title><?php echo $site_name?> User's Browsing Histories in <?php echo $server_time?> time.</title> 
        </head> 
        <body> 
        <br> 
        <center><span style="font-weight: bold;"><?php echo $site_name?> User's Browsing Histories in <?php echo $server_time?> time.</span></center> 
        <br> 
        <br> 
        <?php 
        
    //Connect to Mysql Server. 

        //Get Data from Table "browsing_histories". 
        
    $sql "SELECT * FROM browsing_histories"
        
    $result mysqli_query($conn,$sql); 
        
    //Total Number of Records 
        
    $rows_num mysqli_num_rows($result); 
        
    //Total Number of Pages Records to spread-over. 
        
    $page_count 10
        
    $page_size ceil($rows_num $page_count); 
        
    //Get the Page Number, Default is 1 (First Page). 
        
    $page_number $_GET["page_number"]; 
        if (
    $page_number == ""$page_number 1
            
    $offset = ($page_number -1) * $page_size
            
            
    $sql .= " limit {$offset},{$page_size}"
            
    $result mysqli_query($conn,$sql); 
        
    ?> 
        <table width="1500" border="0" cellpadding="5" cellspacing="2" bgcolor="#666666"> 
        <?php if($rows_num) {?> 
        <tr name="headings"> 
        <td bgcolor="#FFFFFF" name="column-heading_submission-number">Submission Number</td> 
        <td bgcolor="#FFFFFF" name="column-heading_browsed-page">Browsed Page</td> 
        <td bgcolor="#FFFFFF" name="column-heading_logging-server-date-&-time">Date & Time in <?php echo $server_time?></td> 
        <td bgcolor="#FFFFFF" name="column-heading_username">Username</td> 
        <td bgcolor="#FFFFFF" name="column-heading_username">Gender</td> 
        <td bgcolor="#FFFFFF" name="column-heading_username">Age Range</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_religion">Religion</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_education">Education</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_profession">Profession</td> 
        <td bgcolor="#FFFFFF" name="column-heading_working_status">Working Status</td> 
        <td bgcolor="#FFFFFF" name="column-heading_Marital_status">Marital Status</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_town">Home Town</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_borough">Home Borough</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_city">Home City</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_county">Home County</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_region">Home Region</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_state">Home State</td> 
        <td bgcolor="#FFFFFF" name="column-heading_home_country">Home Country</td> 
        <td bgcolor="#FFFFFF" name="column-heading_contact-page">Contact Page</td> 
        </tr> 
        <?php while($row mysqli_fetch_array($result)){ ?> 
        <tr name="user-details"> 
        <td bgcolor="#FFFFFF" name="submission-number"><?php echo $row['id']; ?></td> 
        <td bgcolor="#FFFFFF" name="logging-server-date-&-time"><?php echo $row['date_and_time']; ?></td> 
        <td bgcolor="#FFFFFF" name="browsed-page"><?php echo "<a href='"
                                                              echo 
    $row['browsed_page']; 
                                                              echo 
    "'>"
                                                              echo 
    "Browsed Page</a>"?></td> 
        <td bgcolor="#FFFFFF" name="username"><?php echo $row['username']; ?></td> 
        <td bgcolor="#FFFFFF" name="gender"><?php echo $row['gender']; ?></td> 
        <td bgcolor="#FFFFFF" name="age-range"><?php echo $row['age_range']; ?></td> 
        <td bgcolor="#FFFFFF" name="religion"><?php echo $row['religion']; ?></td> 
        <td bgcolor="#FFFFFF" name="education"><?php echo $row['education']; ?></td> 
        <td bgcolor="#FFFFFF" name="profession"><?php echo $row['profession']; ?></td> 
        <td bgcolor="#FFFFFF" name="working-status"><?php echo $row['working_status']; ?></td> 
        <td bgcolor="#FFFFFF" name="marital-status"><?php echo $row['marital_status']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-town"><?php echo $row['home_town']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-borough"><?php echo $row['home_borough']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-city"><?php echo $row['home_city']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-county"><?php echo $row['home_county']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-region"><?php echo $row['home_region']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-state"><?php echo $row['home_state']; ?></td> 
        <td bgcolor="#FFFFFF" name="home-country"><?php echo $row['home_country']; ?></td> 
        <td bgcolor="#FFFFFF" name="contact-page"><?php echo "<a href='"
                                                              echo 
    $row['contact_page']; 
                                                              echo 
    "'>"
                                                              echo 
    "Contact Page</a>"?></td> 
        </tr> 
        <?php ?> 
        <tr name="pagination"> 
        <td colspan="19" bgcolor="#FFFFFF"> Result Pages: 
        <?php 
            
    if($rows_num <= $page_size
            { 
                echo 
    "Page 1"
            } 
            else 
            { 
                for(
    $i=1;$i<=$page_count;$i++) 
                echo 
    "<a href=\"{$_SERVER['PHP_SELF']}?page_number={$i}\">{$i}</a>  "
            } 
            
    ?> 
        </td> 
        </tr> 
        <?php } else { ?> 
        <tr> 
        <td bgcolor="FFFFFF">No record found! Try another time.</td> 
        </tr> 
        <?php }?> 
        </table> 
        <br> 
        <br> 
        <center><span style="font-weight: bold;"><?php echo $site_name?> Users' Browsing Histories in <?php echo $server_time?> time.</span></center> 
        <br> 
        <br> 
    </div> 
    <br> 
    </body> 
    </html> 
    <?php 

    ?>
    I'm not bothered converting this to PREP STMT unless you say ofcourse that I should because there is a risk of sql injection. From my experience and from the look of your diagram, there is no sql injection risk but you are welcome to correct me if I am wrong.
    Actually Kicken, I did manage to convert that code of someone's to PREP STMT. Look below. I changed the column names and html table column labels here and there:
    PHP Code:
    <?php   

    //Required PHP Files.   
    include 'config.php';   
    include 
    'header.php';   

    //Check if User is already logged-in or not. Get the login_check() FUNCTION to check.   
    if (login_check() === FALSE)   
    {  
        
    //Redirect User to Log-in Page after 2 secs.   
        
    header("refresh:2; url=login.php");   
        exit();   
    }   
    else   
    {   
        
    $user $_SESSION["user"];   
          
        
    $id $_SESSION["id"];   
        
    $account_activation_status $_SESSION["account_activation_status"];   
        
    $id_video_verification_status $_SESSION["id_video_verification_status"];   
        
    $id_video_verification_url $_SESSION["id_video_verification_url"];   
        
    $sponsor_username $_SESSION["sponsor_username"];   
        
    $recruits_number $_SESSION["recruits_number"];   
        
    $on_day_number_on_7_days_wish_list $_SESSION["on_day_number_on_7_days_wish_list"];   
        
    $primary_website_domain $_SESSION["primary_website_domain"];   
        
    $primary_website_email $_SESSION["primary_website_email"];   
        
    $username $_SESSION["username"];   
        
    $first_name $_SESSION["first_name"];   
        
    $middle_name $_SESSION["middle_name"];   
        
    $surname $_SESSION["surname"];   
        
    $gender $_SESSION["gender"];   
        
    $age_range $_SESSION["age_range"];   
        
    $religion $_SESSION["religion"];   
        
    $marital_status $_SESSION["marital_status"];   
        
    $working_status $_SESSION["working_status"];   
        
    $profession $_SESSION["profession"];   
          
        
    $recipient_username $user;  

        
    ?>   
        <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional/EN">   
        <html>   
        <head>   
          <meta content="text/html; charset=ISO-8859-1"  http-equiv="content-type">   
        <title><?php echo "$user "?>Notices in <?php echo "$server_time ";?> time.</title> 
        </head>   
        <body>   
        <br>   
        <center><span style="font-weight: bold;"><?php echo "$user ";?>Notices in <?php echo "$server_time ";?> time.</span></center>   
        <br>   
        <br>   
          
        <?php     
        
            
    //Get the Page Number, Default is 1 (First Page).      
            
    $page_number $_GET["page_number"];  
            if (
    $page_number == "")  
            {     
               
    $page_number 1;  
            }         

        
    $sender_username "admin123";
        
    $recipient_username "admin123";
        
    $links_per_page 2
        
    $max_result 100
        
    $offset = ($page_number-1)*$links_per_page;
        
    //$offset = ($page_number*$links_per_page)-$links_per_page;
        
    $query_1 "SELECT COUNT(*) as total FROM notices WHERE recipient_username = ? AND sender_username = ?";
        
    $stmt_1 mysqli_prepare($conn$query_1);     
        
    mysqli_stmt_bind_param($stmt_1,'ss',$recipient_username,$sender_username); 
        
    mysqli_stmt_execute($stmt_1);  
        
    $result_1 mysqli_stmt_bind_result($stmt_1,$matching_rows_count); 
        
    mysqli_stmt_fetch($stmt_1);
        
    mysqli_stmt_free_result($stmt_1); 
        
        
    printf(" %d rows found.\n",$matching_rows_count); ?><br><?php 
        $total_pages 
    ceil($matching_rows_count/$links_per_page);     
        
        
    $query_2 "SELECT id,date_and_time,recipient_username,sender_username,notice FROM notices WHERE recipient_username = ? AND sender_username = ? ORDER BY id LIMIT ? OFFSET ?"
        
    $stmt_2 mysqli_prepare($conn$query_2);    
        
    mysqli_stmt_bind_param($stmt_2,'ssii',$recipient_username,$sender_username,$links_per_page,$offset);      
        
    mysqli_stmt_execute($stmt_2);  
        
    $result_2 mysqli_stmt_bind_result($stmt_2,$id,$date_and_time,$recipient_username,$sender_username,$notice);
        
    mysqli_stmt_fetch($stmt_2);    
        
        
    ?> 
        <table width="1500" border="0" cellpadding="5" cellspacing="2" bgcolor="#666666"> 
        
        <?php if(!$stmt_2)  
        {  
            
    ?>  
            <tr>  
            <td bgcolor="FFFFFF">No record found! Try another time.</td>  
            </tr>  
            <?php  
        

        else 
        { 
            if((
    $offset+1)<=$max_result)             
            {  
            
    ?>  
            
            <tr name="headings">  
            <td bgcolor="#FFFFFF" name="column-heading_submission-number">Submission Number</td>  
            <td bgcolor="#FFFFFF" name="column-heading_logging-server-date-&-time">Date & Time in <?php echo $server_time ?></td>  
            <td bgcolor="#FFFFFF" name="column-heading_to">To</td>  
            <td bgcolor="#FFFFFF" name="column-heading_from">From</td>  
            <td bgcolor="#FFFFFF" name="column-heading_notice">Notice</td>  
            </tr>      
            <tr name="user-details">   
                <td bgcolor="#FFFFFF" name="submission-number"><?php printf("%s"$id); ?></td>   
                <td bgcolor="#FFFFFF" name="logging-server-date-and-time"><?php printf("%s"$date_and_time); ?></td>   
                <td bgcolor="#FFFFFF" name="recipient_username"><?php printf("%s"$recipient_username); ?></td>   
                <td bgcolor="#FFFFFF" name="sender_username"><?php printf("%s"$sender_username); ?></td>   
                <td bgcolor="#FFFFFF" name="notice"><?php printf("%s"$notice); ?></td>   
                </tr>         
            <?php 
            
    //Use this technique: http://php.net/manual/en/mysqli-stmt.fetch.php
            
    while(mysqli_stmt_fetch($stmt_2))        
                
    ?>  
                <tr name="user-details">   
                <td bgcolor="#FFFFFF" name="submission-number"><?php printf("%s"$id); ?></td>   
                <td bgcolor="#FFFFFF" name="logging-server-date-and-time"><?php printf("%s"$date_and_time); ?></td>   
                <td bgcolor="#FFFFFF" name="recipient_username"><?php printf("%s"$recipient_username); ?></td>   
                <td bgcolor="#FFFFFF" name="sender_username"><?php printf("%s"$sender_username); ?></td>   
                <td bgcolor="#FFFFFF" name="notice"><?php printf("%s"$notice); ?></td>   
                </tr> 
                <?php  
                ?>
     
                <tr name="pagination">  
                <td colspan="10" bgcolor="#FFFFFF"> Result Pages:  
                <?php  
                 
                
    if($page_number $total_pages)  
                {  
                    for(
    $i=1;$i<=$total_pages;$i++) //Show Page Numbers in Serial Order. Eg. 1,2,3.
                    
    echo "<a href=\"{$_SERVER['PHP_SELF']}?user=$user&page_number={$i}\">{$i}</a>  "
                }  
                else  
                {  
                    for(
    $i=$total_pages;$i>=1;$i--) //Show Page Numbers in Reverse Order. Eg. 3,2,1. 
                    
    echo "<a href=\"{$_SERVER['PHP_SELF']}?user=$user&page_number={$i}\">{$i}</a>  "
                }               
                
    ?>  
                </td>  
                </tr>  
                <?php  
        
    }
    }    
    ?>  
        </table>  
        <br>  
        <br>  
        <center><span style="font-weight: bold;"><?php echo "$site_name $user "?>User's Notices in <?php echo "$server_time "?> time.</span></center> 
        <br>  
        <br>  
    </div>  
    <br>  
    </body>  
    </html>  
    <?php  

    //Free Result Set  
    mysqli_stmt_free_result($stmt_2);  

    //Close Database Connection  
    mysqli_stmt_close($stmt_2); 

    mysqli_close($conn); 
    }  

    ?>
    What do you think ? I did well on the conversion, right ? Even though a bit too slow. Took me over 4wks to come to this point coming across lot of obstacles.
    Last edited by UniqueIdeaMan; March 31st, 2018 at 06:02 AM.
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    No! Not this post!
    Check the post just above it!
    Last edited by UniqueIdeaMan; April 2nd, 2018 at 04:12 AM.
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2017
    Posts
    845
    Rep Power
    0
    Anyone else can answer what I asked Kicken above.
    Last edited by UniqueIdeaMan; April 2nd, 2018 at 04:19 AM.

IMN logo majestic logo threadwatch logo seochat tools logo