1) I have the below (include) to display random records from my db(phprealty) with two union tables (phprealty_propert + phprealty_prop_img). The code is working without any problems. However, when I set the limit to 3, I get 2 records and that’s why I set the limit to 4 so I get 3 records. Shall I leave it as is?
2) Since i am new to PHP, do you think this code is vulnerable thus needs some kind of protection? if so, please advise what to do to protect the webpage when using PHP to display data.
Thank you in advance.
<?php
$pid = 3;
$myConnection = new mysqli("localhost", "root", "", "phprealty");
$sqlCommand = "SELECT phprealty_property.*, phprealty_prop_img.p_id, phprealty_prop_img.fn FROM phprealty_property INNER JOIN phprealty_prop_img ON phprealty_property.id = phprealty_prop_img.p_id WHERE phprealty_prop_img.def='1' AND phprealty_property.type = $pid";
$query = mysqli_query($myConnection, $sqlCommand) or die (mysqli_error());
$sqlCommand .= " ORDER BY RAND() LIMIT 0,4";
$result = mysqli_query($myConnection, $sqlCommand);
$Displayproperty = '';
$row = mysqli_fetch_array($result);
$id = $row["id"];
$title = $row["title"];
while ($row2 = mysqli_fetch_array($result)){
$img = $row2["fn"];
$thumb = 'th_' . $img;
$Displayproperty .= '
<div class="random">
<a href="display.php?id=' . $id . '"><img src="../falcon/listImgs/' . $thumb . '" /> </a></div>';
}
Just delete
then change these two lines
into
and put both lines after while statement.
In your code right now, display.php will be showing always the same code, because $id does not change.
Is your code working properly? First parameter on mysqli_query should be $sqlCommand, not $myConnection.
If you can, try to not use root/empty_password on Mysql.
Hope it helps,