В този код има SQLI уязвимост, айде да ви видиме как ще го оправите
PHP:
<?php
define('IN_VALID', true);
include ('conf.php');
//$ns - номер страница
//$br - брой страница
//$one - първа
//$sl - следваща
//$pl - последна
//$pr - предишна
$br = 15;
$pageNum = 1;
if(isset($_GET['page'])) {
$pageNum = $_GET['page'];
}
$redove = ($pageNum - 1) * $br;
$result = mysql_query("SELECT * FROM `chatbox` ORDER BY id DESC LIMIT $redove, $br")or die(mysql_error());
while($row = mysql_fetch_array($result)) {
$id = $row['id'];
$nick = $row['nick'];
$message = $row['message'];
$date = date('Y-m-d');
echo '<table border="0" style="width: 100%" class="backbox"><tr><td><b><img src="chat/chat.png" alt="" /> [' . $row[2] . ']</b> <a href="forum/member/'.$nick.'" title="виж профила на '.$nick.'">' . $nick . '</a>: ' . $message . '</td></tr></table>';
}
$query = mysql_query("SELECT COUNT(id) AS numrows FROM chatbox") or die(mysql_error());
$row = mysql_fetch_array($query, MYSQL_ASSOC);
$numrows = $row['numrows'];
$maxPage = ceil($numrows/$br);
$ns = 'Страници: ';
for($page = 1; $page <= $maxPage; $page++) {
if ($page == $pageNum) {
$ns .= " <a class=\"typ1noh\" style=\"color: #ffffff\">$page</a> ";
}
else {
$ns .= "<a class=\"typ1\" href=\"?a=ranking&page=$page\">$page</a> ";
}}
if ($pageNum > 1) {
$page = $pageNum - 1;
$pr = " <a href=\"?a=ranking&page=$page\"></a> ";
$one = " <a href=\"?a=ranking&page=1\"></a> ";
}
else {
$pr = ' ';
$one = ' ';
}
if ($pageNum < $maxPage) {
$page = $pageNum + 1;
$sl = (" <a href=\"?a=ranking&page=$page\"></a> ");
$pl = (" <a href=\"?a=ranking&page=$maxPage\"></a> ");
}
else {
$sl = '';
$pl = '';
}
echo $one . $pr . $ns . $sl . $pl;
?>