Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

How To Include Sql Query Using Php In Cs-Cart Page And Display In Data In A Table Rate Topic   - - - - -

 
  • osama moqbal
  • Advanced Member
  • Members
  • Join Date: 10-Jun 18
  • 73 posts

Posted 07 December 2018 - 07:40 PM #1

I create new PHP page to retrieve data from a database, but I want to include the PHP query code in the cs-cart page.  and does my code not secure for a hacker to the database.

 

here is my code {

<html>
<meta name="viewport" content="width=device-width">
<style>
#customers {
  font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
  border-collapse: collapse;
  width: 100%;
}
 
#customers td, #customers th {
  border: 1px solid #ddd;
  padding: 8px;
}
 
#customers tr:nth-child(even){background-color: #f2f2f2;}
 
#customers tr:hover {background-color: #ddd;}
 
#customers th {
  padding-top: 12px;
  padding-bottom: 12px;
  text-align: left;
  background-color: #4CAF50;
  color: white;
}
input[type=submit] {
  width: 250px;
  background-color: #4CAF50;
  color: white;
  padding: 14px 20px;
  margin: 8px 0;
  border: none;
  border-radius: 4px;
   margin-left: 20px;
  cursor: pointer;
}
input[type=text] {
  width: 200px%;
  padding: 12px 20px;
  margin: 8px 0;
  display: inline-block;
  border: 1px solid #ccc;
  border-radius: 4px;
  box-sizing: border-box;
}
</style>
<body>
<table id="customers">
<tr>
<th>firstname</th>
<th>lastname</th>
</tr>
<?php
 
if ($_SERVER["REQUEST_METHOD"] == "POST"){
 
$id =$_POST["id"];
$conn = new mysqli($localhost, "username", "pass", "sdb_name");
$id = $_POST["id"];
 
$sql = "SELECT `firstname` , `lastname` FROM `cscart_users` WHERE user_id = $id";
 
$result= mysqli_query($conn , $sql);
if ($result->num_rows > 0)  {
while ($row= mysqli_fetch_array($result)){
 
echo  "</td><td>". $row["firstname"] ."</td><td>". $row["lastname"] ."</td></tr>";
    }
}
}
 
?>
 
     <form method="post" action="file.php">
      please enter user_id:<input type="text" name="id">
     <input type="submit" name="submit" value="submit">
     </form>
   
 
</table>
 
}


 
  • soft-solid
  • Junior Member
  • Members
  • Join Date: 19-Apr 10
  • 556 posts

Posted 16 December 2018 - 09:30 PM #2

Hello.
This in not good idea.
You should using MVC model without phpcode in html.
Use "assign" and call your own function e.g.
 

{assign var="your_variable" value=$your_params_func|fn_your_function}

 
Best regards
Robert


Team of SoftSolid
cs-cart.pl

 
  • eComLabs
  • CS-Cart Expert
  • Authorized Reseller
  • Join Date: 27-Jan 14
  • 18673 posts

Posted 17 December 2018 - 05:38 AM #3

Please pay attention to adminer script

 

https://www.adminer.org/


GET A FREE QUOTE | CS-Cart Add-ons | CS-Cart Licenses | CS-Cart Development | CS-Cart Design | Server Configuration | UniTheme and YOUPI
CS-Cart                USD 345     Multi-Vendor              USD 1250    CS-Cart RU                         24500 руб.
CS-Cart Ultimate  USD 775     CS-Cart + YOUPI      USD 545      CS-Cart RU + UniTheme    36000 руб.