$query = 'SELECT * FROM table1 WHERE id = '.intval($id). ' LIMIT 1 ;'; // execute query $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); // see if any rows were returned if (mysql_num_rows($result) > 0) { $row = mysql_fetch_row($result); { echo '<table width="100%" border="0" cellspacing="0" cellpadding="0" class="itemdetails"> <tr> <td width="1100" height="350" bgcolor="#FFFFFF" class="tento"> <table class="cafe"><tr><td width="547"> <a href="#"><h3 align="justify" style="position:relative; height:5px; top: 10px;">',$row[2] ,'</h3></a> </td>'; echo'<tr>'; echo'<td height="4">'; $sql="SELECT rating, COUNT(rating) as total FROM rating WHERE (item_name='$shoename') GROUP BY rating"; $result=mysql_query($sql); $number = array( "one","two","three","four","five"); $total = array_fill(1, 5, 0); if (mysql_num_rows($result) >=0) { while ($row= mysql_fetch_assoc($result)) { $total[$row['rating']]= $row['total']; } foreach($number as $K =>$num) { echo'<table style="font-size:10; position:relative; left:26px;">'; echo '<td width="42"><h3>'.($K+1).' Star</h3></td> <td width="15"><ul class="rating '.$num.'star"> <li class="one">1</li> <li class="two">2</li> <li class="three">3</li> <li class="four">4</li> <li class="five">5</li> <li class="total">['.$total[$K+1].']</li> </ul></td></table>'; } } echo'</td>'; echo'</tr>'; echo'<td width="321" rowspan="10"></td> <tr> <td height="4" colspan="2"><img src="../images/line..gif" alt="df" width="330" height="7" /></td> </tr> <tr> <td width="400" height="52" class="foro"><img src="../images/itemspecifications.gif" alt="tr" /></td> </tr> <td width="400" height="4" style="font-size:11;"><ul> <li>'.$row[3] .'</li> </ul></td> <tr> <td width="400" height="4" style="font-size:11;"><ul> <li>',$row[4] ,'</li> </ul></td> </table>'; PHP: The script above uses two sql injection. The first injection uses Index [2], [3], [4] and it work good it load the information but it only display the information found in the index [2] but not [3] and [4] to the browser, Check that indexes [3] and [4] are coded after the second Slq injection . I want to display index [3] and [4] field found in the first sql injection of table1 at the top. But indexes [3] and [4] doesn't display in the browser as I said before, I guess because php is getting confused and doesn't know if I am trying to use the indexes in the first SQL injection or second SQL injection. Can anybody help me to specify to php that the indexes I want to display information from are indexes found in the first SQL injection. not of the second injection.
$query = 'SELECT * FROM table1 WHERE id = '. mysql_real_escape_string($id). ' LIMIT 1 ;'; // execute query $result = mysql_query($query) or die ("Error in query: NUMBER 1"); // see if any rows were returned if (mysql_num_rows($result) > 0) { $row = mysql_fetch_row($result); echo '<table width="100%" border="0" cellspacing="0" cellpadding="0" class="itemdetails"> <tr> <td width="1100" height="350" bgcolor="#FFFFFF" class="tento"> <table class="cafe"><tr><td width="547"> <a href="#"><h3 align="justify" style="position:relative; height:5px; top: 10px;">' . $row[2] . '</h3></a> </td>'; echo '<tr>'; echo '<td height="4">'; $sql = "SELECT rating, COUNT(rating) as total FROM rating WHERE (item_name='" . mysql_real_escape_string($shoename) . "') GROUP BY rating"; $result = mysql_query($sql); $number = array( "one","two","three","four","five"); $total = array_fill(1, 5, 0); if (mysql_num_rows($result) >=0) { while ($row= mysql_fetch_assoc($result)) { $total[$row['rating']]= $row['total']; } foreach($number as $K =>$num) { echo'<table style="font-size:10; position:relative; left:26px;">'; echo '<td width="42"><h3>'.($K+1).' Star</h3></td> <td width="15"><ul class="rating '.$num.'star"> <li class="one">1</li> <li class="two">2</li> <li class="three">3</li> <li class="four">4</li> <li class="five">5</li> <li class="total">['.$total[$K+1].']</li> </ul></td></table>'; } } echo'</td>'; echo'</tr>'; echo'<td width="321" rowspan="10"></td> <tr> <td height="4" colspan="2"><img src="../images/line..gif" alt="df" width="330" height="7" /></td> </tr> <tr> <td width="400" height="52" class="foro"><img src="../images/itemspecifications.gif" alt="tr" /></td> </tr> <td width="400" height="4" style="font-size:11;"><ul> <li>' . $row[3] .'</li> </ul></td> <tr> <td width="400" height="4" style="font-size:11;"><ul> <li>' . $row[4] . '</li> </ul></td> </table>'; Code (markup): for injection use mysql_real_escape_string and use DOT (.) for variables and not COMMA (,) Hope this piece will help! BTW start formatting your codes, as i did; its more easy to read for others!