PHP pagination and products view script SQL injection

Question

This a script on my website and a friend told me that it has a lot of exploits and SQL injections and it's not fully secured and I don't know exactly how to configure it

                    while ($row = mysql_fetch_array($q)){
                    $product_desc = $row['ProductDesc']
                ?>

            <div class="col portfolio-item">
            <div class="item-wrap">
                   <a href="#" data-reveal-id="modal-01"><img src="images/portfolio/<?echo $row['ProductImagesrc']?>" alt=""><center> <? echo $row['ProductTitle']; ?> </center></a>
                   <div class="portfolio-item-meta">
                       <h5><a href="#"><? echo substr($product_desc,0,150).'...'; ?></a></h5>
                   </div>

           </div>
           </div>
           <?php 
                }
                ?>

pagination function : function pagination($query, $per_page = 10,$page = 1, $url = '?'){ $query = "SELECT COUNT(*) asnum` FROM {$query}"; $row = mysql_fetch_array(mysql_query($query)); $total = $row['num']; $adjacents = "2";

    $page = ($page == 0 ? 1 : $page);  
    $start = ($page - 1) * $per_page;                               

    $prev = $page - 1;                          
    $next = $page + 1;
    $lastpage = ceil($total/$per_page);
    $lpm1 = $lastpage - 1;

    $pagination = "";
    if($lastpage > 1)
    {   
        $pagination .= "<ul class='pagination'>";
                $pagination .= "<li class='details'>Page $page of $lastpage</li>";
        if ($lastpage < 7 + ($adjacents * 2))
        {   
            for ($counter = 1; $counter <= $lastpage; $counter++)
            {
                if ($counter == $page)
                    $pagination.= "<li><a class='current'>$counter</a></li>";
                else
                    $pagination.= "<li><a href='{$url}page=$counter'>$counter</a></li>";                    
            }
        }
        elseif($lastpage > 5 + ($adjacents * 2))
        {
            if($page < 1 + ($adjacents * 2))        
            {
                for ($counter = 1; $counter < 4 + ($adjacents * 2); $counter++)
                {
                    if ($counter == $page)
                        $pagination.= "<li><a class='current'>$counter</a></li>";
                    else
                        $pagination.= "<li><a href='{$url}page=$counter'>$counter</a></li>";                    
                }
                $pagination.= "<li class='dot'>...</li>";
                $pagination.= "<li><a href='{$url}page=$lpm1'>$lpm1</a></li>";
                $pagination.= "<li><a href='{$url}page=$lastpage'>$lastpage</a></li>";      
            }
            elseif($lastpage - ($adjacents * 2) > $page && $page > ($adjacents * 2))
            {
                $pagination.= "<li><a href='{$url}page=1'>1</a></li>";
                $pagination.= "<li><a href='{$url}page=2'>2</a></li>";
                $pagination.= "<li class='dot'>...</li>";
                for ($counter = $page - $adjacents; $counter <= $page + $adjacents; $counter++)
                {
                    if ($counter == $page)
                        $pagination.= "<li><a class='current'>$counter</a></li>";
                    else
                        $pagination.= "<li><a href='{$url}page=$counter'>$counter</a></li>";                    
                }
                $pagination.= "<li class='dot'>..</li>";
                $pagination.= "<li><a href='{$url}page=$lpm1'>$lpm1</a></li>";
                $pagination.= "<li><a href='{$url}page=$lastpage'>$lastpage</a></li>";      
            }
            else
            {
                $pagination.= "<li><a href='{$url}page=1'>1</a></li>";
                $pagination.= "<li><a href='{$url}page=2'>2</a></li>";
                $pagination.= "<li class='dot'>..</li>";
                for ($counter = $lastpage - (2 + ($adjacents * 2)); $counter <= $lastpage; $counter++)
                {
                    if ($counter == $page)
                        $pagination.= "<li><a class='current'>$counter</a></li>";
                    else
                        $pagination.= "<li><a href='{$url}page=$counter'>$counter</a></li>";                    
                }
            }
        }

        if ($page < $counter - 1){ 
            $pagination.= "<li><a href='{$url}page=$next'>Next</a></li>";
            $pagination.= "<li><a href='{$url}page=$lastpage'>Last</a></li>";
        }else{
            $pagination.= "<li><a class='current'>Next</a></li>";
            $pagination.= "<li><a class='current'>Last</a></li>";
        }
        $pagination.= "</ul>\n";        
    }


    return $pagination;
} `

possible duplicate of [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Matteo Tassinari, Mar 03 '14 at 19:39

score 0 · Answer 1 · answered Mar 03 '14 at 19:12

0

This thing is ugly:

$query = "SELECT COUNT(*) asnum` FROM {$query}"; 
$row = mysql_fetch_array(mysql_query($query));

You can pass anything to that with you own query.

answered Mar 03 '14 at 19:12

hopsoo

305
1
3

score 0 · Accepted Answer · edited May 23 '17 at 10:27

Here is a link to a guide on how to prevent SQL injection: How can I prevent SQL injection in PHP?

From that same post here is a snippet that would help you to prevent SQL injection to your Query, using mysql_real_escape_string().

$safe_variable = mysql_real_escape_string($_POST["user-input"]);
mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')");

You should also not be using mysql_* functions any more, they are all obsolete and unsafe. You should be using mysqli_* or PDO.

PHP pagination and products view script SQL injection

2 Answers2