2

So I installed this jackpot script with a layout and everything and within the jackpot script there was a set.php file which I tried to set up, it looked like this:

<?php
$sitename = "csgoxd.net";
$link = @mysql_connect("localhost:3306", "csgoxdne", "thisisasecretpassword");
$db_selected = mysql_select_db('csgoxdne_csgoxddb', $link);
mysql_query("SET NAMES utf8");

function fetchinfo($rowname,$tablename,$finder,$findervalue) {
    if($finder == "1") $result = mysql_query("SELECT $rowname FROM $tablename");
    else $result = mysql_query("SELECT $rowname FROM $tablename WHERE `$finder`='$findervalue'") or die (mysql_error());
    $row = mysql_fetch_assoc($result);
    return $row[$rowname];
}
?>

So I'm new when it comes to coding in general (I know some basic stuff but that's it) so basically I'm not sure if I'm supposed to fill out more of this file because I get this error on my website.

"Table 'csgoxdne_csgoxddb.info' doesn't exist"

I'm new to this and I'm trying to learn so help is much appreciated.

Matias K.
  • 37
  • 10
  • 1
    I'd suggest you delete this script and move on. `mysql_*()` functions are officially deprecated and removed from PHP, and that code is horribly written. it simply assumes success, it's vulnerable to [sql injection attacks](http://bobby-tables.com), and it's using `@` error suppression, which is the (childish) coding equivalent of stuffing your fingers in your ears and going "lalalalala can't hear you". – Marc B Apr 20 '16 at 18:15
  • So there is no other solution to this? – Matias K. Apr 20 '16 at 18:18
  • well, the solution is to figure out why your `info` table doesn't exist, but that won't fix the fact that this script is crap. – Marc B Apr 20 '16 at 18:19
  • Yeah, I just found this script in a desperate search on Google as I can't code CS:GO Jackpot scripts myself, I have so little knowledge in scripts. But where do I start trying to find out why my table doesn't exist? I have no time in trying to learn how to create a script. – Matias K. Apr 20 '16 at 18:21

1 Answers1

0

You should use MySQLi to make use of its advantages it offers over MySQL. You can see more here.

The script you have isn't all too bad, but it does need some tweaking. It's vulnerable to injection like Marc B said. I'm going to assume that csgoxdne_csgoxddb is your table name.

Try this:

<?php
    $mysqli = new mysqli("localhost:3306", "csgoxdne", "thisisasecretpassword");
    if (mysqli -> error){ print ("Error connecting! Message: ".$mysqli->error); }
    mysqli_set_charset($mysqli, 'utf8');
   
    function fetchinfo($rowname, $tablename, $finder, $findervalue) {
    if ($finder == "1") {
        $query = "SELECT * FROM $tablename WHERE rowname = '$rowname'";
        $result = mysqli_query($mysqli, $query);
    } else {
        $query = "SELECT * FROM $tablename WHERE `$finder`='$findervalue'";
        if (!$query) {
            die('Invalid query: ' . $mysqli->error);
        }
        $result = mysqli_query($mysqli, $query);
    }
    return $result;
}
?>

Oh and make sure the port number on your localhost is correct.

Also to go through the values of result you can use:

if (mysqli_num_rows($result) > 0) {
  while ($row = mysqli_fetch_array($result)) {
    #do things
  }
}
Martin54
  • 1,349
  • 2
  • 13
  • 34
Enigma
  • 373
  • 2
  • 10
  • Thanks for the answer! Tried this and seems like I get another error: **Parse error: syntax error, unexpected '->' (T_OBJECT_OPERATOR) in /home/csgoxdne/public_html/set.php on line 3** Line 3: if (mysqli -> error){ print ("Error connecting! Message: ".$mysqli->error); } – Matias K. Apr 20 '16 at 19:47
  • Try typing it out and not copying and pasting, you might be getting an invisible character in there somewhere making it error out. – Enigma Apr 21 '16 at 02:52