0

So this is how my table looks like:

<div class="container">
    <div class="wrapper">
        <table class="agenda">
            <thead>
                <tr>
                    <th></th>
                    <th>Name</th>
                    <th>Amount</th>
               </tr>
               </thead>
               <tbody>
                   
                   <?php // SELECT ident,COUNT(*) FROM sales GROUP BY ident 
                   
                   foreach($link->query('SELECT ident,COUNT(*) FROM sales GROUP BY ident ASC') as $row) {
                       echo "<tr>";
                       echo "<td>img here</td>";
                       
                       $sql = "SELECT * FROM users WHERE ident='{$row['ident']}'";
                       $resultt = $link->query($sql);
                       if ($resultt->num_rows > 0) {
                           while($roww = $resultt->fetch_assoc()) {
                               
                               echo "<td>" . $roww['fullname'] . "</td>";
                           }
                       }
                       echo "<td>" . $row['COUNT(*)'] . "</td>";
                       echo "</tr>";
                   }
                   ?>
               </tbody>
           </table>
       </div>
   </div>

I am going to limit the query rows to 3 rows only, to display first, second and third place. On the foreach($link->query('SELECT ident,COUNT(*) FROM sales GROUP BY ident ASC') as $row) {. How can I do a check like if $row == 1, if $row == 2 or if $row == 3?

Dharman
  • 30,962
  • 25
  • 85
  • 135
Camilla
  • 1
  • 1
  • 1
    Add a counter and increase it on each iteration. Also `LIMIT 3` will reduce amount of receiced data. – u_mulder Aug 10 '20 at 11:26
  • 2
    **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Aug 10 '20 at 11:29
  • Why do you have `foreach` in one place and `while` in the other. Why don't you stick to using `foreach` always? – Dharman Aug 10 '20 at 11:30
  • 1
    What is the problem with `SELECT ident,COUNT(*) FROM sales GROUP BY ident ASC LIMIT 3` or add a counter just below the foreach loop ? You will get more performance by using `LIMIT` instead of counter variables – Abhishek Kamal Aug 10 '20 at 11:35
  • @Dharman Insted of copy/pasting that message about SQLi, why don't mention where I am open to SQLi? – Camilla Aug 10 '20 at 11:36
  • Here `ident='{$row['ident']}'` – Dharman Aug 10 '20 at 11:37
  • @Dharman I don't think they are actually vulnerable there, that value is pulled directly from the database with no way for the user to interact. Although, it depends how `indent` is submitted into the database in the first place. – GrumpyCrouton Aug 10 '20 at 11:39
  • @GrumpyCrouton I have just commented as for testing purpose to give some advice to OP. – Abhishek Kamal Aug 10 '20 at 11:40
  • @AbhishekKamal Yes I pinged the wrong person, my bad. It's been a long morning already ;) – GrumpyCrouton Aug 10 '20 at 11:41
  • @GrumpyCrouton Where the value comes from doesn't matter. You can't inject PHP variables into SQL string like this. You should always parameterize. – Dharman Aug 10 '20 at 11:44
  • @GrumpyCrouton Ok no problem ;) , most of the developers first learn PHP or any backed language then they move to **security techniques**. – Abhishek Kamal Aug 10 '20 at 11:44
  • @AbhishekKamal I know haha – GrumpyCrouton Aug 10 '20 at 11:46
  • @Dharman I agree that you should always parameterize, regardless of actual risk, but I'm just saying that I don't think they are necessarily vulnerable to normal injection in this case. – GrumpyCrouton Aug 10 '20 at 11:47

1 Answers1

1

in your sql you can use LIMIT keyword like below:

$sql = "SELECT * FROM users WHERE ident='{$row['ident']}' LIMIT 3";
zeroroot
  • 99
  • 4