Thread: Banner rotator...
View Single Post
Old 11-16-2010, 05:26 PM  
sarettah
see you later, I'm gone
 
Industry Role:
Join Date: Oct 2002
Posts: 14,102
Fuck. When I was sanitizing the code I some how killed a couple of things.

Need a select to the database, or in the sql the database could be specified.

Also there are a couple of other things that should be in there to protect it a touch.

Sorry about that.

a better version of the actual script portion:

Code:
// pass ins
// Type  sc=softcore, hc=hardcore
// mxw maximum width in pixels
// mxh maximum height in pixels
// mnw minimum width in pixels
// mnh minimum height in pixels
function getad($type, $mxw, $mxh, $mnw, $mnh)
{
  // default to softcore if not provided or if invalid
  if($type<>'sc' && $type<>'hc')
  {
    $type='sc';
  }
  
  // check for numeric values in banner dimensions
  // protects against sql injection too
  if(is_numeric($mxw) && is_numeric($mxh) && is_numeric($mnw) && is_numeric($mnh))
  {
    // connection could be a pass in
    // doing it here is for stand alone
    // usually would be in an included function
     
    $adbhost = "localhost";
    $adbuser = "dbusername";
    $adbpass = "dbpassword";
    $adbname = "dbname";
    $adb = mysql_connect($adbhost, $adbuser, $adbpass);
    if($adb)
    {
      // select to the database
      mysql_select_db($adbname,$adb);
      
      // sql to pull the banner
      $sql_str="select a.id, a.name, c.name as sitename, a.height, a.width, b.link ";
      $sql_str .="from banners a ";
      $sql_str .="inner join links b on a.site=b.site ";
      $sql_str .="inner join sites c on a.site=c.id ";
      $sql_str .="where a.type='" . $type . "' ";
      $sql_str .="and a.width<=" . $mxw . " and a.height<=" . $mxh . " and ";
      $sql_str .="a.width>=" . $mnw . " and a.height>=" . $mnh . " ";
      $sql_str .="order by a.last_used limit 1";
      $result=mysql_query($sql_str,$adb);
      if(!$result)
      {
        //echo "sql prob sql=" . $sql_str . "<br>\n";
      }
      else
      {
        //only attempt to present the banner if evrything went ok 
        if(mysql_num_rows($result)>0)
        {
          $banner=mysql_fetch_array($result);
          echo "<a href=" . $banner['link'] . " target=_blank>";
          echo "<img src=http://www.yourdomainname.com/images/" . $banner['name'] . " border=0" . ' alt="' . $banner['sitename'] . '">';
          echo "</a>";     
          $sql_str="update banners set last_used=now() where id=" . $banner['id'];
          $result=mysql_query($sql_str,$adb);
        }
        else
        {
          // could do a default banner here
        }
      }
    }
  }
}
__________________
All cookies cleared!
sarettah is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote