Говнокод

Нашли или выдавили из себя код, который нельзя назвать нормальным, на который без улыбки не взглянешь? Не торопитесь его удалять или рефакторить, — запостите его на говнокод.ру, посмеёмся вместе!

mysql_real_escape_string / Говнокод #24273

0

"SELECT " +
                    "2 AS recType," +
                    "1 AS cnt," +
                    "''  AS vndName," +
                    "'' AS catName," +
                    "off.orderBy1S AS orderBy1S," +
                    "off._id AS _id," +
                    "off.vendorCode AS vendorCode," +
                    "off.price AS price," +
                    "off.currencyId AS currencyId," +
                    "off.thumbnail AS thumbnail," +
                    "off.name AS name," +
                    "IFNULL(crt.quantity,0) AS quantityItem," +
                    "off.queryRest AS queryRest," +
                    "off.valueRest AS valueRest," +
                    "off.lastChangedRest AS lastChangedRest," +
                    "off.price_uah_ir AS price_uah_ir," +
                    "IFNULL(vlt.[rate],0) AS rate " + //валютный курс для currencyId товара
                    "FROM tOffer AS off " +
                    "LEFT JOIN tCart AS crt ON off.vendorCode=crt.offerId " +
                    "LEFT JOIN tCurrency AS vlt ON off.currencyId=vlt.valute " +

                    "WHERE  off.vendorName='" + BRAND_NAME + "' AND off.categoryId=" + CATEGORY_ID + " AND  (off.name LIKE " + nameFilter + ") " +
                    "UNION " +
                    "SELECT " +
                    "1," +
                    "COUNT(*)," +
                    "MAX(vnd.name)," +
                    "IFNULL(cat.name,'')," +
                    "0," +
                    "0," +
                    "0," +
                    "0," +
                    "''," +
                    "''," +
                    "vnd.name," +
                    "0," +
                    "0," +
                    "''," +
                    "''," +
                    "0," +
                    "0 " +
                    "FROM tOffer AS off " +
                    "LEFT JOIN tVendor AS vnd ON off.vendorName=vnd.name " +
                    "INNER JOIN tCategory AS cat ON off.categoryId=cat._id " +
                    "WHERE  off.vendorName='" + BRAND_NAME + "' AND off.categoryId=" + CATEGORY_ID + " AND  (off.name LIKE " + nameFilter + ") " +
                    "GROUP BY vnd.name HAVING COUNT(*)>0 " +
                    "UNION " +
                    "SELECT " +
                    "3," +
                    "COUNT(*)," +
                    "MAX('Другой товар')," +
                    "''," +
                    "0," +
                    "0," +
                    "0," +
                    "0," +
                    "''," +
                    "''," +
                    "'Другой товар'," +
                    "0," +
                    "0," +
                    "''," +
                    "''," +
                    "0," +
                    "0 " +
                    "FROM tOffer AS off " +
                    "WHERE  off.vendorName<>'" + BRAND_NAME + "' AND  (off.name LIKE " + nameFilter + ") " +
                    "GROUP BY 'Другой товар' HAVING COUNT(*)>0 " +
                    "UNION " +
                    "SELECT " +
                    "4," +
                    "1," +
                    "''," +
                    "''," +
                    "off.orderBy1S," +
                    "off._id," +
                    "off.vendorCode," +
                    "off.price," +
                    "off.currencyId," +
                    "off.thumbnail," +
                    "off.name," +
                    "IFNULL(crt.quantity,0)," +
                    "off.queryRest," +
                    "off.valueRest," +
                    "off.lastChangedRest," +
                    "off.price_uah_ir," +
                    "IFNULL(vlt.[rate],0) " + //валютный курс для currencyId товара
                    "FROM tOffer AS off " +
                    "LEFT JOIN tCart AS crt ON off.vendorCode=crt.offerId " +
                    "LEFT JOIN tCurrency AS vlt ON off.currencyId=vlt.valute " +
                    "WHERE  off.vendorName<>'" + BRAND_NAME + "' AND  (off.name LIKE " + nameFilter + ") " +
                    "ORDER BY  recType,orderBy1S ";

Комменты говорят, что это поиск по бренду и названию

Запостил: makesense, 16.05.2018 (Updated 16.05.2018)

Комментарии (5) RSS

Alexander 8 лет ago # 0

Отыскал по бренду и названию твой анус, и совершил с тобой сношение.
Ответить
roskomgovno 8 лет ago # 0

это поиск по SQL инъекции если бренд называется "O'Nil"
Ответить
- Alexander 8 лет ago # 0 ⇈
  
  Сделал SQL-инъекцию в твой зад, проверь.
  Ответить
lal3 8 лет ago # 0

PHP
Ответить
- guest 8 лет ago # 0 ⇈
  
  Что "PHP"?
  Ответить

Добавить комментарий Отменить ответ

Помни, guest, за тобой могут следить!

А не использовать ли нам bbcode?

↑

8

↓