Advertisement
Advertisement
| 04.07.2008 at 06:09AM PDT, ID: 23301175 |
|
[x]
Attachment Details
|
||
1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: |
<?php
header("Content-type: image/jpg");
// get id, and exit if it doesn't exist
$id = (isset($_GET['id'])) ? (int) $_GET['id'] : FALSE;
if(!$id) exit;
//connect to db first
// Connecting, selecting database
// db info
$db_host = 'localhost';
$db_user = 'root';
$db_pwd = 'password';
$database = 'TheDatabase';
if (@mysql_connect($db_host, $db_user, $db_pwd) and mysql_select_db($database))
{
// this is no longer needed because of typecasting above
# if(is_numeric($id)){ // make sure id is a number before db
// no need to escape or typecast an input, because it's done already
$sql = "SELECT image_thumbnail FROM image_admin WHERE id=$id LIMIT 1";
$result = mysql_query($sql);
if (mysql_num_rows($result)==0) exit;
$row = mysql_fetch_row($result); // 'coz you use associated names in the query, you know the order, just use the index
echo $row[0];
// this query is soooo small, this is not really necessary
# mysql_free_result($result);
// this is useless
/* //then do as below:
$sql = "SELECT click_count FROM img_click_stats WHERE image_id=$id LIMIT 1";
$result = mysql_query($sql);
if (mysql_num_rows($result)==0) exit;
$row = mysql_fetch_row($result);
*/
$sql = "UPDATE img_click_stats SET click_count=click_count+1 WHERE image_id=$id LIMIT 1";
mysql_query($sql);
// check against affected rows, if none, insert new
if (mysql_affected_rows() == 0)
{
$query = "INSERT INTO img_click_stats (image_id,click_count) VALUES ($id,1)";
mysql_query($query);
}
#mysql_free_result($result);
#}
}
?>
|
