Sunda Cyber Army


* Sunda Cyber Army 2k17 *
Indonesia Defacer ~

© | FaceBook | Youtube | ©
?? | HackersId | DefacerId | ??
?? | Website | ??
?? | Tools | ??

Path : /home/dent/studentexams/jeandanl/
File Upload :
Current File : /home/dent/studentexams/jeandanl/results.php

<?php

if(empty($_REQUEST['manufacturer_id'])) {
    echo "Error! You're missing some information. ";
    exit();
}

$userid = "dent_guest";
$userpw = "Acad276_Ttrojan_Dev2Ex@m";
$host = "webdev.iyaclasses.com";
$db = "dent_exam";

include '../pdloginvariables.php';

$mysql = new mysqli(
    $host,
    $userid,
    $userpw,
    $db
);

if($mysql->connect_errno) {
    echo "db connection error : " . $mysql->connect_error;
    exit();
}
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>Acad276 Practical Exam: Results</title>
    <style>
        .container {
            width:  600px;
            margin: auto;
        }
        h1 {
            margin: auto;
            text-align: center;
            background-color:   #900;
            color:  #FC0;
            height: 60px;
            line-height: 60px;
        }
        .num-results {
            margin: 20px 10px;
        }
        table {
            margin: auto;
            margin-bottom: 20px;
            width:  80%;
            border-collapse: collapse;
        }
        th, td {
            border: 1px solid #900;
            border-collapse: collapse;
            padding:    10px;
            text-align: center;
        }
        img {
            width: 100px;
        }
        .nav-link{
            margin: 10px 0px;
            font-size: 14px;
        }
    </style>
</head>
<body>
<div class="container">
    <h1>Mobile Device Database: Search Results</h1>
    <div class="nav-link">

        <?php
        $sql = 		"SELECT * FROM devices WHERE 1=1";
        $sql .= " AND name LIKE '%" . $_REQUEST['device_id'] . "%'";

        if($_REQUEST['manufacture'] != "ALL" and !empty($_REQUEST['manufacturer'])) {
            $sql .= " AND manufacturer_id='" . $_REQUEST["manufacturer"] . "'";
        }
        if($_REQUEST['system_id'] != "ALL" and !empty($_REQUEST['system_id'])) {
            $sql .= " AND system_id='" . $_REQUEST["system_id"] . "'";
        }
        if($_REQUEST['type_id'] != "ALL" and !empty($_REQUEST['type_id'])) {
            $sql .= " AND type_id='" . $_REQUEST["type_id"] . "'";
        }

        $results = $mysql->query($sql);

        if(!$results) {
            echo "<hr>Your SQL:<br> " . $sql . "<br><br>";
            echo "SQL Error: " . $mysql->error . "<hr>";
            exit();
        }

        echo "<em>Your search returned <strong>" .
            $results->num_rows .
            "</strong> results.</em>";
        echo "<br><br>";

        while($currentrow = $results->fetch_assoc()) {
            echo "<div class='tr'><strong>" . $currentrow['name'] . "</a>".
                "<div>" .
                "<a href='details.php?recordid=".
                $currentrow["devices"]."'>" .
                "View" . "<br>" .
                "</a>" .
                "</div>"  .
                "<br style='clear:both;'>";
        }
        ?>
</table>
        <form action="results.php">

    </div>


    <table>
        <tr>
            <th>Name</th>
            <th>Price</th>
            <th>Manufacturer</th>
            <th>System</th>
            <th>Type</th>
        </tr>

        <!--
        ****** SAMPLE OUTPUT ROW ******
        -->

    </table>
</div>
</body>
</html>