Explanation of codeline in php for ctf

Question

Guys I was learning to solve a ctf and saw this line in php

${"result$i"} = $db->query("SELECT * FROM {$tables[$i]} " . ($order != '' ? "ORDER BY ".$db->escape_string($order)." " : ""));

This is in a for loop with $i as incrementer,So what is didnt understand happening is the following

what is the meaning of this: ${"result$i"}
putting $tables[$i] inside { }
Can someone explain this bit : ($order != '' ? "ORDER BY ".$db->escape_string($order)." " : "")

score 0 · Answer 1 · answered May 05 '20 at 19:20

what is the meaning of this: `${"result$i"}

Here you define a dynamnmic varible that start with 'result' and ends with a number for $i = 1 you get $result1`and so on for every $i

putting $tables[$i] inside { }

here also you want the content of an array named table so with $i= 1 you get the tablenaME that is in table{1]

Can someone explain this bit : ($order != '' ? "ORDER BY ".$db->escape_string($order)." " : "")

Here do you chelc if the variable %order has any content at all, if So add to the query string ORDER BY content of $order else add nothing '' to the string. ORDER BY are always decalred at the end and if you have a columnname and sorting order in the saved ion the variable you add it to the string

Explanation of codeline in php for ctf

1 Answers1