Taxonomy Browser

Tax Name: examples: Homo sapiens, zebrafish, Mus etc.
Taxon ID: examples: 9606, 11103 etc.

"; echo"

Common Taxonid List:

name	preferred name	taxonid
Arabidopsis thaliana	Arabidopsis thaliana	3702
Escherichia coli	Escherichia coli	562
Pneumocystis carinii	Pneumocystis carinii	4754
Bos taurus	Bos taurus	9913
Hepatitis C virus	Hepatitis C virus	11103
Rattus norvegicus	Rattus norvegicus	10116
Caenorhabditis elegans	Caenorhabditis elegans	6239
Homo sapiens	Homo sapiens	9606
Saccharomyces cerevisiae	Saccharomyces cerevisiae	4932
Chlamydomonas reinhardtii	Chlamydomonas reinhardtii	3055
Mus musculus	Mus musculus	10090
Schizosaccharomyces pombe	Schizosaccharomyces pombe	4896
Danio rerio (Zebrafish)	Danio rerio (zebrafish)	7955
Mycoplasma pneumoniae	Mycoplasma pneumoniae	2104
Takifugu rubripes	Takifugu rubripes	31033
Dictyostelium discoideum	Dictyostelium discoideum	44689
Oryza sativa	Oryza sativa	4530
Xenopus laevis	Xenopus laevis	8355
Drosophila melanogaster	Drosophila melanogaster	7227
Plasmodium falciparum	Plasmodium falciparum	5833
Zea mays	Zea mays	4577

"; } else { //$name = trim($name); //$taxid = trim($taxid); if($name) { // FIX 1 (SQL Injection): Escape $name before use in LIKE query. // Cannot cast to int here since name is a string, so we escape it instead. $safe_name_sql = mysql_real_escape_string($name); $query = "SELECT distinct a.name, a.taxonid, a.name_class, b.rank from Taxon_name a, Taxon_node b where a.name like '$safe_name_sql%' and a.taxonid =b.taxonid"; $result = mysql_query($query); $color = "white"; $num_rows = mysql_num_rows($result); $row = mysql_fetch_row($result); } elseif($taxid) { if(is_numeric($taxid)) { // FIX 1 (SQL Injection): Cast to int, same as lineage.php. $safe_taxid_int = (int)$taxid; $query = "SELECT distinct a.name, a.taxonid, a.name_class, b.rank from Taxon_name a, Taxon_node b where a.taxonid = $safe_taxid_int and a.taxonid =b.taxonid"; $result = mysql_query($query); $num_rows = mysql_num_rows($result); $row = mysql_fetch_row($result); } else { // FIX 2 (XSS): Escape $taxid before echoing it into the error message. $safe_taxid_display = htmlspecialchars($taxid, ENT_QUOTES, 'UTF-8'); echo "Your input: $safe_taxid_display is not a valid taxonid!
"; } } // FIX 2 (XSS): Escape $name before echoing into HTML. $safe_name_display = htmlspecialchars($name, ENT_QUOTES, 'UTF-8'); echo "Your Query $safe_name_display returns $num_rows taxon entries:
"; if($num_rows > 0) { echo ""; while($row) { if($row[2] == "scientific name") { $color = "yellow"; } else { $color = "white"; } // FIX 2 (XSS): Escape all DB values before echoing into HTML. // Use (int) for taxonid in hrefs so the payload is never forwarded, same as lineage.php. $safe_row0 = htmlspecialchars($row[0], ENT_QUOTES, 'UTF-8'); $safe_row1 = (int)$row[1]; $safe_row2 = htmlspecialchars($row[2], ENT_QUOTES, 'UTF-8'); $safe_row3 = htmlspecialchars($row[3], ENT_QUOTES, 'UTF-8'); echo " "; $row = mysql_fetch_row($result); } echo "

Name	Taxonid	Name Class	Rank	Lineage	Image
$safe_row0	$safe_row1	$safe_row2	$safe_row3	details	Image

"; } } ?>