dropfaith Posted October 9, 2008 Share Posted October 9, 2008 <?php // includes include("../template/conf.php"); // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $Author = mysql_escape_string($_GET['Author']); $query = "SELECT * FROM story WHERE Author = '$Author'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if records present if (mysql_num_rows($result) > 0) { // iterate through resultset // print article titles while($row = mysql_fetch_object($result)) { ?> <tr> <td style="text-align:left;"><a href="article.php?Id=<?php echo $row->Id; ?>"><?php echo $row->Title; ?> </a></td> <td style="text-align:left;"><?php echo $row->Date; ?></td> <td style="text-align:left;"><?php echo $row->Genre;?> </td> </tr> <?php } } // if no records present // display message else { ?> <p>No press releases currently available</p> <?php } // close database connection mysql_close($connection); ?> Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/ Share on other sites More sharing options...
DeanWhitehouse Posted October 9, 2008 Share Posted October 9, 2008 why are you doing [] on the end of the url? Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661239 Share on other sites More sharing options...
The Little Guy Posted October 9, 2008 Share Posted October 9, 2008 Please provide more information, such as what code is doing this, not the entire file. Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661243 Share on other sites More sharing options...
DarkWater Posted October 9, 2008 Share Posted October 9, 2008 Well, the error is from echoing out an array: $array = array(1, 2, 3, 4, 5); //array echo $array; //notice! Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661251 Share on other sites More sharing options...
dropfaith Posted October 9, 2008 Author Share Posted October 9, 2008 my bad i meant to edit the post down to the code causeing the issue before posting.. the [] is on the end of the url cause these errors were pointed out to me in a site security thread and the person who did it pointed out the error if that happened.. Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661255 Share on other sites More sharing options...
DeanWhitehouse Posted October 9, 2008 Share Posted October 9, 2008 Well if you removed [] then it should have no errors, Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661260 Share on other sites More sharing options...
The Little Guy Posted October 9, 2008 Share Posted October 9, 2008 $array = array(1, 2, 3, 4, 5); //array foreach($array as $arr){ echo $arr; } Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661263 Share on other sites More sharing options...
dropfaith Posted October 9, 2008 Author Share Posted October 9, 2008 right but say the user for whatever reason adds that is it like a security issue? im not sure what was meant by the error in the security thread. also http://lawrenceguide.org/bands/profile.php?Name=Dropfaith%20Tests works fine but if the user does this http://lawrenceguide.org/bands/profile.php i get this error Notice: Undefined index: Name in /home/www/lawrenceguide.org/www/bands/profile.php on line 89 im trying to clear them all up and dont want to open a new thread for what i assume is an easy fix Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661267 Share on other sites More sharing options...
DeanWhitehouse Posted October 9, 2008 Share Posted October 9, 2008 It means the var is not defined. And how is it a security issue? There is nothing different except the error. Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661275 Share on other sites More sharing options...
dropfaith Posted October 9, 2008 Author Share Posted October 9, 2008 i know its from the var not being defined i just want to remove these errors and was hoping i could do it without just turning off error reporting cause i try not to ever do that Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661284 Share on other sites More sharing options...
dropfaith Posted October 9, 2008 Author Share Posted October 9, 2008 is it possible if the var isnt defined it redirects the user to the index? Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661286 Share on other sites More sharing options...
DeanWhitehouse Posted October 9, 2008 Share Posted October 9, 2008 Well then you will have to change your code, you will have to rely on people to use there own common sense, and i would just turn off error reporting on that page error_reporting(0); or if(!isset($var)) { header("Location:page.php"); } Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661288 Share on other sites More sharing options...
DarkWater Posted October 9, 2008 Share Posted October 9, 2008 Don't turn off error_reporting, that's the lazy way out. Define $Name before you use it. o_O Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661292 Share on other sites More sharing options...
dropfaith Posted October 9, 2008 Author Share Posted October 9, 2008 $name is defined from the url normally i never count on user common sense users can be some dumb people. im new to all this Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661298 Share on other sites More sharing options...
The Little Guy Posted October 9, 2008 Share Posted October 9, 2008 Don't turn off error_reporting, that's the lazy way out. Define $Name before you use it. o_O Why not? would you want want to go to goolge, yahoo, phpfreak, etc. and see a bunch of error messages? You should really have the errors go into an error log. Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661299 Share on other sites More sharing options...
DeanWhitehouse Posted October 9, 2008 Share Posted October 9, 2008 On a live site, you should turn off errror reporting and/or make your own custom ones. Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661300 Share on other sites More sharing options...
DarkWater Posted October 9, 2008 Share Posted October 9, 2008 Don't turn off error_reporting, that's the lazy way out. Define $Name before you use it. o_O Why not? would you want want to go to goolge, yahoo, phpfreak, etc. and see a bunch of error messages? You should really have the errors go into an error log. You should only turn off error_reporting after the errors are fixed. If you just have an error log, you wouldn't really know about a Notice or Warning unless you went into the error log constantly. Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661302 Share on other sites More sharing options...
BillyBoB Posted October 9, 2008 Share Posted October 9, 2008 The reason that is a security issue is Full Path Disclosure. It gives the end user the full path to your server. Which in certain cases can give the end user your username for the cpanel. Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661307 Share on other sites More sharing options...
dropfaith Posted October 9, 2008 Author Share Posted October 9, 2008 http://lawrenceguide.org/literature/byauthor.php?Author[] on line 59 it erros theres no arrays in this script at all $Author = mysql_escape_string($_GET['Author']); is line 59 on the page btw no idea how to remove this Notice still as theres no array (im only doing this on the off chance a user attempts to load this url to get full path disclosure <?php // includes include("../template/conf.php"); // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $Author = mysql_escape_string($_GET['Author']); $query = "SELECT * FROM story WHERE Author = '$Author'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if records present if (mysql_num_rows($result) > 0) { // iterate through resultset // print article titles while($row = mysql_fetch_object($result)) { ?> <tr> <td style="text-align:left;"><a href="article.php?Id=<?php echo $row->Id; ?>"><?php echo $row->Title; ?> </a></td> <td style="text-align:left;"><?php echo $row->Date; ?></td> <td style="text-align:left;"><?php echo $row->Genre;?> </td> </tr> <?php } } // if no records present // display message else { ?> <p>No press releases currently available</p> <?php } // close database connection mysql_close($connection); ?> Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661390 Share on other sites More sharing options...
kenrbnsn Posted October 9, 2008 Share Posted October 9, 2008 You want to put a check in before that line that is something like: <?php if (isset($_GET['Author']) && is_array($_GET['Author'])) // // issue an error message and leave // } ?> Ken Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661405 Share on other sites More sharing options...
dropfaith Posted October 10, 2008 Author Share Posted October 10, 2008 if(!is_array($_GET['Type'])) { $Type = mysql_escape_string($_GET['Type']); $query = "SELECT * FROM food WHERE Type = '$Type'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); } else { //special circumstance $query = "SELECT * FROM food"; $result = mysql_query($query) or die("Error in query: $query. " . mysql_error()); } Quote Link to comment https://forums.phpfreaks.com/topic/127758-solved-notice-array-to-string-conversion/#findComment-661460 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.