Jump to content

Recommended Posts

      <?php
// includes
include("../template/conf.php");
// open database connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// generate and execute query
               $Author = mysql_escape_string($_GET['Author']);
               $query = "SELECT * FROM story  WHERE Author = '$Author'";
               $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());

// if records present
if (mysql_num_rows($result) > 0)
{
// iterate through resultset
// print article titles
while($row = mysql_fetch_object($result))
{
?>   
<tr>
   <td style="text-align:left;"><a href="article.php?Id=<?php echo $row->Id; ?>"><?php echo $row->Title; ?> </a></td>
   <td style="text-align:left;"><?php echo $row->Date; ?></td>
    <td style="text-align:left;"><?php echo $row->Genre;?> </td>
</tr>
<?php
}
}
// if no records present
// display message
else
{
?>
<p>No press releases currently available</p>
<?php
}

// close database connection
mysql_close($connection);
?>

my bad  i meant to edit the post down to the code causeing the issue before posting..

the [] is on the end of the url cause these errors were pointed out to me in a site security thread and  the person who did it pointed out the error if that happened..

 

 

 

 

right but say the user for whatever reason adds that is it like a security issue?  im not sure what was meant by the error in the security thread.

 

 

also

http://lawrenceguide.org/bands/profile.php?Name=Dropfaith%20Tests works fine but if the user does this

 

http://lawrenceguide.org/bands/profile.php

i get this error

 

Notice: Undefined index: Name in /home/www/lawrenceguide.org/www/bands/profile.php on line 89

 

im trying to clear them all up and dont want to open a new thread for what i assume is an easy fix

Well then you will have to change your code, you will have to rely on people to use there own common sense, and i would just turn off error reporting on that page

error_reporting(0);

 

 

or

 

if(!isset($var))

{

header("Location:page.php");

}

Don't turn off error_reporting, that's the lazy way out.  Define $Name before you use it. o_O

 

Why not? would you want want to go to goolge, yahoo, phpfreak, etc. and see a bunch of error messages?

 

You should really have the errors go into an error log.

Don't turn off error_reporting, that's the lazy way out.  Define $Name before you use it. o_O

 

Why not? would you want want to go to goolge, yahoo, phpfreak, etc. and see a bunch of error messages?

 

You should really have the errors go into an error log.

 

You should only turn off error_reporting after the errors are fixed.  If you just have an error log, you wouldn't really know about a Notice or Warning unless you went into the error log constantly.

http://lawrenceguide.org/literature/byauthor.php?Author[]  on line 59 it erros theres no arrays in this script at all

$Author = mysql_escape_string($_GET['Author']); is line 59 on the page btw no idea how to remove this Notice still as theres no array (im only doing this on the off chance a user attempts to load this url to get full path disclosure

<?php
// includes
include("../template/conf.php");


// open database connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");

// select database
mysql_select_db($db) or die ("Unable to select database!");

// generate and execute query
				$Author = mysql_escape_string($_GET['Author']);
				$query = "SELECT * FROM story  WHERE Author = '$Author'";
				$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());




// if records present
if (mysql_num_rows($result) > 0)
{
// iterate through resultset
// print article titles
while($row = mysql_fetch_object($result))
{
?>	


<tr>
<td style="text-align:left;"><a href="article.php?Id=<?php echo $row->Id; ?>"><?php echo $row->Title; ?> </a></td>
<td style="text-align:left;"><?php echo $row->Date; ?></td>
	<td style="text-align:left;"><?php echo $row->Genre;?> </td>
</tr>



<?php
}
}
// if no records present
// display message
else
{
?>
<p>No press releases currently available</p>
<?php
}

// close database connection
mysql_close($connection);
?>

	if(!is_array($_GET['Type']))
{
	$Type = mysql_escape_string($_GET['Type']);
	$query = "SELECT * FROM food  WHERE Type = '$Type'";

	$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
}
else
{
//special circumstance
	$query = "SELECT * FROM food";
	$result = mysql_query($query) or die("Error in query: $query. " . mysql_error());
}

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.