Errant_Shadow Posted September 3, 2009 Share Posted September 3, 2009 My site is DriversBigTop.com To validate that this is, in fact, my site, and to report any errors you might encounter, please use the bug page. That being said, my employer tells me our images don't load when he views the page from Netscape. Of course, in order for me to fox any problems I'm going to need to reproduce the error he's encountering; except when -I- view from Netscape, everything works fine... Beyond that, though, if anyone finds anything that seems broken or just doesn't look good, please let me know. Feel free to use the bug form I created as it will capture info from your browser for me (since my employer can't seem to figure out what version of Netscape he's using ... ) Also, unfortunately, to use the site will require a free registration. My employer insisted on it so there's really nothing I can do about it -- however, it is free. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 4, 2009 Share Posted September 4, 2009 email'd you a list of Bugs if you got it about the SQL Injection problem And SESSID fixation Link to comment Share on other sites More sharing options...
Errant_Shadow Posted September 5, 2009 Author Share Posted September 5, 2009 Thank you, darkfreaks I'm not sure what MYSQLI/PDO is but I thought I was sanitizing everything with mysql_real_escape_string. I'll go back over all of my code to make sure it's all being sanitized. I'll also set my php.ini as you suggested. Thank you for being helpful, I really really appreciate it. Security specialist I am not hell, I'm not even really a web developer >< Link to comment Share on other sites More sharing options...
Errant_Shadow Posted September 5, 2009 Author Share Posted September 5, 2009 Hmm... I couldn't find "session.use_only_cookies" I found session.use_cookies and it's already set to 1. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 5, 2009 Share Posted September 5, 2009 Errant- PHPFreaks Security Tutorial(PDO/MYSQL) that should help out a lot somewhere in your function file put this: <?php ini_set ('session.use_only_cookies', 1);. //Disable transparent Session ID ... ?> then include the function file in every file if you don't already this will turn off the session.use_only_cookies in the code. also your HTML output isnt Validated as HTML 4.0.1 or 5.0 or 3.2 or 2 strict or transitional nor XHTML 1.0-1.1 strict or transitional. W3c Validator with html tidy Link to comment Share on other sites More sharing options...
Errant_Shadow Posted September 6, 2009 Author Share Posted September 6, 2009 The validation tool is cool, but the other link lead to an article about irritable bowel syndrome on web md >> Link to comment Share on other sites More sharing options...
darkfreaks Posted September 6, 2009 Share Posted September 6, 2009 oops sorry LOL i guess my copy and paste was broke PDO/MYSQL Link to comment Share on other sites More sharing options...
Recommended Posts