nezbo Posted January 25, 2008 Share Posted January 25, 2008 i have this site and i was trying to get it w3s (or whatever it is) compaint and i have managed to muck the login up :'( my site is :: www.eastlancsmedicalservices.co.uk a test username and password is :: username : test password : test when i use IE it takes dosnt load, but if you click stop after a couple of seconds it loads fine... when i use it in fire fox it works fine. i have contacted the isp and they said it was working fine on there side... i have really getting angry with this one grrr... Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/ Share on other sites More sharing options...
rajivgonsalves Posted January 25, 2008 Share Posted January 25, 2008 it works fine for me In ie which version of IE are you using.. Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-448797 Share on other sites More sharing options...
nezbo Posted January 25, 2008 Author Share Posted January 25, 2008 that is strange i am using IE7 do you think it could be the network or somthing? it works fine for me In ie which version of IE are you using.. Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-448800 Share on other sites More sharing options...
rajivgonsalves Posted January 25, 2008 Share Posted January 25, 2008 Yes could be some network problem only to IE however I am using IE 6 maybe some problem with IE 7 someone on the board would test it in IE 7 Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-448801 Share on other sites More sharing options...
dg Posted January 25, 2008 Share Posted January 25, 2008 work fine with firefox 2.0.0.11 too Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-448802 Share on other sites More sharing options...
nezbo Posted January 25, 2008 Author Share Posted January 25, 2008 ok cheers peeps... I think it must be a connection thing, because it is starting to take a long time to accedd any page that either connects to the SQL server or looks at the cookies... Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-448813 Share on other sites More sharing options...
tibberous Posted January 25, 2008 Share Posted January 25, 2008 I'd worry more about making it look better than whether or not it's w3 compliant... Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-448833 Share on other sites More sharing options...
helraizer Posted January 25, 2008 Share Posted January 25, 2008 Loads fine in both FF 2.0.0.11 and IE 7 Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-448862 Share on other sites More sharing options...
nezbo Posted January 25, 2008 Author Share Posted January 25, 2008 what do you meen look better. what do you think i should do, to make it look better. I'd worry more about making it look better than whether or not it's w3 compliant... Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-449001 Share on other sites More sharing options...
agentsteal Posted January 25, 2008 Share Posted January 25, 2008 Admin Access: You can log in as admin by changing the user cookie to 18. Array: http://www.eastlancsmedicalservices.co.uk/ipAddresses.php?add[] Array: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir[] Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/ipAddresses.php?add=<marquee>vulnerable Cross Site Scripting: There is Cross Site Scripting in the contacts if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.eastlancsmedicalservices.co.uk/idSearch.php if the id number contains code. Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you edit a profile if the fields contain '>code. Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/viewShiftReportAll.php?s=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s=<marquee><h1>vulnerable</marquee> Directory Transversal: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir=../ Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/cal.php?mon[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/cal.php on line 13 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser=a Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/pages.php on line 15 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser[] Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/pages.php on line 15 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/adminModual.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/adminModual.php on line 4 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/callLog.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/callLog.php on line 4 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/holidayRota.php Warning: mysql_query(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/9/d/a/1167/1167/public_html/holidayRota.php on line 7 Warning: mysql_query(): A link to the server could not be established in /home/9/d/a/1167/1167/public_html/holidayRota.php on line 7 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/nav.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/nav.php on line 11 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/login.php Warning: mysql_query(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/9/d/a/1167/1167/public_html/login.php on line 5 Warning: mysql_query(): A link to the server could not be established in /home/9/d/a/1167/1167/public_html/login.php on line 5 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/login.php on line 6 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/left.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/nav.php on line 11 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/right.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/right.php on line 2 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/rota.php Warning: mysql_query(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/9/d/a/1167/1167/public_html/rota.php on line 13 Warning: mysql_query(): A link to the server could not be established in /home/9/d/a/1167/1167/public_html/rota.php on line 13 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewRequestedShifts.php Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewRequestedShifts.php on line 21 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewRequestedShifts.php on line 25 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/shiftReportModual.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/shiftReportModual.php on line 4 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/shifts.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/shifts.php on line 4 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewShiftReport.php?mon[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/cal.php on line 13 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewServices.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewUsers.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewSites.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewShiftReportAll.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewSites.php?s=-1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewSites.php on line 19 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewUsers.php?s=-1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewUsers.php on line 44 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewServices.php?s=-1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewServices.php on line 17 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir=a Warning: opendir(./bible/a): failed to open dir: No such file or directory in /home/9/d/a/1167/1167/public_html/oohBible.php on line 9 Warning: readdir(): supplied argument is not a valid Directory resource in /home/9/d/a/1167/1167/public_html/oohBible.php on line 18 Warning: closedir(): supplied argument is not a valid Directory resource in /home/9/d/a/1167/1167/public_html/oohBible.php on line 51 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/pages.php Warning: mysql_query(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/9/d/a/1167/1167/public_html/pages.php on line 14 Warning: mysql_query(): A link to the server could not be established in /home/9/d/a/1167/1167/public_html/pages.php on line 14 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/pages.php on line 15 You can log in as any user if you change the user cookie to their user id. SQL Error: http://www.eastlancsmedicalservices.co.uk/viewShiftReportAll.php?s=a You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'a, 20' at line 1 SQL Error: There is an SQL Error on http://www.eastlancsmedicalservices.co.uk/idSearch.php if the id number contains an invalid value. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 SQL Error: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser=' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' ORDER BY JobID DESC LIMIT 0, 20' at line 1 SQL Error: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s=-1 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1, 20' at line 1 SQL Error: http://www.eastlancsmedicalservices.co.uk/editJob.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL Error: http://www.eastlancsmedicalservices.co.uk/edit4weekRota.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY _weeknumber.weekID ASC, _daysoftheweek.Priorty A Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-449198 Share on other sites More sharing options...
nezbo Posted January 26, 2008 Author Share Posted January 26, 2008 cheers i guess you are saying that my site is easy to hack? what should i do about making it more secure? how do i find out this info that you have given me? Admin Access: You can log in as admin by changing the user cookie to 18. Array: http://www.eastlancsmedicalservices.co.uk/ipAddresses.php?add[] Array: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir[] Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/ipAddresses.php?add=<marquee>vulnerable Cross Site Scripting: There is Cross Site Scripting in the contacts if the fields contain ">code. Cross Site Scripting: There is Cross Site Scripting on http://www.eastlancsmedicalservices.co.uk/idSearch.php if the id number contains code. Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you edit a profile if the fields contain '>code. Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/viewShiftReportAll.php?s=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s=<marquee><h1>vulnerable</marquee> Directory Transversal: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir=../ Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/cal.php?mon[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/cal.php on line 13 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser=a Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/pages.php on line 15 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser[] Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/pages.php on line 15 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/adminModual.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/adminModual.php on line 4 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/callLog.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/callLog.php on line 4 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/holidayRota.php Warning: mysql_query(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/9/d/a/1167/1167/public_html/holidayRota.php on line 7 Warning: mysql_query(): A link to the server could not be established in /home/9/d/a/1167/1167/public_html/holidayRota.php on line 7 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/nav.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/nav.php on line 11 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/login.php Warning: mysql_query(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/9/d/a/1167/1167/public_html/login.php on line 5 Warning: mysql_query(): A link to the server could not be established in /home/9/d/a/1167/1167/public_html/login.php on line 5 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/login.php on line 6 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/left.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/nav.php on line 11 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/right.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/right.php on line 2 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/rota.php Warning: mysql_query(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/9/d/a/1167/1167/public_html/rota.php on line 13 Warning: mysql_query(): A link to the server could not be established in /home/9/d/a/1167/1167/public_html/rota.php on line 13 Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewRequestedShifts.php Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewRequestedShifts.php on line 21 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewRequestedShifts.php on line 25 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/shiftReportModual.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/shiftReportModual.php on line 4 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/shifts.php Fatal error: Call to undefined function: validate() in /home/9/d/a/1167/1167/public_html/shifts.php on line 4 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewShiftReport.php?mon[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/cal.php on line 13 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewServices.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewUsers.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewSites.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewShiftReportAll.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewSites.php?s=-1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewSites.php on line 19 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewUsers.php?s=-1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewUsers.php on line 44 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/viewServices.php?s=-1 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/viewServices.php on line 17 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/oohBible.php?dir=a Warning: opendir(./bible/a): failed to open dir: No such file or directory in /home/9/d/a/1167/1167/public_html/oohBible.php on line 9 Warning: readdir(): supplied argument is not a valid Directory resource in /home/9/d/a/1167/1167/public_html/oohBible.php on line 18 Warning: closedir(): supplied argument is not a valid Directory resource in /home/9/d/a/1167/1167/public_html/oohBible.php on line 51 Full Path Disclosure: http://www.eastlancsmedicalservices.co.uk/pages.php Warning: mysql_query(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/9/d/a/1167/1167/public_html/pages.php on line 14 Warning: mysql_query(): A link to the server could not be established in /home/9/d/a/1167/1167/public_html/pages.php on line 14 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/9/d/a/1167/1167/public_html/pages.php on line 15 You can log in as any user if you change the user cookie to their user id. SQL Error: http://www.eastlancsmedicalservices.co.uk/viewShiftReportAll.php?s=a You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'a, 20' at line 1 SQL Error: There is an SQL Error on http://www.eastlancsmedicalservices.co.uk/idSearch.php if the id number contains an invalid value. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 SQL Error: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?supUser=' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' ORDER BY JobID DESC LIMIT 0, 20' at line 1 SQL Error: http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s=-1 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1, 20' at line 1 SQL Error: http://www.eastlancsmedicalservices.co.uk/editJob.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL Error: http://www.eastlancsmedicalservices.co.uk/edit4weekRota.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY _weeknumber.weekID ASC, _daysoftheweek.Priorty A Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-449809 Share on other sites More sharing options...
nezbo Posted January 28, 2008 Author Share Posted January 28, 2008 I have changed the way in withc the loging works, and i think it is a bit more secure.... I am not to sure if the site is running a bit flakey, please can some one test it to see if there are any problems with it... test user is still username : test password : test Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-451077 Share on other sites More sharing options...
mattclements Posted January 31, 2008 Share Posted January 31, 2008 Hello, The errors that are shown above can be fixed easily... I can fix this for you if you need to.. Cheers Matt Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-454269 Share on other sites More sharing options...
nezbo Posted January 31, 2008 Author Share Posted January 31, 2008 hi matt Cheers for the offer, i think if you could advise me on how to fix them i think i will learn a lot more and not make the same mastake again... i have tryed to fix most of the problems, with verios solutions, so i think there will be less than there was. i.e. i have changed the cookie to be a more complicated, and i have added @ to the mysql_query's, if there are any other ways i can make it more secure, i will be glad for your input. Cheers, Neil Hello, The errors that are shown above can be fixed easily... I can fix this for you if you need to.. Cheers Matt Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-454299 Share on other sites More sharing options...
nezbo Posted January 31, 2008 Author Share Posted January 31, 2008 the only ones that i think i need to sort out is : Full Path Disclosure: ]http://www.eastlancsmedicalservices.co.uk/checkProcessingJobs.php?s[] Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 What is the best way to sort this? Neil Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-454311 Share on other sites More sharing options...
mattclements Posted January 31, 2008 Share Posted January 31, 2008 Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 This means there is a variable used on line 39, you are trying to get this to display as one datatype (such as numeric), and this variable is actually not this datatype.... Try "echoing" these variables on the page to se what they display.... cheers matt Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-454401 Share on other sites More sharing options...
nezbo Posted January 31, 2008 Author Share Posted January 31, 2008 The pages work fine when i dont try and hack it. if it try and get 's' as an array it will through up this error, might it be worth putting a like? : if ($_request(s) != 'an intiger') i am not to sure how to check if it is an integer on not? Neil Fatal error: Unsupported operand types in /home/9/d/a/1167/1167/public_html/pages.php on line 39 This means there is a variable used on line 39, you are trying to get this to display as one datatype (such as numeric), and this variable is actually not this datatype.... Try "echoing" these variables on the page to se what they display.... cheers matt Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-454415 Share on other sites More sharing options...
helraizer Posted January 31, 2008 Share Posted January 31, 2008 If s is supposed to be a number then you can use <?php if(!is_numeric($request['s'])) { //if s is not a number //your code code for if s isn't a number } else { //if s is a number //code for if s is a number } ?> Hope that helps? Sam Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-454491 Share on other sites More sharing options...
nezbo Posted January 31, 2008 Author Share Posted January 31, 2008 cool that worked a treat cheers. i think my site is getting more and more secure cheers for everyones help. If s is supposed to be a number then you can use <?php if(!is_numeric($request['s'])) { //if s is not a number //your code code for if s isn't a number } else { //if s is a number //code for if s is a number } ?> Hope that helps? Sam Link to comment https://forums.phpfreaks.com/topic/87742-urgent-help-needed/#findComment-454497 Share on other sites More sharing options...
Recommended Posts