|
here are some bugs in my guestbook script how to solve them ?
SQL and Full Path Disclosure:
http://mixwebs.com/guest/home.php?page Quote Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/sites/mixwebs.com/public_html/guest/home.php on line 166 Full Path Disclosure: http://mixwebs.com/guest/delete.php Quote Warning: Cannot modify header information - headers already sent by (output started at /home/sites/mixwebs.com/public_html/guest/delete.php:15) in /home/sites/mixwebs.com/public_html/guest/delete.php on line 16 SQL: http://mixwebs.com/guest/ban.php?ip=' Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1 Full Path Disclosure: When you enter \ or ' for the admin login. Quote Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/sites/mixwebs.com/public_html/guest/login.php on line 7 |
the num 2 and 3 seem to be fixed already :)
as for the num 1 just check if ($q) then do the mysql_fetch_array... that is if $q is the result of the query: $q = mysql_query().... and that's what hyou should do for the last error, and add this to filter your variables: trim(strip_tags(addslashes($variable))) and when you print the message don't forget to stripslashes() to remove the slashes you added with addslashes |
| All times are GMT. The time now is 06:46 AM. |
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0