TalkPHP
Home Forums Articles Glossary Awards Register Rules Members Search Today's Posts Mark Forums Read
 
 
 
Account Login
Latest Articles
» The basic usage of PHPTAL, a XML/XHTML template library for PHP
by awuehr on 11-10-2008 in Tips & Tricks
» Vulnerable methods and the areas they are commonly trusted in.
by Village Idiot on 11-04-2008 in Classes & Objects
» Simple way to protect a form from bot
by codefreek on 10-23-2008 in Basic
» The Basics On: How Session Stealing Works
by wiifanatic on 09-12-2008 in Security & Permissions
» How to keep your forms from double posting data
by drewbee on 07-03-2008 in Tips & Tricks
IRC Channel
IRC Speech Bubble Join the friendly bunch on IRC...
(#TalkPHP on Freenode)

...Also available via a web interface.

See this thread for information on the TalkPHP Free Hugs Initiative™. Subject to availability.
Associates
Associates
CSS Tutorials
TalkPHP > Developer Forums > Absolute Beginners » here are some bugs in my guestbook script how to solve them ?
Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 03-01-2008, 12:46 PM   #1 (permalink)
The Addict
 
webtuto's Avatar
 
Join Date: Dec 2007
Location: morocco
Posts: 221
Thanks: 19
webtuto is on a distinguished road
Default here are some bugs in my guestbook script how to solve them ?
SQL and Full Path Disclosure:
http://mixwebs.com/guest/home.php?page
Quote
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/sites/mixwebs.com/public_html/guest/home.php on line 166

Full Path Disclosure:
http://mixwebs.com/guest/delete.php
Quote
Warning: Cannot modify header information - headers already sent by (output started at /home/sites/mixwebs.com/public_html/guest/delete.php:15) in /home/sites/mixwebs.com/public_html/guest/delete.php on line 16

SQL:
http://mixwebs.com/guest/ban.php?ip='
Quote
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

Full Path Disclosure:
When you enter \ or ' for the admin login.
Quote
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/sites/mixwebs.com/public_html/guest/login.php on line 7
__________________
Send a message via MSN to webtuto Send a message via Yahoo to webtuto Send a message via Skype™ to webtuto
webtuto is offline   		Reply With Quote
Old 03-01-2008, 12:59 PM   #2 (permalink)
The Acquainted
 
freenity's Avatar
 
Join Date: Feb 2008
Posts: 119
Thanks: 17
freenity is on a distinguished road
Default
the num 2 and 3 seem to be fixed already :)

as for the num 1 just check

if ($q) then do the mysql_fetch_array...

that is if $q is the result of the query: $q = mysql_query()....

and that's what hyou should do for the last error, and add this to filter your variables:

trim(strip_tags(addslashes($variable)))

and when you print the message don't forget to
stripslashes() to remove the slashes you added with addslashes
__________________
http://feudal-times.net - My PBB Game
http://gwphp.feudal-times.net - My Blog "Gaming With PHP"
freenity is offline   		Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 10:00 AM.

 
     
Contact Us - TalkPHP - PHP Community - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Inactive Reminders By Icora Web Design