all right so the script is pretty simple it goes it retrives what the
id of the post is and it lets you edit it well no it doesnt.
now if you go to www.kirewire.com/pp2/index/php you will see a number 1
that is the value of collumn home_id which is set to auto increment ect
ect
but this script which gets the id of home_id of a row and lets you edit
it does not work for somereason...
if (isset ($_POST['submit'])) { // Handle the form.
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
// Report on the result.
if (mysql_affected_rows() == 1) {
print '<p>The blog entry has been updated.</p>';
} else {
print "<p>Could update the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // Display the entry in a form.
// Check for a valid entry ID in the URL.
if (is_numeric ($_GET['id']) ) {
// Define the query.
$query = "SELECT * FROM home_id WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
// Make the form.
print '<form action="update_site.php" method="post">
<p>Header: <input type="text" name="header" size="40" maxsize="100"
value="' . $row['header'] . '" /></p>
<p>Body: <textarea name="body" columns="40" rows="5">' . $row['body']
.. '</textarea></p>
<input type="hidden" name="id" value="' . $_GET['id'] . '" />
<input type="submit" name="submit" value="Update your Website!" />
</form>';
} else { // Couldn't get the information.
print "<p>Could retrieve the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // No ID set.
print '<p><b>You must have made a mistake in using this
page.</b></p>';
}
} // End of main IF.
mysql_close(); // Close the database connection.
?>
to see what you get go to www.kirewire.com/pp2/update_site.php
could you please help, thanks, and have a happy thanksgiving 17  2001 
Try "select * from home" instead of "from home_id"...?
$query = "SELECT * FROM home_id WHERE home_id={$_GET['id']}";
so many sites so little time wrote:
all right so the script is pretty simple it goes it retrives what the
id of the post is and it lets you edit it well no it doesnt.
now if you go to www.kirewire.com/pp2/index/php you will see a number 1
that is the value of collumn home_id which is set to auto increment ect
ect
but this script which gets the id of home_id of a row and lets you edit
it does not work for somereason...
if (isset ($_POST['submit'])) { // Handle the form.
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
// Report on the result.
if (mysql_affected_rows() == 1) {
print '<p>The blog entry has been updated.</p>';
} else {
print "<p>Could update the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // Display the entry in a form.
// Check for a valid entry ID in the URL.
if (is_numeric ($_GET['id']) ) {
// Define the query.
$query = "SELECT * FROM home_id WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
// Make the form.
print '<form action="update_site.php" method="post">
<p>Header: <input type="text" name="header" size="40" maxsize="100"
value="' . $row['header'] . '" /></p>
<p>Body: <textarea name="body" columns="40" rows="5">' . $row['body']
. '</textarea></p>
<input type="hidden" name="id" value="' . $_GET['id'] . '" />
<input type="submit" name="submit" value="Update your Website!" />
</form>';
} else { // Couldn't get the information.
print "<p>Could retrieve the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // No ID set.
print '<p><b>You must have made a mistake in using this
page.</b></p>';
}
} // End of main IF.
mysql_close(); // Close the database connection.
?>
to see what you get go to www.kirewire.com/pp2/update_site.php
could you please help, thanks, and have a happy thanksgiving
nope
not working
petersprc wrote:
Try "select * from home" instead of "from home_id"...?
$query = "SELECT * FROM home_id WHERE home_id={$_GET['id']}";
so many sites so little time wrote:
all right so the script is pretty simple it goes it retrives what the
id of the post is and it lets you edit it well no it doesnt.
now if you go to www.kirewire.com/pp2/index/php you will see a number 1
that is the value of collumn home_id which is set to auto increment ect
ect
but this script which gets the id of home_id of a row and lets you edit
it does not work for somereason...
if (isset ($_POST['submit'])) { // Handle the form.
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
// Report on the result.
if (mysql_affected_rows() == 1) {
print '<p>The blog entry has been updated.</p>';
} else {
print "<p>Could update the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // Display the entry in a form.
// Check for a valid entry ID in the URL.
if (is_numeric ($_GET['id']) ) {
// Define the query.
$query = "SELECT * FROM home_id WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
// Make the form.
print '<form action="update_site.php" method="post">
<p>Header: <input type="text" name="header" size="40" maxsize="100"
value="' . $row['header'] . '" /></p>
<p>Body: <textarea name="body" columns="40" rows="5">' . $row['body']
. '</textarea></p>
<input type="hidden" name="id" value="' . $_GET['id'] . '" />
<input type="submit" name="submit" value="Update your Website!" />
</form>';
} else { // Couldn't get the information.
print "<p>Could retrieve the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // No ID set.
print '<p><b>You must have made a mistake in using this
page.</b></p>';
}
} // End of main IF.
mysql_close(); // Close the database connection.
?>
to see what you get go to www.kirewire.com/pp2/update_site.php
could you please help, thanks, and have a happy thanksgiving
"so many sites so little time" <kk*****@gmail.comwrote in message
news:11**********************@45g2000cws.googlegro ups.com...
nope
not working
petersprc wrote:
>Try "select * from home" instead of "from home_id"...?
$query = "SELECT * FROM home_id WHERE home_id={$_GET['id']}";
so many sites so little time wrote:
all right so the script is pretty simple it goes it retrives what the
id of the post is and it lets you edit it well no it doesnt.
now if you go to www.kirewire.com/pp2/index/php you will see a number 1
that is the value of collumn home_id which is set to auto increment ect
ect
but this script which gets the id of home_id of a row and lets you edit
it does not work for somereason...
if (isset ($_POST['submit'])) { // Handle the form.
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
// Report on the result.
if (mysql_affected_rows() == 1) {
print '<p>The blog entry has been updated.</p>';
} else {
print "<p>Could update the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // Display the entry in a form.
// Check for a valid entry ID in the URL.
if (is_numeric ($_GET['id']) ) {
// Define the query.
$query = "SELECT * FROM home_id WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
// Make the form.
print '<form action="update_site.php" method="post">
<p>Header: <input type="text" name="header" size="40" maxsize="100"
value="' . $row['header'] . '" /></p>
<p>Body: <textarea name="body" columns="40" rows="5">' . $row['body']
. '</textarea></p>
<input type="hidden" name="id" value="' . $_GET['id'] . '" />
<input type="submit" name="submit" value="Update your Website!" />
</form>';
} else { // Couldn't get the information.
print "<p>Could retrieve the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // No ID set.
print '<p><b>You must have made a mistake in using this
page.</b></p>';
}
} // End of main IF.
mysql_close(); // Close the database connection.
?>
to see what you get go to www.kirewire.com/pp2/update_site.php
could you please help, thanks, and have a happy thanksgiving
To me petersprc was on the right track. This may not be your main problem
but you still need to fix this part.
"SELECT * FROM home_id WHERE home_id" -"SELECT * FROM home WHERE home_id"
You should be selecting from a table.
Regards,
Brent Palmer.
Alright so im trying that and still no luck the string defines home_id
as home_id={$_GET['id']}' so can i because the collumn i want to select
from is home_id can i say
$query = "SELECT home_id FROM home WHERE home_id={$_GET['id']}; or does
it need to stay wildcard?
Brent Palmer wrote:
"so many sites so little time" <kk*****@gmail.comwrote in message
news:11**********************@45g2000cws.googlegro ups.com...
nope
not working
petersprc wrote:
Try "select * from home" instead of "from home_id"...?
$query = "SELECT * FROM home_id WHERE home_id={$_GET['id']}";
so many sites so little time wrote:
all right so the script is pretty simple it goes it retrives what the
id of the post is and it lets you edit it well no it doesnt.
now if you go to www.kirewire.com/pp2/index/php you will see a number 1
that is the value of collumn home_id which is set to auto increment ect
ect
but this script which gets the id of home_id of a row and lets you edit
it does not work for somereason...
if (isset ($_POST['submit'])) { // Handle the form.
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
// Report on the result.
if (mysql_affected_rows() == 1) {
print '<p>The blog entry has been updated.</p>';
} else {
print "<p>Could update the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // Display the entry in a form.
// Check for a valid entry ID in the URL.
if (is_numeric ($_GET['id']) ) {
// Define the query.
$query = "SELECT * FROM home_id WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
// Make the form.
print '<form action="update_site.php" method="post">
<p>Header: <input type="text" name="header" size="40" maxsize="100"
value="' . $row['header'] . '" /></p>
<p>Body: <textarea name="body" columns="40" rows="5">' . $row['body']
. '</textarea></p>
<input type="hidden" name="id" value="' . $_GET['id'] . '" />
<input type="submit" name="submit" value="Update your Website!" />
</form>';
} else { // Couldn't get the information.
print "<p>Could retrieve the entry because: <b>" . mysql_error() .
"</b>. The query was $query.</p>";
}
} else { // No ID set.
print '<p><b>You must have made a mistake in using this
page.</b></p>';
}
} // End of main IF.
mysql_close(); // Close the database connection.
?>
to see what you get go to www.kirewire.com/pp2/update_site.php
could you please help, thanks, and have a happy thanksgiving
To me petersprc was on the right track. This may not be your main problem
but you still need to fix this part.
"SELECT * FROM home_id WHERE home_id" -"SELECT * FROM home WHERE home_id"
You should be selecting from a table.
Regards,
Brent Palmer.
so many sites so little time wrote:
<snip>
if (isset ($_POST['submit'])) { // Handle the form.
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
<snip>
could you please help, thanks, and have a happy thanksgiving
Check the return value of mysql_* calls.
Where I snipped add
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
Add similar code after *all* relevant mysql_* calls.
When you run the script and there is an error, the script itself will
tell you why it failed. After that you just need to (understand the
reason for failure and) correct the error and try again.
--
I (almost) never check the dodgeit address.
If you *really* need to mail me, use the address in the Reply-To
header with a message in *plain* *text* *without* *attachments*.
so many sites so little time wrote:
<snip>
$query = "UPDATE home SET header='{$_POST['header']}',
This approach id possibly vunarable to SQL-injection.
That is bad.
NEVER trust data coming from GET, POST or COOKIE.
Possibly you have magic quotes enabled in php.ini, but you should at least
check for that.
It is much better to set up your applicatie right from the start than fixing
it afterward (after some funny guy gave the command to delete the database
by inserting that command in your 'header' variable).
Anybody who knows how SQL is formulated can come up with an SQL-injection
command. It is easy.
If you don't know what I am talking about (eg you don't know what magic
quotes are and how they change your data and WHY) then you better take a
break from developing your app and learn about that part first.
Regards,
Erwin Moller
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
</snip>
and
<snip>
// Define the query.
$query = "SELECT * FROM home WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
</snip>
Erwin Moller wrote:
so many sites so little time wrote:
<snip>
$query = "UPDATE home SET header='{$_POST['header']}',
This approach id possibly vunarable to SQL-injection.
That is bad.
NEVER trust data coming from GET, POST or COOKIE.
Possibly you have magic quotes enabled in php.ini, but you should at least
check for that.
It is much better to set up your applicatie right from the start than fixing
it afterward (after some funny guy gave the command to delete the database
by inserting that command in your 'header' variable).
Anybody who knows how SQL is formulated can come up with an SQL-injection
command. It is easy.
If you don't know what I am talking about (eg you don't know what magic
quotes are and how they change your data and WHY) then you better take a
break from developing your app and learn about that part first.
Regards,
Erwin Moller
so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
</snip>
and
<snip>
// Define the query.
$query = "SELECT * FROM home WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
</snip>
Erwin Moller wrote:
Forgive me but I didn't see in your original code where you connected to
the database at all.
You might try running mysql from the command line and copy and pasting
that exact query in. Then play with it until your figure out what's
wrong with the query...
--
Andrew DeFaria <http://defaria.com>
Ever stop to think, and forget to start again?
so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
</snip>
and
<snip>
// Define the query.
$query = "SELECT * FROM home WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
</snip>
Erwin Moller wrote:
Forgive me but I didn't see in your original code where you connected to
the database at all.
You might try running mysql from the command line and copy and pasting
that exact query in. Then play with it until your figure out what's
wrong with the query...
--
Andrew DeFaria <http://defaria.com>
Ever stop to think, and forget to start again?
no no its there its just not important and not connected to the issue
thats why i left it out less code you need to rummage through if that
wasnt working i would get could not connect to database error but here
it is anyway:
<?php // Update_site.php
// This script edits a blog entry using an UPDATE query.
// Address error handing.
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
// Connect and select.
if ($dbc = @mysql_connect ('localhost', 'user', 'pass')) {
if (!@mysql_select_db ('kirewire_tpp')) {
die ('<p>Could select the database because: <b>' . mysql_error() .
'</b></p>');
}
} else {
die ('<p>Could not connect to MySQL because: <b>' . mysql_error() .
'</b></p>');
}
Andrew DeFaria wrote:
so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
</snip>
and
<snip>
// Define the query.
$query = "SELECT * FROM home WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
</snip>
Erwin Moller wrote:
Forgive me but I didn't see in your original code where you connected to
the database at all.
You might try running mysql from the command line and copy and pasting
that exact query in. Then play with it until your figure out what's
wrong with the query...
--
Andrew DeFaria <http://defaria.com>
Ever stop to think, and forget to start again?
--------------080309080406020402070802
Content-Type: text/html; charset=ISO-8859-1
X-Google-AttachSize: 1695
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
so many sites so little time wrote:
<blockquote
cite="mi*************************@j72g2000cwa.goog legroups.com"
type="cite">
<pre wrap="">alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
</snip>
and
<snip>
// Define the query.
$query = "SELECT * FROM home WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
</snip>
Erwin Moller wrote:
</pre>
</blockquote>
Forgive me but I didn't see in your original code where you connected
to the database at all.<br>
<br>
You might try running mysql from the command line and copy and pasting
that exact query in. Then play with it until your figure out what's
wrong with the query...<br>
<pre>-- </pre>
<a href="http://defaria.com">Andrew DeFaria</a><br>
<small><font color="#999999">Ever stop to think, and forget to start
again?</font></small>
</body>
</html>
--------------080309080406020402070802--
p.s. its me so many sites so little time just thought i would use my
real name well part of it
plemon wrote:
no no its there its just not important and not connected to the issue
thats why i left it out less code you need to rummage through if that
wasnt working i would get could not connect to database error but here
it is anyway:
<?php // Update_site.php
// This script edits a blog entry using an UPDATE query.
// Address error handing.
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
// Connect and select.
if ($dbc = @mysql_connect ('localhost', 'user', 'pass')) {
if (!@mysql_select_db ('kirewire_tpp')) {
die ('<p>Could select the database because: <b>' . mysql_error() .
'</b></p>');
}
} else {
die ('<p>Could not connect to MySQL because: <b>' . mysql_error() .
'</b></p>');
}
Andrew DeFaria wrote:
so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
>
agian the queries are:
>
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
</snip>
and
<snip>
// Define the query.
$query = "SELECT * FROM home WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
>
$row = mysql_fetch_array ($r); // Retrieve the information.
</snip>
Erwin Moller wrote:
>
Forgive me but I didn't see in your original code where you connected to
the database at all.
You might try running mysql from the command line and copy and pasting
that exact query in. Then play with it until your figure out what's
wrong with the query...
--
Andrew DeFaria <http://defaria.com>
Ever stop to think, and forget to start again?
--------------080309080406020402070802
Content-Type: text/html; charset=ISO-8859-1
X-Google-AttachSize: 1695
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
so many sites so little time wrote:
<blockquote
cite="mi*************************@j72g2000cwa.goog legroups.com"
type="cite">
<pre wrap="">alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
body='{$_POST['body']}' WHERE home_id={$_POST['id']}";
$r = mysql_query ($query); // Execute the query.
</snip>
and
<snip>
// Define the query.
$query = "SELECT * FROM home WHERE home_id={$_GET['id']}";
if ($r = mysql_query ($query)) { // Run the query.
$row = mysql_fetch_array ($r); // Retrieve the information.
</snip>
Erwin Moller wrote:
</pre>
</blockquote>
Forgive me but I didn't see in your original code where you connected
to the database at all.<br>
<br>
You might try running mysql from the command line and copy and pasting
that exact query in. Then play with it until your figure out what's
wrong with the query...<br>
<pre>-- </pre>
<a href="http://defaria.com">Andrew DeFaria</a><br>
<small><font color="#999999">Ever stop to think, and forget to start
again?</font></small>
</body>
</html>
--------------080309080406020402070802--
so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
Did you fix the SQL-injection vunerability I was warning you about?
No.
Reread my post.
Do yourself a favor and fix it.
Regards,
Erwin Moller
i dont understand what you mean about if i dont get the info from post
where am i going to get it?
Erwin Moller wrote:
so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
Did you fix the SQL-injection vunerability I was warning you about?
No.
Reread my post.
Do yourself a favor and fix it.
Regards,
Erwin Moller
and there server im on is locked down like sadam so there not getting
in to do that and my ftp yeah sure they can try to crack it heh
Erwin Moller wrote:
so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
Did you fix the SQL-injection vunerability I was warning you about?
No.
Reread my post.
Do yourself a favor and fix it.
Regards,
Erwin Moller
plemon wrote:
and there server im on is locked down like sadam so there not getting
in to do that and my ftp yeah sure they can try to crack it heh
It is a common mistake to think you are safe if the server is allright.
If the programmers on the secure server make mistakes, the server cannot do
a thing about it.
If your server is military strength, and runs a webserver running PHP
without magic_quotes_gpc, it is very easy to use SQL-injection, no matter
how 'safe' the server is.
Security is no magic. And it starts with programmers taking it seriously.
If you do not know what SQL-injection is, chances are you didn't write safe
code.
Really, I warned you 3 times in this thread, and you still don't listen.
So my advise is once again: Do yourself a favor, and make sure you
understand what SQL-injection is and how to protect yourself.
Google for it, understand it, then program the rest of your site.
Regards,
Erwin Moller
Erwin Moller wrote:
>so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
Did you fix the SQL-injection vunerability I was warning you about?
No.
Reread my post.
Do yourself a favor and fix it.
Regards,
Erwin Moller
so you are saying i should have magic quotes turned on? im reading up
more on sql injection at the moment still don't understand it at all.
On Dec 1 2006, 8:00 am, Erwin Moller
<since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:
plemon wrote:
and there server im on is locked down like sadam so there not getting
in to do that and my ftp yeah sure they can try to crack it hehIt is a common mistake to think you are safe if the server is allright.
If the programmers on the secure server make mistakes, the server cannot do
a thing about it.
If your server is military strength, and runs a webserver running PHP
without magic_quotes_gpc, it is very easy to use SQL-injection, no matter
how 'safe' the server is.
Security is no magic. And it starts with programmers taking it seriously.
If you do not know what SQL-injection is, chances are you didn't write safe
code.
Really, I warned you 3 times in this thread, and you still don't listen.
So my advise is once again: Do yourself a favor, and make sure you
understand what SQL-injection is and how to protect yourself.
Google for it, understand it, then program the rest of your site.
Regards,
Erwin Moller
Erwin Moller wrote:
so many sites so little time wrote:
alright so i deleted the part about you must have made a mistake in
using this page
and added
if (!$r) {
// There was an error
// for simplicity sake, I'll just print it and exit
exit('Error in query (' . $query . '): ' . mysql_error());
}
and as you can see at kirewire.com/pp2/update_site.php
all it says now is you must have made a mistake in your query
agian the queries are:
<snip>
// Define the query.
$query = "UPDATE home SET header='{$_POST['header']}',
Did you fix the SQL-injection vunerability I was warning you about?
No.
Reread my post.
Do yourself a favor and fix it.
Regards,
Erwin Moller
..oO(plemon)
>so you are saying i should have magic quotes turned on?
No, magic quotes are dead. Turn them off and forget about them.
Thankfully they'll be completely removed in PHP 6.
>im reading up
more on sql injection at the moment still don't understand it at all.
Never(!) trust any data sent in from a client. URL parameters, POST
data, cookies - everything can easily be faked. This not only applies to
databases, but to everything on a server that deals with user-submitted
data. Validate everything and escape it if necessary!
In the case of DBs you have to make sure that _all_ data that goes into
a DB is properly escaped, so that it's not possible for an attacker to
inject his own SQL commands to wreak havoc on your DB.
In PHP there are two more or less ways to do that:
1) Use DB-specific escaping functions, like mysql_real_escape_string()
for example.
2) Use prepared statements as provided by the PDO extension.
Micha This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: James |
last post by:
Hi Guys,
I have searched the web for a script that detects if they have any
other browser then IE 4 and above, it needs to go to
www/domain.com/other_browsers/
Im sure it can be done, but...
|
by: dd_bdlm |
last post by:
This seems like a very silly simple question and I am sure I am doing
something very easy wrong.....but.....I cant get my subreport to
display on my main report! I have tried everything I can think...
|
by: D. Shane Fowlkes |
last post by:
I'm a fairly skilled traditional ASP/VB programmer and am learning .NET. I
was (recently) surprised to read in a book about declaring and defining all
my page Functions in <script...
|
by: Synapse Syndrome |
last post by:
Hi
I've been given what I am told is a PHP script to be used on my server. I
do not know any PHP.
I am trying to use a feature of a program called ArchiCAD. This feauture
allows CAD drawing...
|
by: Jerim79 |
last post by:
Here it is:
<?php
if($_SERVER=='POST'){
$Number=$_POST;
$Email=$_POST;
$Number2=0;
$error=0;
| | |
by: =?Utf-8?B?VHJhY2tz?= |
last post by:
I want to show a specific help page in a .chm file from vb.net. This code
shows the .chm file but it just goes to the first page or shows an error on
the page:
Help.ShowHelp(Me, "myhelp.chm",...
|
by: Bruce |
last post by:
Hi,
I am trying to have my script automate a task, by using os.system, but
I cant get it to work.
manually, outside the script I can do this thing by
C:\echo argument_file | the_program
...
|
by: jabbari |
last post by:
Hello, Please Help us...!
I have a big problem ,so i searched on google and other search engine ,then I realized that so many other people have the same problem and they, all, have'nt been able to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
