Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > PHP Error


PHP Error




Posted by Danny159, 08-25-2007, 12:58 PM
Hey I am in the process of making a new script for my company and i have got to the bit where clients can edit there details and when i click the edit button i get this error: is this the script or the server? If its the script i will post it and it would be grate if you could edit this to work for me Thanks Danny
Posted by dollar, 08-25-2007, 01:03 PM
That looks like the script, specifically the portion where it is making a MySQL call. The syntax on your mysql call is improper in one way or another for the version of MySQL that your host is using. Feel free to post the script around line 13
Posted by Danny159, 08-25-2007, 01:08 PM
like 13 is so heres the script:
Posted by dollar, 08-25-2007, 01:11 PM
far As PHP is concerned line 13 is the 13th line of PHP code (not the HTML in between). With a quick glance the problem most likely is here: If you notice the comma after $edphone shouldn't be there. It would be much like me writing this to you: I need an apple, a pear, an orange, and a grapefruit, from the store. <- Notice how the last comma makes you read it as if there should be another item on the list? MySQL is thinking the same thing.
Posted by Steve_Arm, 08-25-2007, 01:22 PM
A nice hackable form.
Posted by Danny159, 08-25-2007, 01:52 PM
how do i make it unhackable.. becasue you need to get through the check.php file to access this bit...
Posted by Danny159, 08-25-2007, 01:53 PM
btw thanks for your help ill have a go
Posted by Steve_Arm, 08-25-2007, 01:55 PM
You have to validate your input. Are the POST strings what they suppose to be?
Posted by Danny159, 08-25-2007, 02:03 PM
Yes becasue it findes whats in the database and put it intp the text fields then then you have edited it and press 'edit' it overwrights the current data in the database so yes it needs to POST to get the new info
Posted by Steve_Arm, 08-25-2007, 02:09 PM
I didn't mean that. I meant that someone can type whatever they want in there, $edusername = $_POST[edusername]; is not enough. I can type some code there and have it entered in the database or inject the SQL easily.
Posted by Danny159, 08-25-2007, 02:16 PM
but that just get it from the hidden file so they cant edit there username anyway
Posted by Danny159, 08-25-2007, 02:31 PM
ohhhhhhhhhh i just got what you mean! i need to take out the , !!!!!!!!!!!! am i right
Posted by ThatScriptGuy, 08-25-2007, 04:00 PM
Yes, that last comma is causing your problem. But you need to validate your user input in that form. If you are expecting a user to enter only alpha-numeric characters, then you need to check to make sure they've ONLY entered alpha-numeric characters before you process the data....Otherwise you're just asking to be hacked
Posted by Danny159, 08-25-2007, 04:06 PM
thats what the check.php is... so only the user logged in can edit them.. Content of check.php
Posted by ThatScriptGuy, 08-25-2007, 04:14 PM
You're not getting it. Without checking the user input, the user could enter something like into the input box. This is a very basic sql injection technique and your form is vulnerable unless you fix it.
Posted by Xenatino, 08-25-2007, 04:18 PM
With your code, if I was to enter username'; DELETE FROM users WHERE username!='username into the username field, then your query: would become: Is that what you really want? (The above is purely an example, that will probably not work, however illustrates the point) Take a look into http://www.php.net/mysql_real_escape_string
Posted by Steve_Arm, 08-25-2007, 04:20 PM
Back The minimum: + you don't authorize access just by checking the session variable, in reverse you use the session variable to check. Query the db - WHERE username = $_SESSION['username'] AND .... and if there is an entry in the database you let him in. Again minimal example.
Posted by Danny159, 08-25-2007, 04:28 PM
ohhhhhh ok sorry guys im very tiered and an abit dense today lol Thanks for all your help Danny


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
how to create a regluar user with root privilege (Views: 735)
Suggestions for Linus Server Management companies (Views: 744)
Cheap Linux Reseller (Views: 698)
Flexihostings.net Down (Views: 787)
Please help decide to go for Eleven2 for reseller or not ! (Views: 700)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.