Thanks a bunch, (sorry that I'm an amateur at this.) How do I set the error
level?
-----Original Message-----
From: Ron Brogden [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 22, 2001 5:46 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP-DB] RedHat 7 vs. Windows 98
At 05:23 PM 2/22/2001 -0700, you wrote:
>I've resolved a similar error by using isset() for if ($id) but when I do
>the same for if (!$id) I get a parse error.
Sounds like you placed the ! in the wrong spot maybe? "if(!isset($foobar))
{}" is fine syntactically as far as I am aware.
>Second error. I'm getting an undefined variable error when I have a blank
>form to make an insert. If I pull up a record to update in the form, there
>is no error, only when I pull up a blank one. Linux seems to have place
>holders in the forms and I don't get the error. Here is a part of the code
>referred to in the error.
My guess is that you are not getting *errors* but spurious *warnings*
because your error_level() is set too high. Set it to 7 and you should
only get meaningful errors and warnings.
>if (isset($id)) {
>$sql="SELECT * FROM tblpeople WHERE id=$id";
Don't do stuff like this *ever* with user defined variables. Bad bad bad.
=) You cannot trust people to not slip in things other than what you
expect into "$id":
foobar.php?id=1+OR+id!=0
This will match everything in your database which could be bad. Also,
MySQL has stated that they are eventually going to allow multiple queries
per call which means that in the above case you can add on a "drop
database" call which is understandably serious.
Always perform sanity checking on user supplied ("tainted") data.
I'll stop preaching now.
=)
Cheers
----------------------------------------------------------------------------
-
Island Net AMT Solutions Group Inc. Telephone: 250
383-0096
1412 Quadra Toll Free: 1 800
331-3055
Victoria, B.C. Fax: 250
383-6698
V8W 2L1 E-Mail:
[EMAIL PROTECTED]
Canada WWW:
http://www.islandnet.com/
----------------------------------------------------------------------------
-
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]