From: Jason Pruim [EMAIL PROTECTED]
Here is the relevant code (I think...)
$search = $_GET[search];
$self = $_SERVER['PHP_SELF'];
$qstring = SELECT * FROM current WHERE FName like '%$qstring%' or LName
like '%$qstring%' or Add1 like '%$qstring%' or Add2 like '% $qstring%' or
City like
On Sep 11, 2007, at 1:22 PM, Instruct ICC wrote:
From: Jason Pruim [EMAIL PROTECTED]
Here is the relevant code (I think...)
$search = $_GET[search];
$self = $_SERVER['PHP_SELF'];
$qstring = SELECT * FROM current WHERE FName like '%$qstring%'
or LName like '%$qstring%' or Add1 like
[snip]
I fixed that but the problem still remains... When I preform the
search I get redirected from index.php to edit.php and can't see
where that would happen.
[/snip]
echo $qstring;
$search is not NULL because $search is equal to $_GET[search]. $search
may be empty though.
--
PHP General
Jason Pruim wrote:
On Sep 11, 2007, at 1:22 PM, Instruct ICC wrote:
Also read http://en.wikipedia.org/wiki/SQL_injection
I have read about SQL injection, and I will be scrubbing the data before
searching but the search is only available after logging into the
system. No one who isn't
On Sep 11, 2007, at 2:10 PM, Stut wrote:
Jason Pruim wrote:
On Sep 11, 2007, at 1:22 PM, Instruct ICC wrote:
Also read http://en.wikipedia.org/wiki/SQL_injection
I have read about SQL injection, and I will be scrubbing the data
before searching but the search is only available after
On Sep 11, 2007, at 1:58 PM, Jay Blanchard wrote:
[snip]
I fixed that but the problem still remains... When I preform the
search I get redirected from index.php to edit.php and can't see
where that would happen.
[/snip]
echo $qstring;
$search is not NULL because $search is equal to
[snip]
echo $qstring; produces: SELECT * FROM current WHERE FName like '%%'
or LName like '%%' or Add1 like '%%' or Add2 like '%%' or City like '%
%' or State like '%%' or Zip like '%%' or XCode like '%%' Which is
correct except for it being empty.
I tried to echo $search, but since it
On Sep 11, 2007, at 2:32 PM, Jay Blanchard wrote:
[snip]
echo $qstring; produces: SELECT * FROM current WHERE FName like '%%'
or LName like '%%' or Add1 like '%%' or Add2 like '%%' or City like '%
%' or State like '%%' or Zip like '%%' or XCode like '%%' Which is
correct except for it being
On 9/11/07, Jason Pruim [EMAIL PROTECTED] wrote:
echo $qstring; produces: SELECT * FROM current WHERE FName like '%%'
or LName like '%%' or Add1 like '%%' or Add2 like '%%' or City like '%
%' or State like '%%' or Zip like '%%' or XCode like '%%' Which is
correct except for it being empty.
Jason Pruim wrote:
On Sep 11, 2007, at 2:10 PM, Stut wrote:
Jason Pruim wrote:
On Sep 11, 2007, at 1:22 PM, Instruct ICC wrote:
Also read http://en.wikipedia.org/wiki/SQL_injection
I have read about SQL injection, and I will be scrubbing the data
before searching but the search is only
[snip]
The problem is there's not... At least there's not supposed to be.
The end result that I want is for the search results to end up on the
same page if possible... edit.php is a script I use for editing records.
Maybe I should just do it on a separate page... It might be easier
for
On Sep 11, 2007, at 2:57 PM, Jay Blanchard wrote:
There is no redirection to edit.php? You're calling PHP_SELF so it
should not go anywhere else. Is there any mention of edit.php in the
code?
Correct. PHP_SELF refers to index.php which is the page that the
search is happening on. a few
On Sep 11, 2007, at 2:59 PM, Stut wrote:
Jason Pruim wrote:
On Sep 11, 2007, at 2:10 PM, Stut wrote:
Jason Pruim wrote:
On Sep 11, 2007, at 1:22 PM, Instruct ICC wrote:
Also read http://en.wikipedia.org/wiki/SQL_injection
I have read about SQL injection, and I will be scrubbing the
data
[snip]
Correct. PHP_SELF refers to index.php which is the page that the
search is happening on. a few lines above that there is a reference
to edit.php and here is the code for it:
Sorry for the long cut/paste, but I thought it was important to try
and provide it in context, and the line
On Sep 11, 2007, at 3:37 PM, Jay Blanchard wrote:
[snip]
Correct. PHP_SELF refers to index.php which is the page that the
search is happening on. a few lines above that there is a reference
to edit.php and here is the code for it:
Sorry for the long cut/paste, but I thought it was important
On Tue, 2007-09-11 at 15:20 -0400, Jason Pruim wrote:
echo div class=\nav\A Href=\excelexport.php\Export to Excel/
ABRA href=\logout.php\Logout/ABRa href=\add.shtml\Add
Record/A;
echo P class=\total\Total Records: $num_rows/P/div;
While you're trying to clean up your security approach you
[snip]
Total length is 293 lines.
It redirects before any output of $search is visible.
I put it up as a .txt file at: raoset.com/oldb/index.txt for anyone
who wants to see the code...
I know it repeats it's self, but I couldn't figure out how to get it
to log in and stay logged in right
On Tue, 2007-09-11 at 15:42 -0400, Jason Pruim wrote:
Total length is 293 lines.
It redirects before any output of $search is visible.
I put it up as a .txt file at: raoset.com/oldb/index.txt for anyone
who wants to see the code...
I know it repeats it's self, but I couldn't figure out
On Tue, 2007-09-11 at 15:42 -0400, Jason Pruim wrote:
It redirects before any output of $search is visible.
I put it up as a .txt file at: raoset.com/oldb/index.txt for anyone
who wants to see the code...
I took a look and now I can't get my eyes to stop bleeding. The horror,
the horror!
[snip]
tda href='edit.php?Record={$row['Record']}'Edit/a/td is the
ONLY reference to edit.php in the entire code of that page.
[/snip]
No it isn't. edit.php shows up a couple of times, not the least of which
is row 218;
echo form method='GET' action='edit.php';
Do you know where the closing
On Sep 11, 2007, at 3:58 PM, Robert Cummings wrote:
On Tue, 2007-09-11 at 15:42 -0400, Jason Pruim wrote:
It redirects before any output of $search is visible.
I put it up as a .txt file at: raoset.com/oldb/index.txt for anyone
who wants to see the code...
I took a look and now I can't get
[snip]
I took a look and now I can't get my eyes to stop bleeding. The horror,
the horror! Mixed PHP/HTML is yucky :)
[/snip]
8^{)}
Undoubtedly things could be organized better. Jason did you just sit
down and code or did you walk it through with paper and pencil (or
notepad even)?
--
PHP
On Sep 11, 2007, at 3:59 PM, Jay Blanchard wrote:
[snip]
tda href='edit.php?Record={$row['Record']}'Edit/a/td is the
ONLY reference to edit.php in the entire code of that page.
[/snip]
No it isn't. edit.php shows up a couple of times, not the least of
which
is row 218;
echo form
On Sep 11, 2007, at 4:02 PM, Jay Blanchard wrote:
[snip]
I took a look and now I can't get my eyes to stop bleeding. The
horror,
the horror! Mixed PHP/HTML is yucky :)
[/snip]
8^{)}
Undoubtedly things could be organized better. Jason did you just sit
down and code or did you walk it
[snip]
Son of a Bitch... Soon as I closed that down at line 265 the search
now isn't redirecting to edit.php Do you debug by hand? Or do you
have something that helps you to do that? I've been tearing my hair
out for hours trying to find that and I couldn't see it...
[/snip]
Debugged by
Jay Blanchard wrote:
So Jason you learned three valuable lessons today.
a. plan your code (use paper and pencil or something like it)
b. always account for security
c. comment properly
I'll add two more:
d: Check the source that your script outputs. Send it to the W3C
validator
On 9/11/07, brian [EMAIL PROTECTED] wrote:
e: (my personal opinion) Using echo() to spit out HTML will lead to
*much* heartache and gnashing of teeth. Put a closing PHP tag (?) in
there and let the parser spit out the markup without echo().
i think this is quite opposite. i prefer echo'ing
At 4:01 PM -0400 9/11/07, Jason Pruim wrote:
Son of a Bitch... Soon as I closed that down at line 265 the search
now isn't redirecting to edit.php Do you debug by hand? Or do
you have something that helps you to do that? I've been tearing my
hair out for hours trying to find that and I
28 matches
Mail list logo
