Bitcoin Forum

Other => Off-topic => Topic started by: Raunkus2 on January 02, 2017, 02:34:54 AM


Title: I need help debugging php
Post by: Raunkus2 on January 02, 2017, 02:34:54 AM
In these few php lines, the first and the last lines are executed without any problem, but the middle two lines are ignored as if they are not even there.  Any suggestions?

Code:
echo "<script type='text/javascript'>alert('Web Site Under Test -- line 440');</script>";

$tempstr = addslashes($where_sql);
echo "<script type='text/javascript'>alert('$where_sql -- '".$where_sql."');</script>";

echo "<script type='text/javascript'>alert('Web Site Under Test -- line 445');</script>";

Title: Re: I need help debugging php
Post by: goivvy on January 02, 2017, 11:30:11 AM
put

ini_set('display_errors', 1);

at the top and run it again - do you any errors?

is $where_sql initialized?


Title: Re: I need help debugging php
Post by: Bitsky on January 02, 2017, 01:13:27 PM
Code:
echo "<script type='text/javascript'>alert('Web Site Under Test -- line 440');</script>";

$tempstr = addslashes($where_sql);
echo "<script type='text/javascript'>alert('$where_sql -- ".$where_sql."');</script>";

echo "<script type='text/javascript'>alert('Web Site Under Test -- line 445');</script>";

Title: Re: I need help debugging php
Post by: maybach1980 on January 02, 2017, 04:21:44 PM
Brisky had fixed it for u, but i would like to suggest also : addslashes use it only on POST & GET variables, do not use it with full query
for example
$mypost = addslashes($_GET['id']);
$sql = "SELCET * FROM `tables` WHERE `id`='.$mypost';";

Title: Re: I need help debugging php
Post by: Bitsky on January 02, 2017, 08:49:37 PM
Quote from: maybach1980 on January 02, 2017, 04:21:44 PM
Brisky had fixed it for u, but i would like to suggest also : addslashes use it only on POST & GET variables, do not use it with full query
for example
$mypost = addslashes($_GET['id']);
$sql = "SELCET * FROM `tables` WHERE `id`='.$mypost';";
It's 2017. Stop building queries like that, use prepared statements and forget all those crutches to avoid injections.

Title: Re: I need help debugging php
Post by: maybach1980 on January 02, 2017, 09:53:00 PM
im not the one who is using???

Title: Re: I need help debugging php
Post by: Bitsky on January 03, 2017, 12:02:32 AM
Quote from: maybach1980 on January 02, 2017, 09:53:00 PM
im not the one who is using???
I'm talking about your example. It's bad practice and should be deprecated.
Building queries like that is the reason why injections exist and are so common.
addslashes shouldn't exist in PHP, nor should it's replacement mysqli_real_escape_string because it promotes bad code.

Title: Re: I need help debugging php
Post by: cryptocoinplay on January 03, 2017, 09:32:24 AM
I don't know php really, just came here to learn something form you guys!!!

Title: Re: I need help debugging php
Post by: maybach1980 on January 03, 2017, 03:12:26 PM
Quote from: Bitsky on January 03, 2017, 12:02:32 AM
Quote from: maybach1980 on January 02, 2017, 09:53:00 PM
im not the one who is using???
I'm talking about your example. It's bad practice and should be deprecated.
Building queries like that is the reason why injections exist and are so common.
addslashes shouldn't exist in PHP, nor should it's replacement mysqli_real_escape_string because it promotes bad code.
of-course is not safe...its been years i do not see it getting used. i didn't said it is or using it. just gave a suggestion to the OP so he wont get error...


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines