Bitcoin Forum
June 23, 2024, 08:19:41 AM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: I need help debugging php  (Read 545 times)
Raunkus2 (OP)
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
January 02, 2017, 02:34:54 AM
 #1

In these few php lines, the first and the last lines are executed without any problem, but the middle two lines are ignored as if they are not even there.  Any suggestions?

Code:
echo "<script type='text/javascript'>alert('Web Site Under Test -- line 440');</script>";

$tempstr = addslashes($where_sql);
echo "<script type='text/javascript'>alert('$where_sql -- '".$where_sql."');</script>";

echo "<script type='text/javascript'>alert('Web Site Under Test -- line 445');</script>";

goivvy
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile WWW
January 02, 2017, 11:30:11 AM
 #2

put

ini_set('display_errors', 1);

at the top and run it again - do you any errors?

is $where_sql initialized?

Bitsky
Hero Member
*****
Offline Offline

Activity: 576
Merit: 514


View Profile
January 02, 2017, 01:13:27 PM
 #3

Code:
echo "<script type='text/javascript'>alert('Web Site Under Test -- line 440');</script>";

$tempstr = addslashes($where_sql);
echo "<script type='text/javascript'>alert('$where_sql -- ".$where_sql."');</script>";

echo "<script type='text/javascript'>alert('Web Site Under Test -- line 445');</script>";

Bounty: Earn up to 68.7 BTC
Like my post? Feel free to drop a tip to 1BitskyZbfR4irjyXDaGAM2wYKQknwX36Y
maybach1980
Member
**
Offline Offline

Activity: 90
Merit: 10

<<<<>>>>>><<<


View Profile
January 02, 2017, 04:21:44 PM
 #4

Brisky had fixed it for u, but i would like to suggest also : addslashes use it only on POST & GET variables, do not use it with full query
for example
$mypost = addslashes($_GET['id']);
$sql = "SELCET * FROM `tables` WHERE `id`='.$mypost';";

xxx
Bitsky
Hero Member
*****
Offline Offline

Activity: 576
Merit: 514


View Profile
January 02, 2017, 08:49:37 PM
 #5

Brisky had fixed it for u, but i would like to suggest also : addslashes use it only on POST & GET variables, do not use it with full query
for example
$mypost = addslashes($_GET['id']);
$sql = "SELCET * FROM `tables` WHERE `id`='.$mypost';";
It's 2017. Stop building queries like that, use prepared statements and forget all those crutches to avoid injections.

Bounty: Earn up to 68.7 BTC
Like my post? Feel free to drop a tip to 1BitskyZbfR4irjyXDaGAM2wYKQknwX36Y
maybach1980
Member
**
Offline Offline

Activity: 90
Merit: 10

<<<<>>>>>><<<


View Profile
January 02, 2017, 09:53:00 PM
 #6

im not the one who is using???

xxx
Bitsky
Hero Member
*****
Offline Offline

Activity: 576
Merit: 514


View Profile
January 03, 2017, 12:02:32 AM
 #7

im not the one who is using???
I'm talking about your example. It's bad practice and should be deprecated.
Building queries like that is the reason why injections exist and are so common.
addslashes shouldn't exist in PHP, nor should it's replacement mysqli_real_escape_string because it promotes bad code.

Bounty: Earn up to 68.7 BTC
Like my post? Feel free to drop a tip to 1BitskyZbfR4irjyXDaGAM2wYKQknwX36Y
cryptocoinplay
Sr. Member
****
Offline Offline

Activity: 293
Merit: 250


https://tinyurl.com/cheapVPS200


View Profile WWW
January 03, 2017, 09:32:24 AM
 #8

I don't know php really, just came here to learn something form you guys!!!

maybach1980
Member
**
Offline Offline

Activity: 90
Merit: 10

<<<<>>>>>><<<


View Profile
January 03, 2017, 03:12:26 PM
 #9

im not the one who is using???
I'm talking about your example. It's bad practice and should be deprecated.
Building queries like that is the reason why injections exist and are so common.
addslashes shouldn't exist in PHP, nor should it's replacement mysqli_real_escape_string because it promotes bad code.
of-course is not safe...its been years i do not see it getting used. i didn't said it is or using it. just gave a suggestion to the OP so he wont get error...

xxx
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!