Jump to content

stoped working?

- - - - -
Started by techker, Feb 20 2009 01:32 PM

This topic has been archived. This means that you cannot reply to this topic.
6 replies to this topic

#1
techker
Posted 20 February 2009 - 01:32 PM

techker

    Programmer

  • Members
  • PipPipPipPip
  • 136 posts
hey guys my script was working fine all month..now today i try it out and it gives me an error?

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/openshar/public_html/check.php on line 12
You'll be redirected to your Home Page after (2) Seconds in energie

Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off,

my code


<?php


$myusername=$_GET['user'];

require('config.php'); 

// Connect to server and select databse.


mysql_connect("$host", "$dbusername", "$dbpass")or die("cannot connect");

mysql_select_db("$dbname")or die("cannot select DB");


$sql="SELECT *  FROM 'members' WHERE 'username'= '$myusername'";

$res3 = mysql_query($sql);

$row3 = mysql_fetch_assoc($res3);



?>


<?


 { 

echo "You'll be redirected to your Home Page after (2) Seconds in <b>$myusername</b>";

          echo "<meta http-equiv=Refresh content=2;url=".$row['directory_name'].">";

		  }

?>

it just basicly grabs the user that logs in and gets the path to his folder in a database...

#2
Guest_Jordan_*
Posted 20 February 2009 - 01:40 PM

Guest_Jordan_*
  • Guests
Your script is very vulnerable to SQL Injection, firstly. You do not clean $myusername and you directly execute that in a SQL statement.

What is the value of $_GET['user'] ? If it has a ' or " it or any other character that needs escaping it will cause your SQL to quit working.

#3
techker
Posted 20 February 2009 - 01:45 PM

techker

    Programmer

  • Members
  • PipPipPipPip
  • 136 posts
so what happend?i know i modified it when it stopped working but it's about the same..

so whats wrong?

#4
Guest_Jordan_*
Posted 20 February 2009 - 02:20 PM

Guest_Jordan_*
  • Guests

Jordan said:

What is the value of $_GET['user'] ? If it has a ' or " it or any other character that needs escaping it will cause your SQL to quit working.

What is the answer to those questions?

#5
techker
Posted 20 February 2009 - 06:32 PM

techker

    Programmer

  • Members
  • PipPipPipPip
  • 136 posts
ok but why was it workiing before??

#6
Guest_Jordan_*
Posted 20 February 2009 - 07:56 PM

Guest_Jordan_*
  • Guests
I can't help you unless you answer my questions. Did you even fully read either of my replies?

Posted via CodeCall Mobile

#7
techker
Posted 21 February 2009 - 05:34 AM

techker

    Programmer

  • Members
  • PipPipPipPip
  • 136 posts
shure i did.the $_GET is in the login form.

cause the login forms goes to a check login to see ho is login in.sessions.

afther i made a check.php page to check ho is login in to redirect him in the good folder.

cause in the databse when i register a new memeber i creat a folder with his information and what he needs in it.so every memeber has a diffrent level of scripts.

so the get users name and seclects the information in the databse.

just by replying to this i realized that i should of but it in the check login page..
Back to Database & Database Programming




  1. CODECALL Programming Forum
  2. Web Development Forum
  3. Database & Database Programming
IPB skins by Skinbox