|
database error message(FIXED) I received several error messages this morning like the one below. Any idea what would cause this? Thanks. Quote:
|
well I would like to know how the query is running for one. Notice the wrap saying is_numeric($cat) well thats definitely not a numeric cat. elseif ( is_numeric($cat) ) { $query = "SELECT id,catname,template FROM {$Globals['pp_db_prefix']}categories WHERE id=$cat"; $ctitleq = ppmysql_query($query, $link); if ( $ctitleq ) { list( $catid, $thecatname, $Globals['cattemp'] ) = mysql_fetch_row($ctitleq); } I would not worry probally an quirk but I do the query is properly sanitized. $cat is ran through the typecast function and there is even a constraint phrase to only run this query is cat is numeric |
I have no idea where this came from. The assumption is that someone was in the PHoto Gallery and clicked on something that generated the error message to me. I had about a dozen of them in the inbox this morning. |
Okay most likely a spider. I dont see how that query would run still. You can do this though WHERE id='$cat'"; just encapsulate $cat like so '$cat' and you will not get the errors |
Where do I make that change? Do you think it is necessary or should I just forget it? Thanks Chuck! |
You dont have to make it as I think this is a spider doing it but it still boggles my mind how that cat string is getting past the php internal is_numeric clause we use to only run that query if cat is numeric. You can surpress the error by encapsulating the variable which means this In the query meantioned just make WHERE id=$cat to WHERE id='$cat' |
| All times are GMT -5. The time now is 01:58 AM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0