Include problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Subberke
Forum Newbie
Posts: 5
Joined: Sun Aug 31, 2003 2:13 pm

Include problem

Post by Subberke »

Hello, i have a log in system with 3300 users. With that system i created an admin panel.

The admin panel i made can aprove or deny users and edit everything of their account.

everything worked perfect until now, the includes sometimes don't respond.

if i click on a link it includes a page. now sometimes it includes, sometimes is just doesnt and gives the default page i programmed.

Is it because of the database?
Is it because of a bug in the newest PHP version?

i don't know? I can't be my script cause it worked fine for 4 months and since now it doesn't

please help me,

greetz,

Subberke
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Hard to tell with so little information. Possible to link to the files/paste some code that you think might have the issue?
Subberke
Forum Newbie
Posts: 5
Joined: Sun Aug 31, 2003 2:13 pm

Post by Subberke »

it's not my code, i'm sure of it. Since a week or 2 every include i use just doesn't react always.

say i have a link

<a href="index.php?link=test>test</a>

and this code

if ($link == "")
{
include("empty.php");
}
elseif ($link == "test");
{
include("testpage.php");
}
else
{
include("error.php");
}


if i should click the link, somethimes it wil show the testpage somethimes it will show the error page
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Aha!
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Opps, that wasn't a very good post was it? Hehe...

Sounds that your struck by the register_globals syndrome... Read the last link in my signature... (Especially the $_GET part)
Subberke
Forum Newbie
Posts: 5
Joined: Sun Aug 31, 2003 2:13 pm

Post by Subberke »

ok i was changing everything but now i'm stuck in my script

normally i did this

$query = "SELECT * FROM users WHERE naam = '$user' AND paswoord = '$pass'";

but now...

$query = "SELECT * FROM users WHERE naam = '$_REQUEST['user']' AND paswoord = '$_REQUEST['pass']'";

this doesnt work :?
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Code: Select all

from
$query = "SELECT * FROM users WHERE naam = '$_REQUEST&#1111;'user']' AND paswoord = '$_REQUEST&#1111;'pass']'"; 
to
$query = "SELECT * FROM users WHERE naam = '$_REQUEST&#1111;user]' AND paswoord = '$_REQUEST&#1111;pass]'";
Notice the singel quotes in the $_REQUEST vars?
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Subberke wrote:$query = "SELECT * FROM users WHERE naam = '$_REQUEST['user']' AND paswoord = '$_REQUEST['pass']'";

this doesnt work :?
Concatenate:

Code: Select all

<?php
 "SELECT * FROM users WHERE naam='" . $_REQUEST['user']  . "' AND paswoord='" . $_REQUEST['pass'] . "'";

?>
It's slightly more secure if you use $_POST or $_COOKIE (wherever it is user and pass come from) rather than $_REQUEST since this at least leaves a single avenue of attack.

Does your script perform any checks on user input?
Last edited by McGruff on Wed Aug 10, 2005 8:13 pm, edited 1 time in total.
Subberke
Forum Newbie
Posts: 5
Joined: Sun Aug 31, 2003 2:13 pm

Post by Subberke »

my script goes in mysql database

looks for the row where username and pasword are correct

if the row returns 1 then it allows access

i was solving it by doing this

$username = $_REQUEST[user];

and then SELECT * FROM database WHERE name = '$username' ...
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

McGruff and I had the same answer, but a different path to it, it seems.

$username = $_REQUEST[user];
Doesn't that generate any errors, as youre not using any single quotes? (Ignore if it was just typed as demonstrative purposes)
Subberke
Forum Newbie
Posts: 5
Joined: Sun Aug 31, 2003 2:13 pm

Post by Subberke »

was an example :-)

i use the single quotes in the script ;)

thx for the concerns ;)
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Yah well, you never know. :D
Post Reply