Page 1 of 1

Undefined index QUERY_STRING... kind of lost...

Posted: Sun Mar 26, 2006 8:08 pm
by danf_1979
Hi:

Following some advice in here, I enabled error_reporting = E_ALL in my server. I found some notices about variables and fixed them. I dont know how to fix this one though:


Notice: Undefined index: QUERY_STRING in /var/www/web25/web/catalog/class.php on line 12

This is the script:

Code: Select all

$threats = array(";", "'", "AS ", "/**/", "/SELECT/","/UNION/" );
if (strpos($_SERVER['PHP_SELF'], "trackback") === false) {
	foreach($threats as $threat) {
		if(stristr($_SERVER['QUERY_STRING'], $threat)) {
			die("Hack!");
		}
	}
}
What is wrong ? Why doesn't recognize de QUERY_STRING?

Posted: Sun Mar 26, 2006 8:16 pm
by gavinandresen
$_SERVER['QUERY_STRING'] isn't set. You can avoid the error by modifying the code to say:

Code: Select all

if(isset($_SERVER['QUERY_STRING']) and stristr($_SERVER['QUERY_STRING'], $threat)) {

Posted: Sun Mar 26, 2006 8:27 pm
by danf_1979
Thanks, It works OK :)