resolving bug
Posted: Fri Mar 26, 2010 8:56 pm
i was checking my php files with Pixy and saw some vulnerability does any one can tell me how do i replace with nonbug-ed lines!?.
also:
also using this line i think is not safe :
lines with red color are with vulnerability.
please someone can help me to avoide these bugs
Code: Select all
$result=mysql_query($sql) or die(mysql_error());Code: Select all
$sql="select * from se_fileuploads where userupload_id=".$_GET['upid'];
$tmp = mysql_query($sql);
$fileupload = mysql_fetch_object($tmp);
$sql="select * from se_users where user_id=$userid";
$temp=mysql_query($sql);
$current_rating=($rating/$count) * 25;
$voted=@mysql_fetch_assoc(@mysql_query("SELECT * FROM se_fileratings WHERE user_id='$uid ' AND userupload_id='$id' "));
if($voted){Code: Select all
readfile("./userfiles/".$name);please someone can help me to avoide these bugs