|
|
| Re: Got it working finally [message #181580 is a reply to message #181572] |
Wed, 22 May 2013 14:12   |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Wed, 22 May 2013 00:24:54 -0400, richard wrote:
> www.mroldies.net
>
> At least it is functioanl as I want it.
Well done, it's only taken a year.
Not sure that this is supposed to happen though:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
result resource in /home/richbull/public_html/mroldies.net/showtable.php
on line 94
See: http://www.sined.co.uk/tmp/rb/screen1.png
Or this:
Forbidden
You don't have permission to access /showtable.php on this server.
Additionally, a 404 Not Found error was encountered while trying to use
an ErrorDocument to handle the request.
Apache Server at mroldies.net Port 80
See: http://www.sined.co.uk/tmp/rb/screen2.png
This is by way of an object lesson in why you need to listen to people
when they warn you about the need to validate and verify all user input.
--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
|
|
|
|
| Re: Got it working finally [message #181581 is a reply to message #181580] |
Wed, 22 May 2013 17:01 |
 |
richard
Messages: 213
Registered: June 2013
Karma: 0
|
Senior Member |
|
|
On Wed, 22 May 2013 14:12:24 +0000 (UTC), Denis McMahon wrote:
> On Wed, 22 May 2013 00:24:54 -0400, richard wrote:
>
>> www.mroldies.net
>>
>> At least it is functioanl as I want it.
>
> Well done, it's only taken a year.
>
> Not sure that this is supposed to happen though:
>
> Warning: mysql_fetch_array(): supplied argument is not a valid MySQL
> result resource in /home/richbull/public_html/mroldies.net/showtable.php
> on line 94
>
> See: http://www.sined.co.uk/tmp/rb/screen1.png
>
> Or this:
>
> Forbidden
>
> You don't have permission to access /showtable.php on this server.
>
> Additionally, a 404 Not Found error was encountered while trying to use
> an ErrorDocument to handle the request.
> Apache Server at mroldies.net Port 80
>
> See: http://www.sined.co.uk/tmp/rb/screen2.png
>
> This is by way of an object lesson in why you need to listen to people
> when they warn you about the need to validate and verify all user input.
Thanks for the pics.
Since you blocked off part of the URL, how am I to know what you entered to
get the desired result?
I entered 1970 as the year and got the first error message.
So ok, I need to have a check for a valid year.
Obviously, you played around with the values to get these results.
I think most people are NOT going to be doing this.
|
|
|
|
| Re: Got it working finally [message #181583 is a reply to message #181581] |
Wed, 22 May 2013 17:19 |
Tim Streater
Messages: 328
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
In article <hba3x3bnf9sy(dot)1tycntnfday5j$(dot)dlg(at)40tude(dot)net>,
richard <noreply(at)example(dot)com> wrote:
> Obviously, you played around with the values to get these results.
> I think most people are NOT going to be doing this.
I would; I always do. It's a way of discovering whether the site is a
piece of shit or whether the author is a fathead or not.
--
Tim
"That excessive bail ought not to be required, nor excessive fines imposed,
nor cruel and unusual punishments inflicted" -- Bill of Rights 1689
|
|
|
|
| Re: Got it working finally [message #181584 is a reply to message #181581] |
Wed, 22 May 2013 18:44 |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Wed, 22 May 2013 13:01:40 -0400, richard wrote:
> Obviously, you played around with the values to get these results.
> I think most people are NOT going to be doing this.
Indeed, and many other people will do so as well, because they will try
and break your website in a way that gives them access to your data and
your computer, because to them, your computer is a resource that they can
use to send spam and serve up virulent malware to others.
--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]