On Wed, May 11, 2011 at 2:25 PM, Curtis Maurand <curtis@xxxxxxxxxxx> wrote: > > > Marc Guay wrote: > >> Does anyone have any ideas? > > > > Sounds like it's getting caught in a loop. Post the whole script > for > > best results. > > > It looks like the site is > under attack, because I keep seeing the query, "SELECT catagory_parent FROM > t_catagories where catagory_ID=" . > $_currentCat" > > where $_currentCat is equal to a > value not in the database. The only way that this can happen is if > the page is called directly without going through the default page. > > > the script follows. its called leftNav.php > [MASSIVE SNIP] Well, from what I saw while wading through your code, you allow unsanitized variables to be concatenated to your queries. Big no-no! For ANY client-generated variable, always sanitize with mysql_real_escape_string. In fact, sanitize all your variables. It can't hurt. Also, please don't take a request for your entire code too literally. We don't like to see pages and pages and pages of code, just the pertinent bits. -- --Zootboy Sent from my PC.
