On Sun, Aug 31, 2008 at 10:36 PM, Evert Lammerts <evert.lammerts@xxxxxxxxx>wrote: > In PHP5 register_globals defaults to "off". You can either switch it > back on through your php.ini and restart your webserver, or change all > PHP_SELF references to $_SERVER['PHP_SELF']. See if that fixes your > problem. I already have php_admin_flag register_globals 1 in the VirtualHost config for that site, so it should be on already. So I guess I'll try changing the references anyway jic. > > > I hope you understood the SQL injection problem I pointed out. Anybody > can drop your database, so do fix it! Will do, thanks. Gav... > > > On 8/31/08, Gav <ipv6guru@xxxxxxxxx> wrote: > > On Sun, Aug 31, 2008 at 9:27 PM, Evert Lammerts > > <evert.lammerts@xxxxxxxxx>wrote: > > > >> You don't need to print the query anymore - I already did that. You > >> need to change your code because right now it is open for SQL > >> injection attacks: I added some SQL to the url and generated an SQL > >> error (http://www.iwdp.co.uk/list.php?region=1&start=30,2). When you > >> retrieve start, e.g. $_GET['start'], do a check to make sure the value > >> is an integer. > >> > >> The good news is that the query looks fine: > >> SELECT d.id AS id FROM designers d, designer_regions dr WHERE > >> dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC > >> LIMIT 0, 30; > >> > >> Can you run this query directly on the database and see what the result > >> is? > > > > > > *SQL query:* SELECT d.id AS id FROM designers d, designer_regions dr > WHERE > > dr.region_id=1 AND dr.designer_id=d.id AND d.view=1 ORDER BY d.id ASC > LIMIT > > 0, 30; > > *Rows:* 30 id 2 4 5 11 43 63 86 99 117 119 158 165 233 272 > > 290 305 328 335 363 396 414 425 430 436 459 489 490 518 536 > > 554 > > > >> > >> > >> Also check if you get an error after setting error_reporting to E_ALL. > > > > > > Yup, I left it up there at http://www.iwdp.co.uk/list.php > > > > The PHP_SELF being referred to as undefined is in the included file > > generic.php :- > > > > class DropNav > > { > > var $items =array(); > > var $head; > > var $body; > > > > // CONSTRUCTOR > > function DropNav() > > { > > } > > > > // PUBLIC > > function renderHead() > > { > > $this->buildHTML(); > > print $this->head; > > } > > > > // PUBLIC > > function renderBody() > > { > > $this->buildHTML(); > > print $this->body; > > } > > > > // PUBLIC > > function addItem( $url, $desc ) > > { > > $this->items[] = array( "url" => $url, "desc"=>$desc ); > > } > > > > // PRIVATE > > function buildHTML() > > { > > global $PHP_SELF; > > $this->body = "<form action=\"$PHP_SELF\">\n"; > > $this->body .= "\t<p><select name=\"newLocation\" > > onchange=\"jumpPage(this.form.newLocation)\">\n"; > > foreach ( $this->items as $item ) > > { > > $this->body .="\t\t<option value=\"".$item[url]."\">"; > > $this->body .= $item[desc]; > > $this->body .="</option>\n"; > > } > > > > $this->body .= "\t</select></p>\n</form>\n"; > > > > $this->head = "<script type=\"text/javascript\">\n"; > > $this->head .= "<!-- > > function jumpPage( newLoc ) > > { > > newPage = newLoc.options[newLoc.selectedIndex].value; > > if ( newPage != \"\" ) > > { > > window.location.href=newPage; > > } > > } // -->\n"; > > $this->head .= "</script>\n\n"; > > } > > } > > > > Thanks > > > > Gav... > > > > > >> > >> On Sun, Aug 31, 2008 at 1:16 PM, Evert Lammerts > >> <evert.lammerts@xxxxxxxxx> wrote: > >> > The code you've sent seems to be fine, and if I check your website it > >> > does everything it should do in terms of filtering - if I select > >> > Tayside as a region I get a development company with the region set to > >> > Tayside. It seems to me that this means the problem is not in one of > >> > the subclasses of ProfileList, so not a compatibility issue on that > >> > level ($this->query works fine). > >> > > >> >> while( $row = $db->getrow() ) > >> > seems to stop after one loop. This is either because there are no more > >> > results - the query is limited to 1, so $count=1 - or because > >> > $db->getRow generates an error. > >> > > >> >> COUNT and $count look like they have different roles to me, COUNT is > >> >> the > >> amount of > >> >> designers to be listed per page, $count is the number of designers to > >> >> be > >> listed altogether, > >> >> so 150 designers would give me 5 pages of 30 designers. > >> > > >> > In ProfileList::render the query is appended with "LIMIT $start, > >> > $count", and the results of the query all seem to be rendered. This > >> > probably means that $count and COUNT should have the same value - 30 - > >> > and that the render function is initially called with the global > >> > variable COUNT as parameter. > >> > > >> > To check what goes wrong you first need to set error_reporting to > >> > E_ALL in php.ini and restart your webserver, or add the line > >> > error_reporting(E_ALL); at the beginning of you code. After that you > >> > need to print the query from ProfileList::render. Can you adjust the > >> > function and add var_dump($q); after the line $q = $q." LIMIT $start, > >> > $count ";? > >> > > >> > Evert > >> > > >> > > > > > > > > -- > > Gav... > > > > [LinkedIn : http://www.linkedin.com/in/ipv6guru] > > > > www.16degrees.com.au | www.iwdp.co.uk | www.minitutorials.com > > > > (Sponsorship slots available on above three sites!) > > > -- Gav... [LinkedIn : http://www.linkedin.com/in/ipv6guru] www.16degrees.com.au | www.iwdp.co.uk | www.minitutorials.com (Sponsorship slots available on above three sites!)
