[FX.php List] This is doing my head in...

Joel Shapiro jsfmp at earthlink.net
Mon Nov 26 11:58:16 MST 2007


Hi Steve

A few random thoughts... maybe something will trigger something for  
you...

- You say "the same piece of code at the top of the page gets called  
again" after doing your editing.  Is the code duplicated within that  
same page or are you calling a different page?  Are you using the  
same $_REQUEST['action'] for both parts / all three parts?  (Is there  
any change if you put $_REQUEST['action'] into a $variable at the top  
of the page and then reference that later instead of $_REQUEST 
['action']?)

- Based on Dan's comment, I see you're using $messages[] instead of  
$message.  Do you really store multiple messages here (and later know  
which one to echo)?

HTH,
-Joel


On Nov 26, 2007, at 9:03 AM, DC wrote:

> do you have any checkboxes? sometimes those can be sent to PHP via  
> arrays if the HTML defines the id or name with square brackets. at  
> least that's what your error says - string expected, but array gotten.
>
> GL,
> dan
>
> Steve Winter had written:
>> A typically cryptic, completely off the point, ggt post ;-)
>> As I understand it, the theory of it is that it means that pages  
>> which
>> require data to be posted, and are therefore capable of making  
>> changes to a
>> database are more easily able to be 'hacked' if they use _REQUEST,  
>> since it
>> means that someone could look at the source of your html page,  
>> determine
>> variables about your database, then use a get command to 'attack'  
>> your
>> database, or some such thing of that kind...
>> In the case of that code, it's totally irrelevant, as the user has  
>> to have
>> already logged in to get anywhere that code, they will never be  
>> able to
>> determine its name from the web, since it's a page which is  
>> included by a
>> page which in turn was included previously, based on a series of  
>> 'upstream
>> decisions'...
>> And for the record, the problem still persists, so if anyone can  
>> see any
>> reason why code that will behave correctly when accessed once  
>> round all of a
>> sudden 'flips out' when it's used a short time later...
>> Thanks
>> Steve
>> -----Original Message-----
>> From: fx.php_list-bounces at mail.iviking.org
>> [mailto:fx.php_list-bounces at mail.iviking.org] On Behalf Of Dale  
>> Bengston
>> Sent: Sunday, 25 November 2007 5:12 p.m.
>> To: FX.php Discussion List
>> Subject: Re: [FX.php List] This is doing my head in...
>> Why not?
>> Dale
>> On Nov 25, 2007, at 3:21 AM, Gjermund Gusland Thorsen wrote:
>>> Never use _REQUEST, use _POST or _GET
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>> No virus found in this incoming message.
>> Checked by AVG Free Edition. Version: 7.5.503 / Virus Database:  
>> 269.16.6/1150 - Release Date: 24/11/2007
>> 5:58 p.m.
>>  No virus found in this outgoing message.
>> Checked by AVG Free Edition. Version: 7.5.503 / Virus Database:  
>> 269.16.6/1150 - Release Date: 24/11/2007
>> 5:58 p.m.
>>  _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list



More information about the FX.php_List mailing list