juelpatwary Posted April 5, 2008 Share Posted April 5, 2008 Well I just went to post in my forum on my game (First time post) and an error comes up Topic Posted! QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Query was SELECT * FROM forum_forums WHERE ff_id= It says it posts it (Which it does post it) Then when i go to see my post this comes up QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20, 20' at line 1 Query was SELECT * FROM forum_posts WHERE fp_topic_id=3 ORDER BY fp_time ASC LIMIT -20, 20 Ive just recently installed this mod http://criminalexistence.com/ceforums/index.php?topic=18367.0 But i dont think that caused it... That was my first post and it came up that error... Anyhelp please? Regards Quote Link to comment Share on other sites More sharing options...
Halo Posted April 5, 2008 Share Posted April 5, 2008 Re: Forum error Are you sure you never deleted any of the queries when you installed my mod Quote Link to comment Share on other sites More sharing options...
Halo Posted April 5, 2008 Share Posted April 5, 2008 Re: Forum error Try and uploading your old forums before you installed my mod, if it dosn't work you got a weird error Quote Link to comment Share on other sites More sharing options...
juelpatwary Posted April 5, 2008 Author Share Posted April 5, 2008 Re: Forum error Okey ill try, And no i didnt delete anything :| Quote Link to comment Share on other sites More sharing options...
juelpatwary Posted April 5, 2008 Author Share Posted April 5, 2008 Re: Forum error Yeah i can post properly now, But i cant see the post i first did, It just came up that error again - but its fine now if i make a new topic... Anyway when i try to delete the post(My first one) It comes up this Fatal error: Call to a member function query() on a non-object in /home/bfp111/public_html/forums.php on line 703 On line 703 is this $q=$db->query("SELECT * FROM forum_topics WHERE ft_id={$_GET['topic']}"); Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted April 6, 2008 Share Posted April 6, 2008 Re: Forum error Try: $_GET['topic'] = abs(@intval($_GET['topic'])); $q = mysql_query("SELECT * FROM forum_topics WHERE ft_id='{$_GET['topic']}'") or die(mysql_error()); :wink: added some security in there ;D Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted April 6, 2008 Share Posted April 6, 2008 Re: Forum error giggle Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted April 6, 2008 Share Posted April 6, 2008 Re: Forum error giggle Was it supposed to be funny? Because i did say "Added some security in there" Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted April 6, 2008 Share Posted April 6, 2008 Re: Forum error Yes I did manage to read what you posted ... A better (and safer) method is: <?php $topic = isset($_GET['topic']) && is_string($_GET['topic']) && preg_match("`^\d+$`ims", $_GET['topic']) ? @intval($_GET['topic']) : 0; $sql = sprintf("SELECT * FROM `forum_topics` WHERE (`ft_id` = %u)", $topic); $rs = mysql_query($sql); if (!is_resource($rs)) { die("<tt>Database Error</tt>"); } ?> There are several important things here ... Safely retrieve the topic id# Define the SQL query Check the result You will notice, I am not checking for topic id #0 - I will leave that up the skilled "coders" to figure out. You will also notice I am not display the actual SQL error (if any) - Why? Once you learn that, you will then understand more about how security is defined. Quite simple - Never give ANY clues as to how the system is running. Security is not something that can ever be added easily to a system. Yes, I'm far more strict than most on it, but with good reason. Commercially I have to maintain a lot of rather sensitive databases and whilst I'm self-employed with no true written agreement between myself and my clients, at the end of the day it's my ass that will get chewed if anyone subverts any of the security layers. So think *very* careful about what you do - If you only add "some" security - you are really not helping. The more experienced developers understand that it takes a while to learn these tricks, but learn them you must in order to retain a stable product. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.