Finding ID
Re: Finding ID
If you add
[syntax=php]var_dump(fetch_users());[/syntax]
somewhere, do you get the ids from that ?
[syntax=php]var_dump(fetch_users());[/syntax]
somewhere, do you get the ids from that ?
Re: Finding ID
hmm...
can you make sure you have error_reporting set to E_ALL, the problem is most likely a misspelled variable and enabling E_NOTICE level messages will show you that right away instead of trying to guess.
can you make sure you have error_reporting set to E_ALL, the problem is most likely a misspelled variable and enabling E_NOTICE level messages will show you that right away instead of trying to guess.
Re: Finding ID
Well that tells you that you can remove the session_start line ![Wink ;)](./images/smilies/icon_e_wink.gif)
But you are looking in the wrong file, the problem has to be in the "page where you choose an account:" file as the $_GET variable is not set right in the URL you post a few posts ago. Also you can remove the session_start in both pages as it is in the init.inc.php file.
![Wink ;)](./images/smilies/icon_e_wink.gif)
But you are looking in the wrong file, the problem has to be in the "page where you choose an account:" file as the $_GET variable is not set right in the URL you post a few posts ago. Also you can remove the session_start in both pages as it is in the init.inc.php file.
Re: Finding ID
It's probably nothing, but in Line 50 [syntax=php]<?php $_GET['$uid']; [/syntax]
Is it supposed to have a $ in it? :S
Is it supposed to have a $ in it? :S
Re: Finding ID
nevermind, i think i had the wrong end of the stick lol
Re: Finding ID
on the latest pages you have there, you are calling for $user['acc_id'] when you are setting it as $user['id']
That one is straight forward enough.
I have tested your coding on my machine, and it seems to work fine. I have looked for the above error in the origional script, and i cant see anything wrong anywhere.
That one is straight forward enough.
I have tested your coding on my machine, and it seems to work fine. I have looked for the above error in the origional script, and i cant see anything wrong anywhere.
Re: Finding ID
uhshosting wrote:no ever since i done the e_all on the one page i had an error on the account page that was trying to fix
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/thailand/public_html/account/core/user.inc.php on line 79
This is a SQL injection vulnerability, essentially, the quotes in the URL are being treated as part of the query, making it's syntax invalid.
uhshosting wrote:so my url is
http:/.com/account/admin/accounts/account.php?uid=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20index:%20%20acc_id%20in%20%3Cb%3E/home/public_html/account/admin/accounts/index.php%3C/b%3E%20on%20line%20%3Cb%3E51%3C/b%3E%3Cbr%20/%3E
the undefined index here means that the link you are clicking uses a variable that is not defined, as the person above this said
![Wink ;)](./images/smilies/icon_e_wink.gif)
Re: Finding ID
uhshosting wrote:thank you i got it working.
Good news, but you also need to make sure you address
jacek wrote:This is a SQL injection vulnerability
Depending on how this is used in the query somebody may be able to use it to steal all of your data.