Finding ID
Re: Finding ID
If you add
[syntax=php]var_dump(fetch_users());[/syntax]
somewhere, do you get the ids from that ?
[syntax=php]var_dump(fetch_users());[/syntax]
somewhere, do you get the ids from that ?
Re: Finding ID
hmm...
can you make sure you have error_reporting set to E_ALL, the problem is most likely a misspelled variable and enabling E_NOTICE level messages will show you that right away instead of trying to guess.
can you make sure you have error_reporting set to E_ALL, the problem is most likely a misspelled variable and enabling E_NOTICE level messages will show you that right away instead of trying to guess.
Re: Finding ID
Well that tells you that you can remove the session_start line 
But you are looking in the wrong file, the problem has to be in the "page where you choose an account:" file as the $_GET variable is not set right in the URL you post a few posts ago. Also you can remove the session_start in both pages as it is in the init.inc.php file.
But you are looking in the wrong file, the problem has to be in the "page where you choose an account:" file as the $_GET variable is not set right in the URL you post a few posts ago. Also you can remove the session_start in both pages as it is in the init.inc.php file.
Re: Finding ID
It's probably nothing, but in Line 50 [syntax=php]<?php $_GET['$uid']; [/syntax]
Is it supposed to have a $ in it? :S
Is it supposed to have a $ in it? :S
Re: Finding ID
nevermind, i think i had the wrong end of the stick lol
Re: Finding ID
on the latest pages you have there, you are calling for $user['acc_id'] when you are setting it as $user['id']
That one is straight forward enough.
I have tested your coding on my machine, and it seems to work fine. I have looked for the above error in the origional script, and i cant see anything wrong anywhere.
That one is straight forward enough.
I have tested your coding on my machine, and it seems to work fine. I have looked for the above error in the origional script, and i cant see anything wrong anywhere.
Re: Finding ID
uhshosting wrote:no ever since i done the e_all on the one page i had an error on the account page that was trying to fix
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/thailand/public_html/account/core/user.inc.php on line 79
This is a SQL injection vulnerability, essentially, the quotes in the URL are being treated as part of the query, making it's syntax invalid.
uhshosting wrote:so my url is
http:/.com/account/admin/accounts/account.php?uid=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20index:%20%20acc_id%20in%20%3Cb%3E/home/public_html/account/admin/accounts/index.php%3C/b%3E%20on%20line%20%3Cb%3E51%3C/b%3E%3Cbr%20/%3E
the undefined index here means that the link you are clicking uses a variable that is not defined, as the person above this said
Re: Finding ID
uhshosting wrote:thank you i got it working.
Good news, but you also need to make sure you address
jacek wrote:This is a SQL injection vulnerability
Depending on how this is used in the query somebody may be able to use it to steal all of your data.