View Single Post
  #18  
Old 24th June 2012, 20:24
Bigjoos's Avatar
Bigjoos Bigjoos is offline
U-232 Dev
 
Join Date: May 2008
United Kingdom
Posts: 244
Default
Quote:
Originally Posted by djhowarth View Post
Looks cool, i like the design nice and basic...

on the demo i came across a notice error, mysql error

Code:
Notice: Undefined index: group in /var/opentracker.nu/demo/library/Acl.php on line 76  Notice: Query fel in /var/opentracker.nu/demo/library/DB.php on line 79 MYSQL_ERROR - 
Database error: Invalid SQL: SELECT * FROM tracker_forum_categories  WHERE category_group <=   ORDER BY category_sort ASC
MYSQL Error: 1064 (You have an error in your SQL syntax; check  the manual that corresponds to your MySQL server version for the right  syntax to use near 'ORDER BY category_sort ASC' at line 4)
This page is unavailable at the moment. Please try again.
And sanitize user input for avatar url because i shouldnt be able to enter the logout url as the avatar pic, on a module like the forums if it shows users avatars then everyone could be logged out...
Aye like djhowarth says - You will never ever trust any user input on a site no matter if its users or staff, to do otherwise is suicide, you ensure all user supplied data is sanitized at $_POST or $_GET ect, you force numeric values to be numeric only, you also sanitize every single mysql query be it a SELECT or UPDATE or INSERT, follow those golden rules and you will have no problem, if you do not have such experience use a framework like suggested although i prefer to manually secure my work, that way i know whats coming in and what wont be.
Reply With Quote