.htaccess help

**CreativityKills** · 19.10.10, 17:45

Your coding is INSECURE and can be exploited or injected sumway through register_globals. When u turn it on, it registers a global, when u dont global request vars dnt register thus ur error.

**shakil420** · 19.10.10, 18:35

here is my error line code

$sql = "SELECT id, shout, shouter, shtime , shid FROM 420_shout WHERE shid='".$shid."' ORDER BY shtime DESC LIMIT $limit_start, $items_per_page";

why this code needs php_flag register_globals on ?? if i use it then no errors occured if not then error !! help me MGIGS bro

Added after 40 minutes:

thank u Mgigs bro i got the concept thanx a lot

**something else** · 19.10.10, 23:37

Your error is your not collecting the variable $shid (nothing is assigned to it) ... so you need something like this:
$shid = $_GET['shid'];

**shakil420** · 20.10.10, 01:40

Yes something else bro.

**shakil420** · 20.10.10, 05:28

now another problem page next or previous option not working when i wanto see my shout history !!

**khan** · 20.10.10, 08:26

All these problem occurs as because of your code is basically made for global registering and your server regs global is off. but if you turn it on your site is on in danger.

use all strng like someting_else writes. $code = $GET_['code'];

**CreativityKills** · 20.10.10, 08:50

If ur script cant work with globals off then its not work jerking over.

**shakil420** · 20.10.10, 15:57

What is global registering.i need basic idea to understand.

**CreativityKills** · 21.10.10, 11:23

PHP Code:


// Psedo code

if($_POST['password'] === 'foo')

{

 $authorized = TRUE;

}



if($authorized)

{

 echo 'logged in';

}

else

{

 echo 'logged out';

}

The code above doesnt look like its got any problems. But visiting http://site.com/file.php?authorized=1 with register globals on will log the user in, but with it off it wont. Basically i can assign values to vars with globals on. Bear in mind tho that the register_globals function is not insecure, its the user coding that is. With good coding practise, u can work with it on. Example

PHP Code:


// Psedo code

$authorized = FALSE;



if($_POST['password'] === 'foo')

{

 $authorized = TRUE;

}



if($authorized === TRUE)

{

 echo 'logged in';

}

else

{

 echo 'logged out';

}

By defining variables first, you can be a tad safer. Bt generally, its nt worth getting stoned over, turning off global registering is waay easier.

**shakil420** · 21.10.10, 18:40

0w thats it.thanx bro mGigs.

**CreativityKills** · 21.10.10, 21:12

ok anytime. . .

.htaccess help

.htaccess help

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment