Being paranoid on security issues and being a Novice in that area and SQL, I have this nagging doubt:
I get this error message when I change the cid in a Sql Query to a character or ' or ". (testing for SQL injection basics)
------------------------------------------------------------------------------------
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/foocom/public_html/owcom/includes/sql_layer.php on line 286
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/foocom/public_html/owcom/includes/sql_layer.php on line 286
Category: Main/
Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/foocom/public_html/owcom/includes/sql_layer.php on line 286
---------------------------------------------------------------------------------
Is this normal? Is there anyway to hide this output and instead say 'try again' or something to that effect?
Thanks
jup
sixonetonoffun Major
Joined: Jan 13, 2003
Posts: 892
Posted:
Wed Jul 16, 2003 11:32 am
At the least its a simple path disclosure. I don't see that its exploitable as an injection so to speak.
If your site is 100% operational without errors and your on an apache server with access to the .htaccess file. You can use the php_flag directive to shut display errors off. Warning warning don't do this if your not 100% sure of your site working and remember if you are having trouble to comment this out for debugging purposes.
Just add this line to .htaccess
Code:
php_flag display_errors off
There are other directives that can be used to log errors rather then output them to the screen. I'm not goin there if you need that you'll have to investigate a little.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
