Posted by Mark Rees on 10/19/05 12:43

> > I have a website that redirects users to the "intro_page" via the start
page
> > if they enter the website anywhere except the start page. Here's the
script
> > for the start page. The first bit checks to see if the forwarding page
has
> > set the "s" value. If it has then it finds the appropriate website name,
logo
>
> > etc. This is to tailor make the look and feel of the site according to
where
> > it has come from.
> >
> > Here's the script. It doesn't go to intro_page.php. It just sits on
> > start.php.
> >
> > I'm using PHP5 and MySQL 4.1.14.
> > <?php
> > session_start();
> > session_destroy();
> > include("./general_scripts_etc/header1.php");
> > $s=$_GET['s'];

VALIDATE $s
Make sure it is set
Make sure it is in the right format (string? Certain length?)
Before you feed it into the DB

> > $query="SELECT * FROM site_data WHERE site_name='$s'";
> > $result=@mysql_query($query);
> > $num=mysql_num_rows($result);
> > if ($num==0)
> > {
> > $query="SELECT * FROM site_data WHERE site_number='1'";

Why are you storing an integer as a string?
Shouldn't this be without the quotes:
site_number=1";

• Next in forum: Re: snmp: string index in OID is considered invalid :-(
• Prev in forum: Re: How do I replace a '_' with a space ?
• Thread view: Re: Redirection script

[Reply to this message]