Quote:
Originally Posted by djhowarth
Looks cool, i like the design nice and basic...
on the demo i came across a notice error, mysql error
Code:
Notice: Undefined index: group in /var/opentracker.nu/demo/library/Acl.php on line 76 Notice: Query fel in /var/opentracker.nu/demo/library/DB.php on line 79 MYSQL_ERROR -
Database error: Invalid SQL: SELECT * FROM tracker_forum_categories WHERE category_group <= ORDER BY category_sort ASC
MYSQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY category_sort ASC' at line 4)
This page is unavailable at the moment. Please try again.
And sanitize user input for avatar url because i shouldnt be able to enter the logout url as the avatar pic, on a module like the forums if it shows users avatars then everyone could be logged out...
|
Aye like djhowarth says - You will never ever trust any user input on a site no matter if its users or staff, to do otherwise is suicide, you ensure all user supplied data is sanitized at $_POST or $_GET ect, you force numeric values to be numeric only, you also sanitize every single mysql query be it a SELECT or UPDATE or INSERT, follow those golden rules and you will have no problem, if you do not have such experience use a framework like suggested although i prefer to manually secure my work, that way i know whats coming in and what wont be.