SQL Injection attack warning ---------------------------- subsitute <insert your drop table query here> with drop table info in the following URL and then click here: http://www.gndec.ac.in/alumni/view.php?page=10&sort=1%20limit%200;<insert your drop table query here>&search=yes
Please use escape user input, never trust the user will provide correct input ever, use addslashes and type cast to int where ever possible. XSS Vulnerability warning ------------------------- Click here to test: http://www.gndec.ac.in/alumni/view.php?page=%3Ca%20href=http://www.ajaypal.com%3EXSS%20Vulnerability%3C/a%3E And if the URL is truncated use this http://tinyurl.com/rt2vz Please make sure you turn off register_globals and auto globals in php.ini and escape all user input before pasing it to page. Regarding the performance of script it seems correct and seems to be dying only when it takes more than the max time as permitted in your php.ini. Maybe you can increase it or beter the script can be optimised. As per my first look on the script it seems if you use LIMIT with your queries when paginating the script will get executed much faster and require less memory inpalce of finding all records and displaying only those which need to be displsyed on that page. Maybe something like $sql = "select * from info order by fname LIMIT ".(int)$page.", ".(int)($page+10); and displaying these only. Hope it helps More later -- Sincerely Ajay Pal Singh Atwal Dept of CSE & IT BBSBEC, Fatehgarh Sahib Punjab, INDIA -------------------------------- http://www.bbsbec.ac.in http://www.ajaypal.com -------------------------------- ajaypal[at]bbsbec.org, ajaypal[at]acm.org ----- [EMAIL PROTECTED] wrote: > Today at 12:40pm +0530 [EMAIL PROTECTED] wrote: > > > > Script maybe dying out due to script timeout. There might be > other reason. > > > Can you post your code so that i can have a look at it? > > > > See it at: > > http://web/~hsrai/tmp/random/view.php > > Sorry, you won't be able to see source code from above link. > To view it click the link below: > > http://web/~hsrai/tmp/random/sourceCode/viewPHP.txt > > Bye, > > -- > H.S.Rai ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ linux-india-help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-india-help
