Nick Zukin wrote:
...
> line 79, if ($forum_admin == 1) {
> line 486, $uname = $cookie[1];
> line 216, $pwd = "$user[2]";
>
> Line 79 is not part of a function or class. It is the first reference to
> $forum_admin in the script. The other two are within functions and the
> first call within those functions. What's being assigned to both of them
> are either in the function call itself or globals.
>
> I do have globals turned on.you mean register_globals? Turn it off unless this breaks things in a major way... even then you should consider recoding if that's feasible. > > Should I worry about any of this? The pages seem to be working fine? Is > this going to slow things down? Should I just turn off the logging of such > errors, if I can? uninitialized variables + register_globals is usually a bad combination... especially when we're talking about a varaible like $forum_admin. http://XXXX.com/forums/post.php?forum_admin=1&user=whoever In a simple case the above can happen and someone gains admin rights... in worse cases you end up with SQL code dropping databases... > > Thanks for any help. My log files are in the gigabytes with 90% of that > over the last month. ignoring the E_NOTICE errors is a good idea on a production site anyway. That being said... I would try to fix the code so that the notice doesn't get produced in the first place. -- Teach a man to fish... NEW? | http://www.catb.org/~esr/faqs/smart-questions.html STFA | http://marc.theaimsgroup.com/?l=php-general&w=2 STFM | http://php.net/manual/en/index.php STFW | http://www.google.com/search?q=php LAZY | http://mycroft.mozdev.org/download.html?name=PHP&submitform=Find+search+plugins
signature.asc
Description: OpenPGP digital signature
