PHP/SQL bug?

guido88

Group:

I need to patch up a security leak (ie...bad code leak) with my database -- when one does a search on my database, you'll get a result in the URL bar like:

http://www.mysite.com/search_word.php?searchterm=english

The results come out fine. However, if I back space all the way to the .php -- for example:

http://www.mysite.com/search_word.php

It dumps the whole database into the results (because I'm guessing it's searching for " " and returning everything.

How do I rid myself of this mess?

Guido

nightowl

No bug at all. 🙂

Look at the way you have build your sql-code.

You might consider checking if searchterm exists and give an error otherwise?

if (!empty($searchterm))

if (isset($searchterm))