errors in all but internet explorer

Report · Dec 23, 2011

Hello all,

I've been working on something, and I'm baffled as to why I'm getting an error for Firefox, Chrome, etc.; but am not getting any errors in Explorer. The error is the following:

Notice: Undefined index: start on line 47

The code for this is:

<!-- this is the initial setup for breaking the records into pages --!>

<?php

$page_name="index.php?content=all_movie_grid";

$start=$_GET['start']; // this is line 47

if(strlen($start) > 0 and !is_numeric($start)){

echo "Data Error";

exit;

}

$eu = ($start - 0);

$limit = $set_cols * 10; // No of records to be shown per page.

$this1 = $eu + $limit;

$back = $eu - $limit;

$next = $eu + $limit;

/////////////// WE have to find out the number of records in our table. We will use this to break the pages///////

$query2=" SELECT * FROM movies

INNER JOIN family_rating ON movies.movie_star_rating=family_rating.star_id

INNER JOIN alias ON movies.alias=alias.alias_id

INNER JOIN parent_alert ON movies.parent_alert=parent_alert.alert_id

INNER JOIN rating ON movies.movie_rating=rating.rating_id

ORDER BY movies.movie_name ASC";

$result2=mysql_query($query2);

echo mysql_error();

$nume=mysql_num_rows($result2);

/////// The variable nume above will store the total number of records in the table////

?>

And later down the page I have:

<div align="center" class="paging">
<?php 
// Let us display bottom links if sufficient records are there for paging
if($nume > $limit ){ 
/////////////// Start the bottom links with Prev and next link with page numbers /////////////////
echo "<table style=\"margin: 5px; padding: 5px\"><tr><td  align='left' style=\"width: 150px\">";
//// if our variable $back is equal to 0 or more then only we will display the link to move back ////////
if($back >=0) { 
print "<a href='$page_name&start=$back&series=$search'>Previous Page</a>"; 
} 
//////////////// Let us display the page links at  center. We will not display the current page as a link ///////////
echo "</td><td align=center>";
$i=0;
$l=1;
for($i=0;$i < $nume;$i=$i+$limit){
if($i <> $eu){
echo " <a href='$page_name&start=$i&series=$search'><font face='Verdana' size='2'>$l</font>|</a> ";
}
else { echo "<font face='Verdana' size='4' color=red>$l</font>|";}        /// Current page is not displayed as link and given font color red
$l=$l+1;
}
echo "</td><td  align='right' style=\"width: 150px\">";
///////////// If we are not in the last page then Next link will be displayed. Here we check that /////
if($this1 < $nume) { 
print "<a href='$page_name&start=$next&series=$search' width='140'>Next Page</a>";} 
echo "</td></tr></table>";
}
// end of if checking sufficient records are there to display bottom navigational link. 
?>
</div>

Any help as to why I get the error in all browsers but IE would be appreciated. Thank you.

Report · Dec 23, 2011

An undefined index is a warning. Before line 47 do you check to see if the $_GET variable "start" is defined? If you don't run an isset command before you get a variable you will get the warning of an undefined index. And you should only be getting it when the $_GET variable "start" is empty (contains no data) and thus is not defined. Also based on your script trying to get pages, the $_GET['start'] should always be defined even on the first page because you should really be verifying that the input is what you are expecting to prevent any sort of injection against your script.

Report · Dec 23, 2011

Thank you very much for your reply. I've tried defining "start" before line 47, but that seems to make everything not work because it's not redefining what "start" is. How do I define it on the first page so as to allow it to function like it does now?

also, why would the error not appear in IE but all the others?

Report · Dec 23, 2011

9thReg wrote:
Thank you very much for your reply. I've tried defining "start" before line 47, but that seems to make everything not work because it's not redefining what "start" is. How do I define it on the first page so as to allow it to function like it does now?
also, why would the error not appear in IE but all the others?

As to why IE, we've been asking that for years and no one knows the answer.

How are you defining start? It should just be something like:

if (isset($_GET['start'])) { $start = $_GET['start']; } else { $start = 0; }

Report · Dec 24, 2011

Thank you so much for your answer. That worked.

Just so I can learn, I was wondering how someone could do an injection with this script when there is no input that can define that variable (there is no form field box for them to enter anything into)? I've heard this before, and also purchased some books about security, but I just can't understand how someone can inject something when they have no way of inputting anything without hacking the hosts security (which they then could change anything they wanted - and by doing this can bypass any security you have on your page anyway). The books I have talk a lot about it (and give some examples on how to code to prevent), but never explain how and why behind it so I can spot potential security threats that are not covered in the books.

If this is to big a topic to cover here in this forum, can you recommend a book, or resource that explains this for someone who is trying to learn security for sites?

Again, I appreciate your help. Thank you very much.

Report · Dec 27, 2011

The injection is most prevelant in $_GET variables because the $_GET variable is taken from the address bar. If you don't filter what is in the address bar to look for something specific then the user could put anything they want including programming to properly end your PHP statement and then inject their own PHP code into your script unknowingly.

Here's a good thread with a lot of information about someone looking to sanitize information being inputted.

http://stackoverflow.com/questions/4388694/how-to-properly-handle-get-variables-in-php

errors in all but internet explorer

1 Correct answer