定义了未定义的变量,SQL错误

时间:2014-11-07 19:48:38

标签: php mysql

我正在建立一个商店,可以即时访问购买的产品,我得到这个错误,揭示了完整路径,这在技术上是一个漏洞。我找不到问题。每当我执行page = item& id [] = 1或page = item& id = 1'时,我会得到完整的路径。具体错误是通知:未定义的变量:第2行的/home/user/public_html/inc/pages/item.inc.php中的文件
但我确实在另一个扩展的文件中定义了变量这一个。它工作得很好。也许我可以以某种方式隐藏错误? 

    <?php
$related_items = similar_files(safe_sql_str($file['FileName']), $file['FileID'], $file['FileCat'], $file['FilePrice']);
$item_id = (int) safe_sql_str($_GET['id']);

if (!empty($_GET['vote']) && is_numeric($_GET['vote']) && ($_GET['vote'] <= 5) and ($_GET['vote'] >= 1)) {
  if (!isset($_SESSION['voted'][$item_id])) {
    if (apply_vote($item_id, safe_sql_str($_GET['vote']))) {
      $_SESSION['voted'][$item_id] = true;
      $file['FileVotes'] .= ','.$_GET['vote'];
      $vote_str = "<p class='happy_txt'>".LANG('VOTE_SUCCESSFUL')."</p>"; 
    } else {
      $vote_str = "<p class='error_txt'>".LANG('VOTE_DB_ERROR')."</p>"; 
    }
  } else {
    $vote_str = "<p class='error_txt'>".LANG('ALREADY_VOTED')."</p>";
  }
} else {
  $vote_str = '';
}

if(isset($_POST['review'])) {
  $errors['review'] = '';

  if(!is_numeric($_POST['rating']) || ($_POST['rating'] > 5) || ($_POST['rating'] < 1)){
    $errors['review'] .= "<p class='error_txt'>".LANG('INVALID_RATING')."</p>";
  }
  if(strlen($_POST['review']) > 1000){
    $errors['review'] .= "<p class='error_txt'>".LANG('REVIEW_TOO_LONG')."</p>";
  }
  if(strlen($_POST['author']) > 50){
    $errors['review'] .= "<p class='error_txt'>".LANG('NAME_TOO_LONG')."</p>";
  }
  if(empty($_SESSION['6_letters_code'] ) || strcasecmp($_SESSION['6_letters_code'], $_POST['6_letters_code']) != 0) {
    $errors['review'] .= "<p class='error_txt'>".LANG('BAD_SEC_CODE')."</p>";
  }

  if(empty($errors['review'])) {
    $author = safe_sql_str($_POST['author']);
    $rating = safe_sql_str($_POST['rating']);
    $review = safe_sql_str($_POST['review']);
    if (empty($_SESSION['review'][$item_id])) {
      if (submit_review($item_id, $rating, $author, $review)) {
        $_SESSION['review'][$item_id] = 1;
        $revpage = true;
      }
    } else {
      $errors['review'] .= "<p class='error_txt'>".LANG('ALREADY_REVIEWED')."</p>";
    }
  }
}

if (empty($revpage)) {
  if (!empty($item_id) & is_numeric($item_id)) {
    if (!empty($file) && ($file != 'N/A')) {    
      if ($file['FileActive']) {

        $_SESSION['item_name'][$item_id] = $file['FileName'];
        $_SESSION['item_meth'][$item_id] = $file['FileMethod'];

        if ($file['FileMethod'] === 'download') {
          $_SESSION['item_stock'][$item_id] = 1;
        } elseif ($file['FileMethod'] === 'keys') {
          $_SESSION['item_stock'][$item_id] = 9999;
        } else {
          $_SESSION['item_stock'][$item_id] = $file['FileStock'];
        }

        echo $breadcrumb;
        echo "<h1>".safe_str($file['FileName'])."</h1>\n";
?>

0 个答案:

没有答案
相关问题
最新问题