1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 7:07 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Error Message inside die()

         

brokaddr

5:47 am on Mar 27, 2011 (gmt 0)

10+ Year Member



How can I accomplish this with sanitized info?

So far, I have: 
 @$result = mysql_query($querit) or die('no access!';
$ipaddr = isset($_SERVER['REMOTE_ADDR']) ? preg_replace("/[^.:()a-zA-Z0-9\/]/", "", $_SERVER['REMOTE_ADDR']) : ''; 
mail('me@example.com','script.php attempt','access attempt by '.$ipaddr,'headers','parameters'));


No luck.

PS. This is not my method of sanitization for the query -- I am not checking for illegal characters. I am checking to see if someone is accessing the query script directly (it is outside of the processing directory for inclusion purposes) .. this particular query doesn't have a connection.. it's done in the backend.

Hence my interest in knowing if direct access is issued. Just in case. :)

rocknbil

4:39 pm on Mar 28, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I think your problem might be here:

@

suppresses any error output. I could be wrong, the or die should manage it, but seldom use that operator. Kinda hard to tell at a glance.

Try it like so.

$my_email='me@example.com';
$mail_from=$the_user_or_same_email;

$ipaddr = isset($_SERVER['REMOTE_ADDR']) ?
// a-z with the i modifier is case-insensitive
// \d is synonymous with 0-9
preg_replace("/[^.:()a-z\d\/]/i", "", $_SERVER['REMOTE_ADDR']) : '';
$result = mysql_query($querit) or my_exit($my_email,$mail_from,$querit,$ipaddr,mysql_error());

/// etc, then at the bottom of your script, it top if it executes inline . . . 


function my_exit($email,$from,$the_query,$the_ip,$sql_err) { 
 $subject = 'This is the subject, probably better passed as a parameter'; 
 $headers = "From: $from\r\n"; 
 $headers .= 'MIME-Version: 1.0' . "\r\n"; 
 $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; 
 $message = " 
 <p>Access attempt by $from IP address $the_ip</p> 
 <p></p>Query used: $the_query</p> 
 <p>mySQL error $sql_error</p> 
 "; 
 mail($email, $subject, $message, $headers); 
 echo "<p>An error has occurred, please contact us.</p>"; 
 exit; 
}
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 7:07 am Apr 28, 2026