Search id must be an integer - What 'am I Missing? HELP!

[Scotty13]

I’m a newbie… Here’s my php script: search_rules.php(Line 33 - marked below)<?php*/function inc_exc_str($is_included){return $is_included ? l10n('included') : l10n('excluded');}// +-----------------------------------------------------------------------+// | initialization |// +-----------------------------------------------------------------------+define('PHPWG_ROOT_PATH','./');include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );check_status(ACCESS_FREE);include_once( PHPWG_ROOT_PATH.'include/functions_search.inc.php' );$page['body_id'] = 'thePopuphelpPage';$title = l10n('Piwigo Help');$page['page_banner'] = '';$page['meta_robots']=array('noindex'=>1, 'nofollow'=>1);include(PHPWG_ROOT_PATH.'include/page_header.php');$template->set_filenames(array('search_rules' => 'search_rules.tpl'));// +-----------------------------------------------------------------------+// | Textual rules creation |// +-----------------------------------------------------------------------+// Rules are stored in database, serialized in an array. This array must be// transformed into a list of textual rules. Line 33: $search = get_search_array($_GET['search_id']); if (isset($search['q'])){$template->append('search_words', $search['q']);}else{$template->assign(array('INTRODUCTION'=> 'OR' == $search['mode']? l10n('At least one listed rule must be satisfied.'): l10n('Each listed rule must be satisfied.'),));}if (isset($search['fields']['allwords'])){$template->append( 'search_words',sprintf(l10n('searched words : %s'),join(', ', $search['fields']['allwords']['words'])));}if (isset($search['fields']['tags'])){$template->assign('SEARCH_TAGS_MODE', $search['fields']['tags']['mode']); $query = 'SELECT nameFROM '.TAGS_TABLE.'WHERE id IN ('.implode(',', $search['fields']['tags']['words']).');';$template->assign('search_tags',array_from_query($query, 'name'));}if (isset($search['fields']['author'])){$template->append('search_words',sprintf(l10n('author(s) : %s'),join(', ', $search['fields']['author']['words'])));}if (isset($search['fields']['cat'])){if ($search['fields']['cat']['sub_inc']){// searching all the categories id of sub-categories$cat_ids = get_subcat_ids($search['fields']['cat']['words']);}else{$cat_ids = $search['fields']['cat']['words'];}$query = 'SELECT id, uppercats, global_rankFROM '.CATEGORIES_TABLE.'WHERE id IN ('.implode(',', $cat_ids).');';$result = pwg_query($query);$categories = array();if (!empty($result)){while ($row = pwg_db_fetch_assoc($result)){array_push($categories, $row);}}usort($categories, 'global_rank_compare');foreach ($categories as $category){$template->append('search_categories',get_cat_display_name_cache($category['uppercats'],null, // no url on category namesfalse // no blank replacement));}}foreach (array('date_available', 'date_creation') as $datefield){if ('date_available' == $datefield){$lang_items = array('date' => l10n('posted on %s'),'period' => l10n('posted between %s (%s) and %s (%s)'),'after' => l10n('posted after %s (%s)'),'before' => l10n('posted before %s (%s)'),);}elseif ('date_creation' == $datefield){$lang_items = array('date' => l10n('created on %s'),'period' => l10n('created between %s (%s) and %s (%s)'),'after' => l10n('created after %s (%s)'),'before' => l10n('created before %s (%s)'),);}$keys = array('date' => $datefield,'after' => $datefield.'-after','before' => $datefield.'-before',);if (isset($search['fields'][ $keys['date'] ])){$template->assign(strtoupper($datefield),sprintf($lang_items['date'],format_date($search['fields'][ $keys['date'] ])));}elseif (isset($search['fields'][ $keys['before'] ])and isset($search['fields'][ $keys['after'] ])){$template->assign(strtoupper($datefield),sprintf($lang_items['period'],format_date($search['fields'][ $keys['after'] ]['date']),inc_exc_str($search['fields'][ $keys['after'] ]['inc']),format_date($search['fields'][ $keys['before'] ]['date']),inc_exc_str($search['fields'][ $keys['before'] ]['inc'])));}elseif (isset($search['fields'][ $keys['before'] ])){$template->assign(strtoupper($datefield),sprintf($lang_items['before'],format_date($search['fields'][ $keys['before'] ]['date']),inc_exc_str($search['fields'][ $keys['before'] ]['inc'])));}elseif (isset($search['fields'][ $keys['after'] ])){$template->assign(strtoupper($datefield),sprintf($lang_items['after'],format_date($search['fields'][ $keys['after'] ]['date']),inc_exc_str($search['fields'][ $keys['after'] ]['inc'])));}}// +-----------------------------------------------------------------------+// | html code display |// +-----------------------------------------------------------------------+$template->pparse('search_rules');include(PHPWG_ROOT_PATH.'include/page_tail.php');?>Thanks in advance,Scotty13　

[Ingolme]

It might be testing for the data type and the data type of elements in the $_GET array are strings. Cast it to an integer like this: intval($_GET['search_id'])

[Scotty13]

You’re a Godsend. Thank you! My headache is gone now! Do you mind helping with one more thing? I have one more page that’s giving me trouble… action.php Error: HTTP 400 Bad Request / webpage cannot be found (highlighted in red) <?phpdefine('PHPWG_ROOT_PATH','./');include_once(PHPWG_ROOT_PATH.'include/common.inc.php');// Check Access and exit when user status is not okcheck_status(ACCESS_GUEST);function guess_mime_type($ext){switch ( strtolower($ext) ){case "jpe": case "jpeg":case "jpg": $ctype="image/jpeg"; break;case "png": $ctype="image/png"; break;case "gif": $ctype="image/gif"; break;case "tiff":case "tif": $ctype="image/tiff"; break;case "txt": $ctype="text/plain"; break;case "html":case "htm": $ctype="text/html"; break;case "xml": $ctype="text/xml"; break;case "pdf": $ctype="application/pdf"; break;case "zip": $ctype="application/zip"; break;case "ogg": $ctype="application/ogg"; break;default: $ctype="application/octet-stream";}return $ctype;}function do_error( $code, $str ){set_status_header( $code );echo $str ;exit();}　if (!isset($_GET['id'])or !is_numeric($_GET['id'])or !isset($_GET['part'])or !in_array($_GET['part'], array('t','e','i','h') ) ){do_error(400, 'Invalid request - id/part');}$query = 'SELECT * FROM '. IMAGES_TABLE.'WHERE id='.$_GET['id'].';';$result = pwg_query($query);$element_info = pwg_db_fetch_assoc($result);if ( empty($element_info) ){do_error(404, 'Requested id not found');}// $filter['visible_categories'] and $filter['visible_images']// are not used because it's not necessary (filter <> restriction)$query='SELECT idFROM '.CATEGORIES_TABLE.'INNER JOIN '.IMAGE_CATEGORY_TABLE.' ON category_id = idWHERE image_id = '.$_GET['id'].''.get_sql_condition_FandF(array('forbidden_categories' => 'category_id','forbidden_images' => 'image_id',),' AND').'LIMIT 1;';if ( pwg_db_num_rows(pwg_query($query))<1 ){do_error(401, 'Access denied');}include_once(PHPWG_ROOT_PATH.'include/functions_picture.inc.php');$file='';switch ($_GET['part']){case 't':$file = get_thumbnail_path($element_info);break;case 'e':$file = get_element_path($element_info);break;case 'i':$file = get_image_path($element_info);break;case 'h':if ( $user['enabled_high']!='true' ){do_error(401, 'Access denied h');}$file = get_high_path($element_info);break;}if ( empty($file) ){do_error(404, 'Requested file not found');}if ($_GET['part'] == 'h') {pwg_log($_GET['id'], 'high');}else if ($_GET['part'] == 'e'){pwg_log($_GET['id'], 'other');}$http_headers = array();$ctype = null;if (!url_is_remote($file)){if ( !@is_readable($file) ){do_error(404, "Requested file not found - $file");}$http_headers[] = 'Content-Length: '.@filesize($file);if ( function_exists('mime_content_type') ){$ctype = mime_content_type($file);}$gmt_mtime = gmdate('D, d M Y H:i:s', filemtime($file)).' GMT';$http_headers[] = 'Last-Modified: '.$gmt_mtime;// following lines would indicate how the client should handle the cache/* $max_age=300;$http_headers[] = 'Expires: '.gmdate('D, d M Y H:i:s', time()+$max_age).' GMT';// HTTP/1.1 only$http_headers[] = 'Cache-Control: private, must-revalidate, max-age='.$max_age;*/if ( isset( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ){set_status_header(304);foreach ($http_headers as $header){header( $header );}exit();}}if (!isset($ctype)){ // give it a guess$ctype = guess_mime_type( get_extension($file) );}$http_headers[] = 'Content-Type: '.$ctype;if (!isset($_GET['view'])){$http_headers[] = 'Content-Disposition: attachment; filename="'.$element_info['file'].'";';$http_headers[] = 'Content-Transfer-Encoding: binary';}else{$http_headers[] = 'Content-Disposition: inline; filename="'.basename($file).'";';}foreach ($http_headers as $header){header( $header );}// Looking at the safe_mode configuration for execution timeif (ini_get('safe_mode') == 0){@set_time_limit(0);}@readfile($file);?>

[Scotty13]

Oh NO! I just notice on my page located on the top / center of my browser page. It says... home/******/public_html/root/******/search_rules.php on line 60Line 60:Line 61: $search = intval($_GET['search_id']);

[justsomeguy]

This code:

if (!isset($_GET['id'])or !is_numeric($_GET['id'])or !isset($_GET['part'])or !in_array($_GET['part'], array('t','e','i','h') ) ){  do_error(400, 'Invalid request - id/part');}

sends that error if any one of those 4 conditions is true. So it will show the error if the URL does not contain an "id" value, or if the ID is not numeric, or if the URL does not contain a "part" value, or if the part is not one of the 4 letters listed.