4 files changed, 262 insertions, 4 deletions
diff --git a/comic.php b/comic.php
index 352060b..1e94abc 100755
--- a/comic.php
+++ b/comic.php

@@ -8,7 +8,7 @@ if (!isset($_GET['id']))
        exit;
 }
-$getcomic = "SELECT * FROM comics WHERE filename = \"" . $_GET['id'] . ".png\"";
+$getcomic = "SELECT * FROM comics WHERE filename = \"" . mysqli_real_escape_string($mysql_conn, $_GET['id']) . ".png\"";
 $getcomic2 = mysql_query($getcomic);
 $getcomic3 = mysql_fetch_array($getcomic2);
diff --git a/includes/db.php b/includes/db.php
index a763283..6554b8a 100755
--- a/includes/db.php
+++ b/includes/db.php

@@ -1,8 +1,9 @@
 <?php
-include($_SERVER['DOCUMENT_ROOT'] . '/../security/pillowcase.php');
+include_once('fix_mysql.inc.php');
+include('/srv/www/security/pillowcase.php');
-mysql_connect($dbhost, $dbuser, $dbpasswd);
+$mysql_conn = mysql_connect($dbhost, $dbuser, $dbpasswd);
 mysql_select_db($dbname);
 ?>
diff --git a/includes/fix_mysql.inc.php b/includes/fix_mysql.inc.php
new file mode 100755
index 0000000..8ff45bf
--- /dev/null
+++ b/includes/fix_mysql.inc.php

@@ -0,0 +1,257 @@
+<?php
+/**
+* replacement for all mysql functions
+*
+* @version 3
+* @git https://github.com/rubo77/php-mysql-fix
+*
+* Be aware, that this is just a workaround to fix-up some old code and the resulting project
+* will be more vulnerable than if you use the recommended newer mysqli-functions instead.
+* So only If you are sure that this is not setting your server at risk, you can fix your old
+* code by adding this line at the beginning of your old code:
+<?php
+include_once('fix_mysql.inc.php');
+*
+* see: https://stackoverflow.com/a/37877644/1069083
+*/
+if (!function_exists("mysql_connect")){
+  /* warning: fatal error "cannot redeclare" if a function was disabled in php.ini with disable_functions:
+  disable_functions =mysql_connect,mysql_pconnect,mysql_select_db,mysql_ping,mysql_query,mysql_fetch_assoc,mysql_num_rows,mysql_fetch_array,mysql_error,mysql_insert_id,mysql_close,mysql_real_escape_string,mysql_data_seek,mysql_result
+  */
+  define("MYSQL_ASSOC", MYSQLI_ASSOC);
+  define("MYSQL_NUM", MYSQLI_NUM);
+  define("MYSQL_BOTH", MYSQLI_BOTH);
+  function mysql_fetch_array($result, $result_type = MYSQL_BOTH){
+    $row = mysqli_fetch_array($result, $result_type);
+    return is_null($row) ? false : $row;
+  }
+  function mysql_fetch_assoc($result){
+    $row = mysqli_fetch_assoc($result);
+    return is_null($row) ? false : $row;
+  }
+  function mysql_fetch_row($result) {
+    $row = mysqli_fetch_row($result);
+    return is_null($row) ? false : $row;
+  }
+  function mysql_fetch_object($result) {
+    $row = mysqli_fetch_object($result);
+    return is_null($row) ? false : $row;
+  }
+  function mysql_connect($host, $username, $password, $new_link = FALSE, $client_flags = 0){
+    global $global_link_identifier;
+    $global_link_identifier = mysqli_connect($host, $username, $password);
+    return $global_link_identifier;
+  }
+  function mysql_pconnect($host, $username, $password, $client_flags = 0){
+    global $global_link_identifier;
+    $global_link_identifier = mysqli_connect("p:".$host, $username, $password);
+    return $global_link_identifier;
+  }
+  function mysql_select_db($dbname, $link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_select_db($link_identifier, $dbname);
+  }
+  function mysql_ping($link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_ping($link_identifier);
+  }
+  function mysql_query($stmt, $link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_query($link_identifier, $stmt);
+  }
+  
+  function mysql_db_query ($database, $query, $link_identifier = NULL){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    mysqli_select_db($link_identifier, $database);
+    return mysqli_query($link_identifier, $query);
+  }
+  
+  function mysql_num_rows($result){
+    return mysqli_num_rows($result);
+  }
+  function mysql_affected_rows($link_identifier = NULL){
+    // TODO: check, if working when called without argument: mysql_affected_rows()
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_affected_rows($link_identifier);
+  }
+  function mysql_list_tables($dbname, $link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    $sql = "SHOW TABLES FROM $dbname";
+    $result = mysql_query($sql, $link_identifier);
+    return $result;
+  }
+  function mysql_error($link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_error($link_identifier);
+  }
+  function mysql_errno($link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_errno($link_identifier);
+  }
+  function mysql_insert_id($link_identifier = NULL){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_insert_id($link_identifier);
+  }
+  function mysql_close($link_identifier = NULL){
+    return true;
+  }
+  function mysql_real_escape_string($unescaped_string, $link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_real_escape_string($link_identifier, $unescaped_string);
+  }
+  function mysql_data_seek($result, $row_number){
+    return mysqli_data_seek($result, $row_number);
+  }
+  function mysql_result($result, $row=0, $col=0){
+    $numrows = mysqli_num_rows($result);
+    if($numrows && $row <= ($numrows-1) && $row >= 0){
+      mysqli_data_seek($result, $row);
+      $resultrow = (is_numeric($col)) ? mysqli_fetch_row($result) : mysqli_fetch_assoc($result);
+      if (isset($resultrow[$col])){
+        return $resultrow[$col];
+      }
+    }
+    return false;
+  }
+  function mysql_escape_string($s, $link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_real_escape_string($link_identifier, $s);
+  }
+  function mysql_fetch_field($result, $i = null) {
+    if ($i === null) {
+      return mysqli_fetch_field($result);
+    }
+    return mysqli_fetch_field_direct($result, $i);
+  }
+  function mysql_field_name($result, $i) {
+    return mysqli_fetch_field_direct($result, $i)->name;
+  }
+  function mysql_field_type($result, $i){
+    return mysqli_fetch_field_direct($result, $i)->type;
+  }
+  function mysql_field_len($result, $i){
+    return mysqli_fetch_field_direct($result, $i)->length;
+  }
+  
+  function mysql_num_fields($result){
+    return mysqli_num_fields($result);
+  }
+  function mysql_free_result($result) {
+    return mysqli_free_result($result);
+  }
+  function mysql_get_server_info($link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_get_server_info($link_identifier);
+  }
+  function mysql_set_charset($csname, $link_identifier = null){
+    global $global_link_identifier;
+    if($link_identifier == null) {
+      $link_identifier = $global_link_identifier;
+    }
+    return mysqli_set_charset($link_identifier, $csname);
+  }
+  
+  // aliases 
+  function mysql(...$args){ return mysql_db_query(...$args); }
+  function mysql_createdb(...$args){ return mysql_create_db(...$args); }
+  function mysql_db_name(...$args){ return mysql_result(...$args); }
+  function mysql_dbname(...$args){ return mysql_result(...$args); }
+  function mysql_dropdb(...$args){ return mysql_drop_db(...$args); }
+  function mysql_fieldflags(...$args){ return mysql_field_flags(...$args); }
+  function mysql_fieldlen(...$args){ return mysql_field_len(...$args); }
+  function mysql_fieldname(...$args){ return mysql_field_name(...$args); }
+  function mysql_fieldtable(...$args){ return mysql_field_table(...$args); }
+  function mysql_fieldtype(...$args){ return mysql_field_type(...$args); }
+  function mysql_freeresult(...$args){ return mysql_free_result(...$args); }
+  function mysql_listdbs(...$args){ return mysql_list_dbs(...$args); }
+  function mysql_listfields(...$args){ return mysql_list_fields(...$args); }
+  function mysql_listtables(...$args){ return mysql_list_tables(...$args); }
+  function mysql_numfields(...$args){ return mysql_num_fields(...$args); }
+  function mysql_numrows(...$args){ return mysql_num_rows(...$args); }
+  function mysql_selectdb(...$args){ return mysql_select_db(...$args); }
+  
+  // TODO: those functions are not defined yet:
+  function mysql_client_encoding(){ trigger_error("mysql_client_encoding is not defined yet", E_USER_ERROR); }
+  function mysql_create_db(){ trigger_error("mysql_create_db is not defined yet", E_USER_ERROR); }
+  function mysql_drop_db(){ trigger_error("mysql_drop_db is not defined yet", E_USER_ERROR); }
+  function mysql_fetch_lengths(){ trigger_error("mysql_fetch_lengths is not defined yet", E_USER_ERROR); }
+  function mysql_field_flags(){ trigger_error("mysql_field_flags is not defined yet", E_USER_ERROR); }
+  function mysql_field_seek(){ trigger_error("mysql_field_seek is not defined yet", E_USER_ERROR); }
+  function mysql_field_table(){ trigger_error("mysql_field_table is not defined yet", E_USER_ERROR); }
+  function mysql_get_client_info(){ trigger_error("mysql_get_client_info is not defined yet", E_USER_ERROR); }
+  function mysql_get_host_info(){ trigger_error("mysql_get_host_info is not defined yet", E_USER_ERROR); }
+  function mysql_get_proto_info(){ trigger_error("mysql_get_proto_info is not defined yet", E_USER_ERROR); }
+  function mysql_info(){ trigger_error("mysql_info is not defined yet", E_USER_ERROR); }
+  function mysql_list_dbs(){ trigger_error("mysql_list_dbs is not defined yet", E_USER_ERROR); }
+  function mysql_list_fields(){ trigger_error("mysql_list_fields is not defined yet", E_USER_ERROR); }
+  function mysql_list_processes(){ trigger_error("mysql_list_processes is not defined yet", E_USER_ERROR); }
+  function mysql_tablename(){ trigger_error("mysql_tablename is not defined yet", E_USER_ERROR); }
+  function mysql_stat(){ trigger_error("mysql_stat is not defined yet", E_USER_ERROR); }
+  function mysql_thread_id(){ trigger_error("mysql_thread_id is not defined yet", E_USER_ERROR); }
+  function mysql_unbuffered_query(){ trigger_error("mysql_unbuffered_query is not defined yet", E_USER_ERROR); }
+}
diff --git a/pages/comic.php b/pages/comic.php
index 28a420e..620a038 100755
--- a/pages/comic.php
+++ b/pages/comic.php

@@ -1,6 +1,6 @@
 <?php
-if (isset($_GET['id']))
+if (isset($_GET['id']) && is_numeric($_GET['id']))
 {
        $getcomic = "SELECT * FROM comics WHERE comic_id = " . $_GET['id'] . " AND status = \"publish\"";
 } else {

diff --git a/comic.php b/comic.php index 352060b..1e94abc 100755 --- a/comic.php +++ b/comic.php
@@ -8,7 +8,7 @@ if (!isset($_GET['id']))
8	exit;	8	exit;
9	}	9	}
10		10
11	$getcomic = "SELECT * FROM comics WHERE filename = \"" . $_GET['id'] . ".png\"";	11	$getcomic = "SELECT * FROM comics WHERE filename = \"" . mysqli_real_escape_string($mysql_conn, $_GET['id']) . ".png\"";
12	$getcomic2 = mysql_query($getcomic);	12	$getcomic2 = mysql_query($getcomic);
13	$getcomic3 = mysql_fetch_array($getcomic2);	13	$getcomic3 = mysql_fetch_array($getcomic2);
14		14


diff --git a/includes/db.php b/includes/db.php index a763283..6554b8a 100755 --- a/includes/db.php +++ b/includes/db.php
@@ -1,8 +1,9 @@
1	<?php	1	<?php
2		2
3	include($_SERVER['DOCUMENT_ROOT'] . '/../security/pillowcase.php');	3	include_once('fix_mysql.inc.php');
		4	include('/srv/www/security/pillowcase.php');
4		5
5	mysql_connect($dbhost, $dbuser, $dbpasswd);	6	$mysql_conn = mysql_connect($dbhost, $dbuser, $dbpasswd);
6	mysql_select_db($dbname);	7	mysql_select_db($dbname);
7		8
8	?>	9	?>


diff --git a/includes/fix_mysql.inc.php b/includes/fix_mysql.inc.php new file mode 100755 index 0000000..8ff45bf --- /dev/null +++ b/includes/fix_mysql.inc.php
@@ -0,0 +1,257 @@
		1	<?php
		2	/**
		3	* replacement for all mysql functions
		4	*
		5	* @version 3
		6	* @git https://github.com/rubo77/php-mysql-fix
		7	*
		8	* Be aware, that this is just a workaround to fix-up some old code and the resulting project
		9	* will be more vulnerable than if you use the recommended newer mysqli-functions instead.
		10	* So only If you are sure that this is not setting your server at risk, you can fix your old
		11	* code by adding this line at the beginning of your old code:
		12
		13	<?php
		14	include_once('fix_mysql.inc.php');
		15	*
		16	* see: https://stackoverflow.com/a/37877644/1069083
		17	*/
		18
		19	if (!function_exists("mysql_connect")){
		20	/* warning: fatal error "cannot redeclare" if a function was disabled in php.ini with disable_functions:
		21	disable_functions =mysql_connect,mysql_pconnect,mysql_select_db,mysql_ping,mysql_query,mysql_fetch_assoc,mysql_num_rows,mysql_fetch_array,mysql_error,mysql_insert_id,mysql_close,mysql_real_escape_string,mysql_data_seek,mysql_result
		22	*/
		23
		24	define("MYSQL_ASSOC", MYSQLI_ASSOC);
		25	define("MYSQL_NUM", MYSQLI_NUM);
		26	define("MYSQL_BOTH", MYSQLI_BOTH);
		27
		28	function mysql_fetch_array($result, $result_type = MYSQL_BOTH){
		29	$row = mysqli_fetch_array($result, $result_type);
		30	return is_null($row) ? false : $row;
		31	}
		32
		33	function mysql_fetch_assoc($result){
		34	$row = mysqli_fetch_assoc($result);
		35	return is_null($row) ? false : $row;
		36	}
		37
		38	function mysql_fetch_row($result) {
		39	$row = mysqli_fetch_row($result);
		40	return is_null($row) ? false : $row;
		41	}
		42
		43	function mysql_fetch_object($result) {
		44	$row = mysqli_fetch_object($result);
		45	return is_null($row) ? false : $row;
		46	}
		47
		48	function mysql_connect($host, $username, $password, $new_link = FALSE, $client_flags = 0){
		49	global $global_link_identifier;
		50	$global_link_identifier = mysqli_connect($host, $username, $password);
		51	return $global_link_identifier;
		52	}
		53
		54	function mysql_pconnect($host, $username, $password, $client_flags = 0){
		55	global $global_link_identifier;
		56	$global_link_identifier = mysqli_connect("p:".$host, $username, $password);
		57	return $global_link_identifier;
		58	}
		59
		60	function mysql_select_db($dbname, $link_identifier = null){
		61	global $global_link_identifier;
		62	if($link_identifier == null) {
		63	$link_identifier = $global_link_identifier;
		64	}
		65	return mysqli_select_db($link_identifier, $dbname);
		66	}
		67
		68	function mysql_ping($link_identifier = null){
		69	global $global_link_identifier;
		70	if($link_identifier == null) {
		71	$link_identifier = $global_link_identifier;
		72	}
		73	return mysqli_ping($link_identifier);
		74	}
		75
		76	function mysql_query($stmt, $link_identifier = null){
		77	global $global_link_identifier;
		78	if($link_identifier == null) {
		79	$link_identifier = $global_link_identifier;
		80	}
		81	return mysqli_query($link_identifier, $stmt);
		82	}
		83
		84	function mysql_db_query ($database, $query, $link_identifier = NULL){
		85	global $global_link_identifier;
		86	if($link_identifier == null) {
		87	$link_identifier = $global_link_identifier;
		88	}
		89	mysqli_select_db($link_identifier, $database);
		90	return mysqli_query($link_identifier, $query);
		91	}
		92
		93	function mysql_num_rows($result){
		94	return mysqli_num_rows($result);
		95	}
		96
		97	function mysql_affected_rows($link_identifier = NULL){
		98	// TODO: check, if working when called without argument: mysql_affected_rows()
		99	global $global_link_identifier;
		100	if($link_identifier == null) {
		101	$link_identifier = $global_link_identifier;
		102	}
		103	return mysqli_affected_rows($link_identifier);
		104	}
		105
		106	function mysql_list_tables($dbname, $link_identifier = null){
		107	global $global_link_identifier;
		108	if($link_identifier == null) {
		109	$link_identifier = $global_link_identifier;
		110	}
		111	$sql = "SHOW TABLES FROM $dbname";
		112	$result = mysql_query($sql, $link_identifier);
		113	return $result;
		114	}
		115
		116	function mysql_error($link_identifier = null){
		117	global $global_link_identifier;
		118	if($link_identifier == null) {
		119	$link_identifier = $global_link_identifier;
		120	}
		121	return mysqli_error($link_identifier);
		122	}
		123
		124	function mysql_errno($link_identifier = null){
		125	global $global_link_identifier;
		126	if($link_identifier == null) {
		127	$link_identifier = $global_link_identifier;
		128	}
		129	return mysqli_errno($link_identifier);
		130	}
		131
		132	function mysql_insert_id($link_identifier = NULL){
		133	global $global_link_identifier;
		134	if($link_identifier == null) {
		135	$link_identifier = $global_link_identifier;
		136	}
		137	return mysqli_insert_id($link_identifier);
		138	}
		139
		140	function mysql_close($link_identifier = NULL){
		141	return true;
		142	}
		143
		144	function mysql_real_escape_string($unescaped_string, $link_identifier = null){
		145	global $global_link_identifier;
		146	if($link_identifier == null) {
		147	$link_identifier = $global_link_identifier;
		148	}
		149	return mysqli_real_escape_string($link_identifier, $unescaped_string);
		150	}
		151
		152	function mysql_data_seek($result, $row_number){
		153	return mysqli_data_seek($result, $row_number);
		154	}
		155
		156	function mysql_result($result, $row=0, $col=0){
		157	$numrows = mysqli_num_rows($result);
		158	if($numrows && $row <= ($numrows-1) && $row >= 0){
		159	mysqli_data_seek($result, $row);
		160	$resultrow = (is_numeric($col)) ? mysqli_fetch_row($result) : mysqli_fetch_assoc($result);
		161	if (isset($resultrow[$col])){
		162	return $resultrow[$col];
		163	}
		164	}
		165	return false;
		166	}
		167
		168	function mysql_escape_string($s, $link_identifier = null){
		169	global $global_link_identifier;
		170	if($link_identifier == null) {
		171	$link_identifier = $global_link_identifier;
		172	}
		173	return mysqli_real_escape_string($link_identifier, $s);
		174	}
		175
		176	function mysql_fetch_field($result, $i = null) {
		177	if ($i === null) {
		178	return mysqli_fetch_field($result);
		179	}
		180	return mysqli_fetch_field_direct($result, $i);
		181	}
		182
		183	function mysql_field_name($result, $i) {
		184	return mysqli_fetch_field_direct($result, $i)->name;
		185	}
		186
		187	function mysql_field_type($result, $i){
		188	return mysqli_fetch_field_direct($result, $i)->type;
		189	}
		190
		191	function mysql_field_len($result, $i){
		192	return mysqli_fetch_field_direct($result, $i)->length;
		193	}
		194
		195	function mysql_num_fields($result){
		196	return mysqli_num_fields($result);
		197	}
		198
		199	function mysql_free_result($result) {
		200	return mysqli_free_result($result);
		201	}
		202
		203	function mysql_get_server_info($link_identifier = null){
		204	global $global_link_identifier;
		205	if($link_identifier == null) {
		206	$link_identifier = $global_link_identifier;
		207	}
		208	return mysqli_get_server_info($link_identifier);
		209	}
		210
		211	function mysql_set_charset($csname, $link_identifier = null){
		212	global $global_link_identifier;
		213	if($link_identifier == null) {
		214	$link_identifier = $global_link_identifier;
		215	}
		216	return mysqli_set_charset($link_identifier, $csname);
		217	}
		218
		219	// aliases
		220	function mysql(...$args){ return mysql_db_query(...$args); }
		221	function mysql_createdb(...$args){ return mysql_create_db(...$args); }
		222	function mysql_db_name(...$args){ return mysql_result(...$args); }
		223	function mysql_dbname(...$args){ return mysql_result(...$args); }
		224	function mysql_dropdb(...$args){ return mysql_drop_db(...$args); }
		225	function mysql_fieldflags(...$args){ return mysql_field_flags(...$args); }
		226	function mysql_fieldlen(...$args){ return mysql_field_len(...$args); }
		227	function mysql_fieldname(...$args){ return mysql_field_name(...$args); }
		228	function mysql_fieldtable(...$args){ return mysql_field_table(...$args); }
		229	function mysql_fieldtype(...$args){ return mysql_field_type(...$args); }
		230	function mysql_freeresult(...$args){ return mysql_free_result(...$args); }
		231	function mysql_listdbs(...$args){ return mysql_list_dbs(...$args); }
		232	function mysql_listfields(...$args){ return mysql_list_fields(...$args); }
		233	function mysql_listtables(...$args){ return mysql_list_tables(...$args); }
		234	function mysql_numfields(...$args){ return mysql_num_fields(...$args); }
		235	function mysql_numrows(...$args){ return mysql_num_rows(...$args); }
		236	function mysql_selectdb(...$args){ return mysql_select_db(...$args); }
		237
		238	// TODO: those functions are not defined yet:
		239	function mysql_client_encoding(){ trigger_error("mysql_client_encoding is not defined yet", E_USER_ERROR); }
		240	function mysql_create_db(){ trigger_error("mysql_create_db is not defined yet", E_USER_ERROR); }
		241	function mysql_drop_db(){ trigger_error("mysql_drop_db is not defined yet", E_USER_ERROR); }
		242	function mysql_fetch_lengths(){ trigger_error("mysql_fetch_lengths is not defined yet", E_USER_ERROR); }
		243	function mysql_field_flags(){ trigger_error("mysql_field_flags is not defined yet", E_USER_ERROR); }
		244	function mysql_field_seek(){ trigger_error("mysql_field_seek is not defined yet", E_USER_ERROR); }
		245	function mysql_field_table(){ trigger_error("mysql_field_table is not defined yet", E_USER_ERROR); }
		246	function mysql_get_client_info(){ trigger_error("mysql_get_client_info is not defined yet", E_USER_ERROR); }
		247	function mysql_get_host_info(){ trigger_error("mysql_get_host_info is not defined yet", E_USER_ERROR); }
		248	function mysql_get_proto_info(){ trigger_error("mysql_get_proto_info is not defined yet", E_USER_ERROR); }
		249	function mysql_info(){ trigger_error("mysql_info is not defined yet", E_USER_ERROR); }
		250	function mysql_list_dbs(){ trigger_error("mysql_list_dbs is not defined yet", E_USER_ERROR); }
		251	function mysql_list_fields(){ trigger_error("mysql_list_fields is not defined yet", E_USER_ERROR); }
		252	function mysql_list_processes(){ trigger_error("mysql_list_processes is not defined yet", E_USER_ERROR); }
		253	function mysql_tablename(){ trigger_error("mysql_tablename is not defined yet", E_USER_ERROR); }
		254	function mysql_stat(){ trigger_error("mysql_stat is not defined yet", E_USER_ERROR); }
		255	function mysql_thread_id(){ trigger_error("mysql_thread_id is not defined yet", E_USER_ERROR); }
		256	function mysql_unbuffered_query(){ trigger_error("mysql_unbuffered_query is not defined yet", E_USER_ERROR); }
		257	}


diff --git a/pages/comic.php b/pages/comic.php index 28a420e..620a038 100755 --- a/pages/comic.php +++ b/pages/comic.php
@@ -1,6 +1,6 @@
1	<?php	1	<?php
2		2
3	if (isset($_GET['id']))	3	if (isset($_GET['id']) && is_numeric($_GET['id']))
4	{	4	{
5	$getcomic = "SELECT * FROM comics WHERE comic_id = " . $_GET['id'] . " AND status = \"publish\"";	5	$getcomic = "SELECT * FROM comics WHERE comic_id = " . $_GET['id'] . " AND status = \"publish\"";
6	} else {	6	} else {