Originally Posted by yasminerr
please let me know if you have any advice?
Yes: Get an actual
developer from an actual
company that specializes in web development and has done actual
projects. If you're not sure about their credibility, have their work checked by people who know this stuff (a friend, a forum, whatever).
The world of web development is crammed with incompetent buffoons who can barely write their name and still run around playing freelancer and selling garbage for cheap money. Don't fall for them.
In the year 2013, there's no excuse for being greeted with error messages like this:
Query returned zero rows.
Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in [...]
Whoever wrote this code has no clue about web development, was too lazy to ever learn it and obviously didn't care about what happens with the website.
So now you're left with a bunch of security holes. I fear the code itself isn't any better, which means fixing it won't be cheap. However, having some script kiddie capture your Vista server won't be cheap either, I guess.
As an "emergency measure", you should at least have the input parameters (property ID etc.) escaped.