volatileboy

I can't help you much with this but you need to be using preg_replace because if im not mistaken str_replace will only replace an exact string match

So as far as damage goes it is limited to a javascript insertion, cookie and session stealing, files cannot be modified, php code inserted or anything like that?

Hey people, I was going over an old script of mine the other day and I ran I web vulnerability scanner on it to see how secure it was and I got an XSS warning, now this puzzles me because I am not entirely sure how this affects the script and what can/can't be done, this script is old so I will paste the relevant bits in here, it was playing with the $page variable. What damage could you do and how would you remedy the problem? if(isset($_GET['page'])) { if($_GET['page'] > $numpages) { $page = 1; } else { $page = $_GET['page']; } } else { $page = 1; } echo ('<strong style="margin-top: 4px; margin-left: 3px;">Page ' . $page . ' of ' . $numpages . '</strong></p>'); By putting a non-number in there like hello.php?page=Hello, it simply output the word hello so I am not fully sure what the security implications are and how insecure it really is. Might sound like a dumb question but it's been nagging at me. Thanks for reading!

Well for starters your form tag need an action parameter, this is why the page is just reloading

'<a href="page.php">' . $row["lname"] . '</a>'; Is that what your asking about?

"UPDATE table_name SET column_name='$newValue' WHERE id='$id'";

Nevermind I solved it, I was using square brackets around the domains. The expression may not be sufficient still though, if anyone has any flaws to the above method that I should know about then please let me know. Thanks!

Hey peeps got a quick question, basically I am trying to strip the domain part from a url so the bit I am after would be "domain.com", I have wrote an expression to match it and it seems to work (havent thoroughly tested it). When I output the $matches variable when testing on "http://www.yahoo.com" it only outputs www.y which I cant understand, any help is appreciated. Here is the code I am using: $domains = 'com|net|org|me|co|info|mobi|tv|us|biz|cm|co.uk|cc|ca|eu|tel|nu|in|aaa.pro|aca.pro|acct.pro|asia|avocat.pro|bz|ws|ac|am|at|bar.pro|be|br.com|cn|cn.com|co.nz|com.cn|com.co|com.mx|com.tw|cpa.pro|de|de.com|eng.pro|eu.com|fm|gs|hu.com|idv.tw|it|jp|jur.pro|kids.us|la|law.pro|me.uk|med.pro|ms|name|net.cn|net.co|nl|no.com|nom.co|org.cn|org.nz|org.tw|org.uk|pro|qc.com|recht.pro|ru.com|sa.com|se.com|se.net|sh|tc|tm|tw|uk.com|uk.net|us.com|uy.com|vg|za.com'; $domains = str_replace(".", "\.", $domains); $pattern = '/[a-zA-Z0-9]{2,100}\.[' . $domains . ']/'; $test1 = "http://www.yahoo.com"; if(preg_match($pattern, $test1, $matches)) { echo 'Test 1 is okay<br />'; echo $matches[0] . '<br />' . $matches[1] . '<br />' . $matches[0][0] . '<br />' . $matches[0][1] . '<Br />' . $matches[1][0] . '<br />' . $matches[1][1] . '<br />' . $matches[2][0] . '<br />' . $matches[2][1] . '<br />' . $matches[2][2]; } This is my test code, it output the following: Test 1 is okay 1 www.y w w

I am not sure exactly what the problem is but I very much doubt that it is PHP related, I have experienced problems with the mail function in the past and it happened to be that the mail server was not reverse DNS configured so mail to external servers were never recieved.

I dont think asking people to read through all of your code to fix it is the right approach my friend!

If you know the incoming variable (box) why do you need to pass it to reuse it when you already know what it is

$pattern = '/[0-9]{1,3}\.[0-9]{6}/'; This pattern appears to work okay, glad to see I wasn't too far away!

Thanks for your help, ill get on it =)

That should work yes, its hard to say why its not working without more info on the problem but array($var, $var) is valid

Hey guys I am not very experienced with regular expressions, nor do I understand the syntax very well, I am trying to write a pattern to validate a longitude or latitude value, the valid formats would be: 123.123456 12.123456 1.123456 So basically a 1 or 3 digit number, followed by a period, followed by 6 numbers 0-9, the pattern I came up with is below but it does not seem to work propperly: $pattern = '/^[0-9]{3}\.[0-9]{1}/'; I hope someone can assist me, thanks for reading!

Hey guys I lack some knowledge in VB and I have noticed that searching on Yahoo with VB or Visual Basic in the search term really does nothing to help me, it's not like getting help with php. Anyway, I was wondering how to open a file on the internet? so for example if www.url.com/script.php outputted some text how could I connect to that page with VB and grab that page data? I hope someone can help, thanks!

Have a look at the PHP Rand function, this should help you out

Try replacing this: if($_GET['page']) { With something like this: if(isset($_GET['page'])) { $pstart = $_GET['page'] * $limit - $limit; } and also $pend should be $limit because you want to show 2 per page right?

Read up about Paypal IPN, this would be useful for what you require, there are also many pre-written classes that would help you.

Is there a reason why it might be placed in peoples junk mail folders? I mean is there ways around this? Most of my users do check their junk mail folders for the activation email but avoiding this would be preferable. I do get mails to my hosts main account prompting me when an activation email failed to send, if I post this here would it help? Thanks for your help!

Hey people, could anyone help me, I have had problems with the mail() function for years, the main problem is that it won't always send and be recieved by people, I know there are a million different methods to do this but I will show you basically what I am using, after many attempts it sends to a majority of people but I am still getting people complaining that they haven't recieved the activation email, anyway here is the code: $to = $email; $subject = 'Dark Eden Oblivion - Confirm Account'; $headers = 'From: noreply@darkedenoblivion.com' . '' . "\n"; $headers .= 'Reply-To: noreply@darkedenoblivion.com' . '' . "\n"; $headers .= 'MIME-Version: 1.0' . "\n"; $headers .= "Content-type: text/html; charset=UTF-8\r\n"; $headers .= "Content-Transfer-Encoding: 8bit\r\n"; $message = "Thanks for signing up to play Dark Eden Oblivion, we now need you to confirm this email address visiting the following link:\n\n <a href=\"http://www.darkedenoblivion.com/c.php?id=" . $act . "\">http://www.darkedenoblivion.com/c.php?id=" . $act . "</a>"; $subject = "Dark Eden Oblivion - Confirm Account"; mail($to, $subject, $message, $headers); I hope someone can help me out!

Hey people just a small amount of help, im not getting errors but im really stuck with something, MYSQL version is: MySQL client version: 5.0.51a Basically I have a column in my database called article_title, I have an SQL query (below) that searches for different types of match to the input string as you can see. The problem is that if I was to search for "ta" for example, then "stain" would be returned as a match before "tarzan". Here is the query: "SELECT * FROM info_articles WHERE article_title LIKE 'term' OR article_title LIKE '%term' OR article_title LIKE 'term%' OR article_title LIKE '%term%'" Is there any way of searching it so that the results would be organised in a better way? I have looked at various SQL websites for a way around it but I couldn't find anything. Any help is greatly appreciated!

have you tried using an absolute path to the file, ie: home/user/public_html/folder/etc/etc/file.exe

hmmm, why would people need to click back after sending a form anyway? its usually the case that if you click back after sending a form you will get the cannot be displayed page. I dont understand why people would need to click back on their browser after submitting a form? or is it incase they made errors and wish to go back?

is session_start() called in the scripts?