Henaro

Ah I see thanks a lot.

Are you using $_GET variables? Yeah. I'm wondering what the array thing is. Is it dangerous? If so how can I get rid of it?

How would I get rid of these? I have the function mysql_real_escape_string() on those variables. ??? And the Array thing just has me confused.

Thanks a lot guys keep'm coming. This is great.

Well that sucks. Anything else? EDIT:Also how exactly would you get the usernames and password for the db and admin panel? I was aware that you can upload some love that'll read the directories, but how exactly can they read and print out the password for the db and admin panel? EDIT:And other than the /public directory is there anything wrong with the bbs directory (/v8)? So far I'm only aware of one XSS exploit, but it only effects IE so I havn't bothered fixing it.

It's delicious and small, so be gentle . http://commabunny.org/v8

http://commabunny.org/ A few friends and I were thinking of new colors and came up with pink. How does it look?

Oh wow... this is embarrassing.

Hello everyone~ I seem to have stumbled onto a terrible error today! It reads "Unknown column 'rname' in 'field list'". I googled it and I found that I needed apostrophes on my statements. But that doesn't seem to be working. Here is my statement: UPDATE boards SET rname='$r' WHERE number='$number' And the table: CREATE TABLE `boards` ( `number` int(3) NOT NULL auto_increment, `name` text NOT NULL, `rnames` int(1) NOT NULL default '2', `Description` text NOT NULL, `open` int(11) NOT NULL default '1', PRIMARY KEY (`number`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; MYSQL version is 5. I'm trying to change rname to what the user inputs. Any suggestions?

Ah thanks!

$n = 2; if($n%2 == 0){ echo "even"; }else{ echo "odd"; }

Hello everyone~ I've been having trouble with this function for a bit: function get_ses($pass, $key) { //Take the first 16 chars of session md5 and validate if (substr(md5($key)), 0, 16)==substr($_SESSION['a_stuff'], 0, 16)){ //Go 16 characters into the session, and take 16 characters out if (substr(md5($pass))==substr($_SESSION['a_stuff'], 16, 16)){ $ses_vald = "true"; }else{ $ses_vald = "false"; } }else{ //If key isn't valid return false $ses_valid = "false"; } return $ses_vald; } I get an error that says: Parse error: syntax error, unexpected ',' in /home/x/x/x/x/x/x/stuff/funs/get_ses.php on line 4 The problem is, is that I'm unable to locate that unexpected ,. Also, is this a good way to encrypt a login? Like if someone logs in and their pass is encrypted plus a set key on the config file? I'd like some criticism on it... Thanks, Hen

It does now.

I completely forgot about the www. part. Thatks a lot it works now.

Hello again~ Sorry for resurrecting this posts, but I thought it would be better than creating a new one. I seem to have broken it. I moved the BBCode function onto a file called fun.php. Which is included correctly on the post_reply file. But now it seems like it broke the youtube tag (which was working fine with your help). All of the other BBcode works except for this. ??? Anyone know what might be wrong? '_' Thanks, Henaro EDIT: And here's the full code: <?php function BBCode ($str) { $simple_search = array( '/\[b\](.*?)\[\/b\]/is', '/\[i\](.*?)\[\/i\]/is', '/\[u\](.*?)\[\/u\]/is', '/\[url\=(.*?)\](.*?)\[\/url\]/is', '/\[url\](.*?)\[\/url\]/is', '/(>>)([0-9]+)/', '/\[img\](.*?)\[\/img\]/is', '/\[yt\]http:\/\/youtube.com\/watch\?v=(.*?)\[\/yt\]/', '/\[em\](.*?)\[\/em\]/is', '/\[txt\](.*?)\[\/txt\]/is' ); $simple_replace = array( '<strong>$1</strong>', '<em>$1</em>', '<u>$1</u>', '<a href="$1">$2</a>', '<a href="$1">[link]</a>', '<a href=\'index.php#$2\'>$1$2</a>', '<a href="$1"><img src="$1" boarder=0 /></a>', '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>', '<OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" WIDTH="550" HEIGHT="400" id="Embeded File"><PARAM NAME=quality VALUE=high><PARAM NAME=bgcolor VALUE=#FFFFFF><EMBED src="$1" quality=high bgcolor=#FFFFFF WIDTH="550" HEIGHT="400" NAME="Embeded File" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED></OBJECT>', '<div class="code">$1</div>' ); // Do simple BBCode's $str = preg_replace ($simple_search, $simple_replace, $str); return $str; } ?>