xiao

My WAMP installation doesn't seem to have the following functions installed: http://php.net/filter While php.net states that they're included in the default module. How do I get them in my installation?

And maybe remove the last comma in $query="INSERT INTO reservations (package_id,user_id,ccnum,exp_date,avs,total,num_people,) (the one after num_people)

I didn't really get that last part So catch 'catches' errors the server sends? Would I have to make a custom message for every possible error? or..?

Hi, I've used the Acunetix scanner to check for vulnerabilities, and it outputs that my $_SERVER['PHP_SELF'] isn't validated. I tried to filter it for special characters, but doesn't PHP_SELf always use special characters? (:,/,.) How do I filter it? Thank you.

I asked the same question earlier This was a good response I got: http://www.phpfreaks.com/forums/index.php/topic,171976.msg762032.html#msg762032

ok, thanks

I have a logs.txt file. How do I make sure only a logged in user (on my website) can access it?

Is there a class someone coded that if good for filtering XSS? Or does anyone have a tutorial on makign a class like that? I've searched on google, but all articles about XSS only seem to say "you have to replace following characters: ...", but they never say how. I'm a rookie

ok, already thought so. Another small question. In one of the links posted above, it states that I should always use error_reporting(E_ALL); I assume that while developping. Would it help if I disable error reporting when running my site online (if that's possible), or report as few errors as possible?

I'm not a PHP-guru, but can someone maybe explain how that are security leaks? I thought <br> was just old HTML and <br/> was XHTML

Can you maybe give me some links to articles about secure PHP coding? Since in the Beta section, everyone posts vulnerability leaks, but I don't know which are the basic protections and most vulnerable spots etc. Thanks

I'm pretty sure that's not my problem

Hi, I just started learning PHP a couple of days ago and right now I'm writing a script to insert tutorials into a database. Everything works fine, except that when someone visits "insert.php" it enters empty fields into the database, while it shouldn't enter anything. And when someone refreshes the page after submitting, the data will be entered again. My HTML form looks like this: [code]<html> <body> <form action="insert.php" method="post"> Title: <input type="text" name="title"><br> Description: <input type="text" name="description"><br> Image: <input type="text" name="image"><br> URL: <input type="text" name="url"><br> <input type="Submit"> </form> </body> </html>[/code] and insert.php looks like this: [code]<html> <head> <title>Data inserted</title> </head> <body> <?php $username="uname"; $password="pword"; $database="tutorials"; $title=$_POST['title']; $description=$_POST['description']; $image=$_POST['image']; $url=$_POST['url']; } mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query="INSERT INTO tutorials VALUES('','$title','$description','$image','$url')"; mysql_query($query); mysql_close(); echo "data succesfully inserted into database"; ?> <br> <br> <a href="insert.html">Enter another tutorial?</a> </body> </html>[/code] I figured out that I will probably have to use an IF statement and I got this: [code]if ( $title == "" ) { echo "<meta http-equiv='refresh' content='0; url=error.php'>"; }[/code] But that would only cover the empty ones... :p Some help please?