razta

Thanks for the info! I think I may have figured it out! EDIT--- For some reason I cannot edit the original post to markt the topic as 'SOLVED'. My conclusion was to use the following: if (($uploaded_type == "image/pjpeg") && ($uploaded_size < 100000))

if ($pass === $check) Maybe that will work?

I posted about something similar on my blog, you may be able to use the method I talk about if I understand what your trying to do correctly. http://www.ethicalhack3r.co.uk/2009/03/15/using-a-web-bug-for-information-gathering/

Hello, Im looking to secure the following code: if (isset($_POST['Upload'])) { $target_path = "uploads/"; $target_path = $target_path . basename( $_FILES['uploaded']['name']); if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_path)) { echo '<pre>Your image was not uploaded.</pre>'; } else { echo 'Image succesfully uploaded!'; } This is for an opensource project called 'Damn Vulnerable Web App'. In dvwa there will be three tiers of security, the code above is low security, I need medium security and high security of the same code above. Ive searched and found some things however been unable to get them to work. Any help much apretiated. http://sourceforge.net/projects/dvwa

Thanks again!

Got it! :-\ SELECT * FROM `users` WHERE user = 'admin'; Thanks Maq

Hello, For some reason I cannot get MySQL to SELECT text... This works: SELECT * FROM `users` WHERE `user` = 1337 This doesnt: SELECT * FROM `users` WHERE `user` = admin The error I get when executing the second command is: #1054 - Unknown column 'admin' in 'where clause' However admin is there just like 1337 is. The column user is set to varchar(15). Any ideas?

The above worked a treat! Thank you so much!

Can Magic Quotes be turned off from within my PHP file? I am on shared hosting and can not edit the php.ini file. Thanks again!

As above, How is SQL injection possible with magic quotes on? Thanks in advance. http://us3.php.net/manual/en/security.magicquotes.why.php

I now get this error: Parse error: syntax error, unexpected '{' in /home/user/SQL.php on line 106 Thanks for your help, believe it or not ive been working on this and other code for days.

Thanks for the reply! I tried your code and I get no errors however the data is not insterted into the database. The HTML and PHP are on the same page SQL.php.

Hello, Im wanting to creat a HTML form that has a button "creat table" once this button has been pressed it executes the MySQL query. Ive been trying for days and my skills in PHP+MySQL are minimal. Hopefully some one can take a look at my code and point out some thing blatently obvious. Here's the HTML: <form action="SQL.php" method="post"> <input type="button" value="Create table" name="create_db"><br> </form> Here's the PHP minus the database connect stuff... <?php // Create table users $_POST[create_db]=$create; $create="CREATE TABLE users (user_id int(6),first_name varchar(15),last_name varchar(15),PRIMARY KEY (user_id),UNIQUE id (user_id),KEY id_2 (user_id))"; // Insert some data into users $insert = "INSERT INTO users VALUES ('1','John','Smith');INSERT INTO users VALUES ('2','Gordon','Brown');INSERT INTO users VALUES ('3','Hack','Me');INSERT INTO users VALUES ('4','Pablo','Picasso')"; $total=$create.$insert; mysql_query($total); mysql_close(); ?> Thanks in advance!

Theres a tutorial on this in the tutorial section. It's done by using sessions.

$result = mysql_query ($sql); echo $result; That should work.

Amended the code as you suggested and no errors came up. Ive also changed the code a little and still no joy. <?php ini_set("display_errors", 1); error_reporting(E_ALL); if(empty($user) || empty($title) || empty($desc)) { echo '<div align="center"><h2><font color="red">ERROR! Fill in all fields! Use back button.</font></h2></div>'; } if(empty($embedcode)) { echo '<div align="center"><h2><font color="red">ERROR! Please give an embed code. Use back button.</font></h2></div>'; } else { $user = Trim(stripslashes($user)); $title = Trim(stripslashes($title)); $desc = Trim(stripslashes($desc)); $embedcode = Trim(stripslashes($embedcode)); $message = " echo 'date('l, F j, Y, g:i a')' \n Title: $user ($title)\n Description: $desc \n Embed code: $embedcode \n Additional Info : IP = $ip \n Browser Info: $httpagent \n Referral : $httpref \n "; $from = "From: $user\r\n"; $subject = $desc; mail("[email protected]", $subject, $message, $from); } ?> Thanks again, Raz

Hello, Ive modified my mail script and its decided not to work. The php page goes to the else statement as if it has sent but no email recived. Any suggestions? <?php if(empty($user) || empty($title) || empty($desc) || empty($embedcode)) { echo '<div align="center"><h2><font color="red">ERROR! Fill in all fields! Use back button.</font></h2></div>'; exit; } else { $user = Trim(stripslashes($user)); $title = Trim(stripslashes($title)); $desc = Trim(stripslashes($desc)); $embedcode = Trim(stripslashes($embedcode)); $message = " echo 'date('l, F j, Y, g:i a')' \n Title: $user ($title)\n Description: $desc \n Embed code: $embedcode \n Additional Info : IP = $ip \n Browser Info: $httpagent \n Referral : $httpref \n "; $from = "From: $user\r\n"; $subject = $desc; mail("[email protected]", $subject, $message, $from); } ?> Thanks in advance. Raz

Thank you genericnumber1. This was the kind of answer I was looking for.

Just got a freindly PM from a member, thought id share with everyone. My answers to this PM: a) Im not asking any one to code the php script for me, if I wanted some one to do it for me I would have posted in the freelancing catagory. b) I signd up to the forum for the sole intention of learning and asking for some advice on a script that I wanted to programe. I am a begginer at PHP, I have a book called PHP and MYSQL by Larry Ullman that im half way through. I have been running my profitable .co.uk website now for over a year now and have implemented some simple PHP code but nothing too complex. I wanst asking any one to tell me the entire code for what I intended to do I just wanted some advice from advanced forum users on the best way to go about completing the task at hand. I hope that not all of the forum users here are as harsh as this guy "Warptweet". If my post was too vaig I apologise, and next time will try to explain my self more indepth. Thank you, Ryan EDIT-- Your first post was near enough exacly the same as mine!! http://www.phpfreaks.com/forums/index.php/topic,118928.msg486422.html#msg486422

Hello, Im fairly new to PHP and programing in general. I want to start my first proper script and chuck myself in the deepend and hopefully come out the other end with some thing to show for. Heres what I want to do: I want a php page where my users can enter a title, description and a youtube embed code, the script then adds the post variables to another page which will be used to display the information provided and the youtube video, I also want the pages to be indexd so that they are easyly searchable, also a small admin area to delete the broken youtube links. Any one have any suggestions, advice? Thanks in advance, Ryan