darkfreaks

mysql_real_escape_string has been deprecated as of php 5.5.0. you should be using PDO extension. this will take care of your SQL injection. http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/ my guess is yes md5 can't cause SQL injection but you probably are not escaping the password variable correctly. you would be better of using PDO. also the password md5() algorithym is vunerable to exploitation as well as sha1(). i would recommend using the Blowfish Algorithm. http://www.techrepublic.com/blog/australian-technology/securing-passwords-with-blowfish/

you could you would better have to know PHP though if you would like me to help please inbox me.

they coded there own pagination instead of using the custom WP one looks like.

http://wordpress.org/support/topic/how-to-move-comment-link-to-bottom-of-post

http://wordpress.org/support/topic/how-do-i-add-older-posts-and-newer-posts-links-to-my-blog BAZINGA!

do you mean something like this??? http://wordpress.org/support/topic/add-comments-box-above-comments

http://design.sparklette.net/teaches/how-to-add-wordpress-pagination-without-a-plugin/ will something like this work for you

avoiding junk filters all depends on what is in the header. $headers = 'From: YourLogoName [email protected]' . "\r\n" ; $headers .='Reply-To: '. $to . "\r\n" ; $headers .='X-Mailer: PHP/' . phpversion(); $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; if(mail($to,$subject,$body,$headers)) { echo "mail sent"; } else { echo "mail not sent"; }

i still think you have not allowed your user name all privileges

wherever the $con variable is defined in the code after it.

have you checked for errors?/ if (mysqli_connect_error()) { die('Could not connect to the database'); ]

create a new user in cpanel MYSQL databases with ALL privileges.

does your database have unlimited permissions?

added isset to get rid of the undefined index errors on checkid & password. also used global var scope inside of your function to declare the connection inside of the function. $password=isset($_POST['password']); $check=isset($_POST['checkid']); $con=mysqli_connect("db","dbuser","$password","db","3306"); //Gives player a new loadout function playerLoadout() { global $con; mysqli_query($con,"INSERT INTO cust_loadout_profile (cust_loadout_id, unique_id) VALUES ('$_POST[loadoutid]','$_POST[uniqueid]')"); } //Updates existing player's loadout function updateLoadout() { global $con; mysqli_query($con,"UPDATE cust_loadout_profile SET cust_loadout_id='$_POST[loadoutidchange]' WHERE unique_id='$_POST[uniqueidchange]'"); } //Creates new loadout function createLoadout() { global $con; mysqli_query($con,"INSERT INTO cust_loadout (id, inventory, backpack, description) VALUES ('$_POST[id]','$_POST[inventory]','$_POST[backpack]','$_POST[description]')"); } //Deletes selected loadout function deleteLoadout() { global $con; mysqli_query($con,"DELETE FROM cust_loadout WHERE id = '$_POST[iddelete]'"); } //Table that shows current loadouts mysql_connect("db","dbuser","password"); mysql_select_db("db"); $data = mysql_query("SELECT * FROM `cust_loadout_profile` WHERE `unique_id` = '$check' ") or die(mysql_error()); while($info = mysql_fetch_array( $data )) { Print "Current Loadout: ".$info['cust_loadout_id'] . " "; } if (!empty($_POST['uniqueid'])) { playerLoadout(); } if (!empty($_POST['uniqueidchange'])) { updateLoadout(); } if (!empty($_POST['id'])) { createLoadout(); } if (!empty($_POST['iddelete'])) { deleteLoadout(); }

http://lmgtfy.com/?q=php+edit+user+%20link

http://lmgtfy.com/?q=Adaptive+Div+CSS+design

you need to go into your Apache server php.ini and change max_execution_time from the default 20 seconds to 600 seconds which i think is ten minutes. reboot your server and this should fix this error. if you do not have access to Apache server php.ini through web hosting. you can try ini_set('max_execution time', 600);

okay so when i upload the script none of the links work on the left menu and when i login none of the links work on the back end??? it seems its not fetching any of the variables in the URL. what would cause this? i have excluded the login it works fine and was updated by cobra shortly before they discontinued it to use session logins which work fine. http://xabe.xtrahits.info/

the error is fixed however the exploit remains on your password field.

you need to find the first occurrence of 3 am i right? try using strpos

Load & Save Ajax

let us know when this has been fixed thanks.

fix your MYSQL ERROR & injection in your script read up on using PDO to sanitize and clean SQL injection. (referring to login.php) however doing so will NOT STOP CSRF attacks.

Error string found: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use'

have you tried using OPENSSL . i think this would be the best way to accomplish what you are wanting.