[Calling data from MySQL]

//Checks if there is a login cookie
if(isset($_COOKIE[".SITE_NAME."]))


if(!isset($username) | !isset($password)) { //check if they are logged in

 

you are missing an open bracket at the start of your first if

[[SOLVED] strip_slashes() and html form security]

If you really want to know about PHP security, read the PHP Security Guide

 

Ken

 

OWNED lol

 

pays to read i guess...ty = )

[[SOLVED] strip_slashes() and html form security]

htmlentities() mebbe?

 

You know what? that is pretty cool...i checked on php.net what it was about and i like this one better. At least with this one if i was to log a page I could tell if someone was trying to put crazyness into my forms. while the other one would just strip it.

 

Im sure i could assign a seperate var before i strip the tags and then store it in  a text file or maybe break it somehow...so it wouldnt be dangerous. but would just using strip_tags() be suffice or would i still be open to attacks. i dont want a whole lot of string functions when there is no need..i understand its all based on what you want your form to do or process i just wanted a general idea. thanks for the info on that function tho i really like it

[[SOLVED] strip_slashes() and html form security]

that is what i ment...strip_tags...oops? that is what i ment from the beginning

 

so ill ask my question again only this time correctly

 

is strip_tags() good enough to use to stop sql or php or html manipulation entered in to a html form post box?

 

My bad.... LOL

 

[[SOLVED] strip_slashes() and html form security]

is strip_slashes() good enough to use to stop sql or php or html manipulation entered in to a html form post box?

 

I understand there is still JS issues that i haven't looked into yet and url manipulation with mysql. Any short advise on those topics are appreciated but for now im just worried about html forms. Is killing slashes suffice? I know with a comma you can allow certain tags for certain situations.

 

the form is username and password login and register for now, i havent used it anywhere else yet just so you have an idea what im working with.

 

[[SOLVED] isset or no isset]

yea, im checking to see if the value is == to 1. im new at this stuff, so i guess i want to check if a user is signed in sorta speak. if they are then it shows stuff, if it isnt it shows something else. i changed the source to isset and it works fine. both work fine, i was just curious. so i guess it doesnt matter?

[[SOLVED] isset or no isset]

session_start();
if($_SESSION[loggedin]) {

include('sidebar.php');
include('connect.php');
}

else{
print "bla";
}

 

Or should i use

 

session_start();
if(isset($_SESSION[loggedin])) {

include('sidebar.php');
include('connect.php');
}

else{
print "bla";
}

 

or does it really matter