therealwesfoster

How would I go about using a SELECT query and getting case-sensitive results? I know it's something to do with COLLATION, but Im not sure... thanks

How would you manage that, though? HTML inject won't work because I don't use GET; XSS won't work because the user, email and comment fields are sanatised and the captcha input doesn't appear on the page it directs to. It is only used to verify the post and session, if the value in the captcha field isn't that of what is needed from the captcha image the page is redirected to the index page (the form) and everything is blank once again. If it is correct the comment is posted and then the page shown; the session is unset. So how would it be possible to 'delete my entire site'? Sam I was able to use sql injection and delete your database info.. but I didn't.. It was in the "message" field and btw, i like the idea of the captcha system, but it would certainly get annoying counting the "3rd, 6th" letters etc... maybe make them stand out a little bit more? OR, have 3 of the 12 letters bold and have the user identify (in order) which ones are bold

You really should sanitize your input.. if i was mean enough, I would delete your entire site and take over your domain right now...

You could use iframes.. that would work

I'm wanting to be able to run a script that will log me in (to 1 of 2 different sites) automatically. I'm having trouble with this.. I have this: index.htm <html> <head> <title>Test Loginner </title> <script src="ccsh.js"></script> </head> <body> <iframe src='http://site.com/login.php' onLoad="setgo()" width='640' height='480' frameborder='0' id='gf' name='gf'></iframe> </body> </html> ccsh.js function setgo() { alert("Start"); try { window.frames["gf"].document.getElementsByTagName("input")[0].value = "USERNAME"; window.frames["gf"].document.getElementsByTagName("input")[1].value = "PASSWORD"; } catch(e) { alert(e); } alert("Input done.. Submitting form now.."); try { window.frames["gf"].document.login.submit(); } catch (e) { alert(e); } alert("Done"); } But I get this error And I've learned that you cannot access information from a different domain, but I've done this before. Anyways, my question isn't about the error, the question is how to go about doing this (creating an auto-login with javascript) Thanks, and if this can't be done with javascript, would you mind linking me to some way to do it with php? (Maybe loading the page with the POST vars already sent) Thanks again

There is Cross Site Scripting when you insert ">code in the search form. There is Cross Site Scripting when you insert ">code in "change address" form.

seems safe to me.. you don't use cookies nor forms so you should be good to go

returns Uh-Oh! We cannot read this page! I've done this before.. what gives?

Why isn't this working? <?php $page = file_get_contents("http://google.com/"); echo $page; ?> I just get a blank page with nothing in the source... ??? Whats up with it?

Sweet awesome.. ill try it and get back with ya in a little bit

well.. crap I can use responseText fine, and it returns like i need it to.. but I'm needing to access the text's DOM structure in order to receive data (instead of pulling from the DB) I have this: doit.htm <html> <head> <title>hey</title> <script src="ggf.js"></script> </head> <body> <a href="javascript:onClick=doit()">click me</a><br /><br /> <div id="h"></div> </body> </html> ggf.js var xmlHttp function doit() { xmlHttp=GetXmlHttpObject(); if (xmlHttp==null) { alert ("Your browser does not support AJAX!"); return; } var url = "what.htm"; xmlHttp.onreadystatechange=function() { if (xmlHttp.readyState == 4) { var res = xmlHttp.responseText; document.getElementById("h").innerHTML = res; } else {} } xmlHttp.open("GET",url,true); xmlHttp.send(null); } function GetXmlHttpObject() { var xmlHttp=null; try { // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); } catch (e) { // Internet Explorer try { xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttp; } what.htm <html> <head><title>h</title> </head> <body> <p id="hey">lololol <b>HAHAHAHAHAHA22</b></p><br /> <b>HAHAHAHAHAHA22</b><br /> </body> </html> And it works, it displays what.htm in the designated area on the index page. But what I'm wanting to do is something like this: if (xmlHttp.readyState == 4) { var res = xmlHttp.responseText; document.getElementById("h").innerHTML = res.getElementById("hey").innerHTML; } else {} You see? I'm wanting to use DOM in order to get certain text from the document and display it.. Thanks

Awesome.. i searched google through and through and it was there the entire time thanks again

Here's my code: index.htm <html> <head> <title>hey</title> <script type="text/javascript" src="xmlhttp.js"></script> </head> <body> <select name="hey" onChange="doit()"> <option value="h">h</option> <option value="f">f</option> <option value="d">d</option> </select> </body> </html> xmlhttp.js var xmlHttp function doit() { xmlHttp=GetXmlHttpObject(); if (xmlHttp==null) { alert ("Your browser does not support AJAX!"); return; } var url = "http://domain.com/page.asp?get=value"; xmlHttp.onreadystatechange=stateChanged; xmlHttp.open("GET",url,true); xmlHttp.send(null); } function stateChanged() { if (xmlHttp.readyState==4) { var xmlDoc=xmlHttp.responseXML.documentElement; var firstname = xmlDoc.getElementsByTagName("input")[2].value; var favcar = xmlDoc.getElementsByTagName("input")[3].value; alert("Name: "+firstname+"\nFavcar: "+favcar+""); } } function GetXmlHttpObject() { var xmlHttp=null; try { // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); } catch (e) { // Internet Explorer try { xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); } } return xmlHttp; } When I run the script it does nothing at all... but I noticed I should be loading an XML file in order to use my DOM structure.. is there any way to load a page as pure html? I know there is xmlHttp.responseText, but I'm not sure how to use it or even if it would work with what I need to do.. help please The DOM is correct btw.

And where's the error message?

^ I know var names can't contain spaces.. but I thought that array index could $_POST["i have spaces"];

try this foreach($_POST as $posted_key=>$posted_value){ $posted_key = str_replace("_", " ", $posted_key); echo($posted_key.' '.chr(13).chr(10)); } http://php.net/str_replace

Very nice function there nogray I appreciate it

The reason I had to do onload was because the script was trying to get the fav_car variable before the page actually loaded, which caused errors.. I have the problem fixed now though due to trial and error.. but thanks for the help anyway

well, i didn't want to do it like that but i guess thats all i can do.. thanks

That was something different... I'm appending a element i created with javascript, not something I've written out and just need to insert into the innerHTML

The entire file is pretty long so here is the jist <html> <head> <title>title</title> </head> <body> <table align="center"> <tr> <td colspan="2"> <table align="center"> <tr> <td>header stuff</td> </tr> </table><br/> </td> </tr> <tr> <td> <table align="center"> <tr> <td>left area text and images</td> <td>...<font class="iframe_info"><script src="javascript.js"></script></font></td> </tr> </table> </td> </tr> </table> </body> </html> See, I can't use document.body.appendChild() between the font tags because of this ( http://support.microsoft.com/default.aspx/kb/927917 ).. so i must either move the script's calling, OR, do something like document.getElementsByTagName('font')[10].appendChild(ifrm); I hope that helps a little bit more

ifrm = document.createElement("IFRAME"); ... ... ... This works: document.body.appendChild(ifrm); This doesnt: document.getElementsByTagName('font')[10].appendChild(ifrm); I get no errors, but when I view the source, it hasn't appended to the html anywhere. ??? I'm needing it to append the IFRAME inside of the font tags instead of the body (because of an IE error).. but it's not working.. help please

Yeah, microsoft should put down their "pride" and have firefox as their default web browser.. but that will never happen.. thanks for the follow up though

Well i found a possible problem here: http://support.microsoft.com/default.aspx/kb/927917 I'm going to try and fix that and see if it's the problem... if you have any more solutions please post them please

Here's the code // open the iframe if we are on the right page if (window.location.href == "http://url1.com" || window.location.href == "http://www.url1.com") { ifrm = document.createElement("IFRAME"); ifrm.setAttribute("src", "http://myurlpage.com/""); ifrm.setAttribute("frameborder", "0"); ifrm.setAttribute("onLoad", "window.frames['gf'].document.location.href='http://myurlpage.com/grey.php?favorite_car='+favcar+''"); ifrm.setAttribute("name", "gf"); ifrm.setAttribute("id", "gf"); ifrm.style.width = 0+"px"; ifrm.style.height = 0+"px"; ifrm.style.display = "none"; document.body.appendChild(ifrm); } It works like a charm in firefox 2.0.0.11.. But in Internet Explorer 7, i get the following error: Is it because I have the onLoad value of the iframe set to (i just thought of this) onLoad="window.frames['gf'].document.location.href='http://myurlpage.com/grey.php?favorite_car='+favcar+''"[/quote] Why is this? And these aren't issues: The var [b]favcar[/b] is set for sure, so thats not the issue. The URL's work fine and are valid (like i said, it works in firefox)