Jump to content

dachshund

Members
 View Profile  See their activity

  • Posts

    312

  • Joined

  • Last visited

 Content Type 

Everything posted by dachshund

  1. dachshund
    It's not PHP, but if anyone could tell me what that means and how I can edit it I would be eternally grateful. <Directory /var/www/vhosts/webaddress.co.uk/httpdocs> RMode config RUidGid (username) psacln </Directory>
  2. dachshund
    so instead of: $id = mysql_real_escape_string($_GET['id']); $id = trim(htmlentities($id)); i can just have: $id = (int)$_GET['id']; and it will be just as safe?
  3. dachshund
    ok, this is what I have now: $id = mysql_real_escape_string($_GET['id']); if ($id != (int)$id) { echo "Invalid ID"; }else { $sql = "UPDATE content SET views=views+1 WHERE id='$id'"; mysql_query($sql) or die (mysql_error()); } $sql = "SELECT * FROM content WHERE id LIKE $id LIMIT 1"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ is there anything else I should do?
  4. dachshund
    ok, thanks. so is it this part of the code that's vulnerable? $sql = "SELECT * FROM content WHERE id LIKE $id LIMIT 1"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){
  5. dachshund
    Hi, Just received this email from a random person saying they were able to obtain the username and password for the site admin page from the MySql Database: [07:33:33] [iNFO] testing if GET parameter 'id' is dynamic [07:33:34] [iNFO] confirming that GET parameter 'id' is dynamic [07:33:35] [iNFO] GET parameter 'id' is dynamic [07:33:35] [iNFO] testing sql injection on GET parameter 'id' with 0 parenthesis [07:33:35] [iNFO] testing unescaped numeric injection on GET parameter 'id' [07:33:37] [iNFO] confirming unescaped numeric injection on GET parameter 'id' [07:33:37] [iNFO] GET parameter 'id' is unescaped numeric injectable with 0 parenthesis [07:33:37] [iNFO] testing for parenthesis on injectable parameter [07:33:40] [iNFO] the injectable parameter requires 0 parenthesis [07:33:40] [iNFO] testing MySQL [07:33:41] [iNFO] confirming MySQL [07:33:41] [iNFO] query: SELECT 0 FROM information_schema.TABLES LIMIT 0, 1 [07:33:41] [iNFO] retrieved: 0 [07:33:51] [iNFO] performed 13 queries in 9 seconds [07:33:51] [iNFO] the back-end DBMS is MySQL web server operating system: Linux Red Hat web application technology: PHP 5.2.11, Apache 2.2.3 back-end DBMS: MySQL >= 5.0.0 +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + | admin | email | firstname | lastname | password | userid | username | +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + | 1 | blah | blah | blah | blah | 1 | blah | +-------+------------------------ +----------- +---------- +---------------------------------- +--------+--------------- + blah MD5 : blah -- I've changed all the details to 'blah' for the purpose of this post. Does anyone know how I can secure my PHP to stock this injection? Thanks, Jack
  6. dachshund
    Hi there, I have a newsletter sign up form which just puts the data (id and email) into a mysql table. To stop people hacking the site, is there a way to make sure the only thing being submitted in the input is an email address? Here's my current form and submit php: <?php $mailer = $_GET['mailer']; if ($mailer == 'added') { $email=$_POST['email']; if($email == '') { echo '<div class="daily_not_submitted"><span style="padding-right:6px;"><img src="https://store.huhmagazine.co.uk/images/cross.jpg"></span>Please fill in all the fields.</div>'; }else { $sql="INSERT INTO `dailymailer` (`email`) VALUES ('$email');"; $result=mysql_query($sql) or die(mysql_error()); if($result){ echo "<div class='daily_submitted'><span style='padding-right:6px;'><img src='http://www.huhmagazine.co.uk/images/uploaded/checkboxtick.jpg'></span>Thank you.</div>"; } else { echo "Error\n"; } } } ?> <div id="sidebarnewsletter"> <form name="mailinglist" method="post" action="?mailer=added"> <input type="text" name="email" class="sidebarnewsletter" placeholder="Enter Your Email Address" /> <input type="submit" class="sidebarnewsletter_button" value="Sign Up"> </form> <div class="clear"></div> </div>
  7. dachshund
    Cool - cheers!
  8. dachshund
    I'm trying to add voucher codes to my shopping basket. When someone submits a voucher code it adds ?vouchercode=WHATEVERTHECODE to the URL. I then $_GET this data and store is as $_SESSION['vouchercode']. The problem is, on the next page it $_GET's the ?vouchercode again, which is this time blank, and sets the session to blank as well. Any help? Here's my code: $vouchercode = $_GET['vouchercode']; $_SESSION['vouchercode'] = $vouchercode; if ($rows['brand'] == 'Dank' AND $_SESSION['vouchercode'] == 'DANKINT') { echo 'Voucher Code DANKINT Used'; }
  9. dachshund
    hi, i have a column in a list of products called 'price'. it's a varchar column. each price is in this format 8.00 or 12.00 always with 2 decimals. when i try and sort by price it only goes by the first number, so something that's 1.00 will be next to something that's 100.00. if i make the column INT then it works, but then i can't have a decimal. anyone know how to fix this? thanks, jack
  10. dachshund
    To add items to my shopping cart the user must select a size and then click 'add to basket'. When they do this is adds the item and corresponding size to a string in this format 1s2 where 1 is the id and 2 is the size. Multiple items would look like this 1s2,2s1,1s2 That's all fine. The problem I am now having is getting the code to recognise 1s2 exists twice in the string and putting the $qty to 2 for that item. Here is my current code. Any help on this would be HUGELY appreciated as it's doing my head in! Thanks! <div id="view_basket"> <ul> <?php $basket = $_SESSION['basket']; if ($basket) { $data = preg_split("#[s,]#", $basket); $data = array_chunk($data, 2); foreach($data as $key => $val) $contents[] = (isset($contents[$data])) ? $contents[$data] + 1 : 1; echo '<form action="basket.php?action=update" method="post">'; echo '<table>'; foreach ($data as $id=>$qty) { $sql = "SELECT * FROM store WHERE id LIKE '$id' AND live LIKE '0'"; $result = mysql_query($sql); while ($rows = mysql_fetch_array($result)) { extract($rows); ?> <li> <div id="view_basket_image"> <img src="<?php echo $rows['indeximage']; ?>" /> </div> <div id="view_basket_title"> <span class="view_basket_brand"><?php echo $rows['brand']; ?> ·</span> <span class="view_basket_description"><?php echo $rows['title']; ?></span> </div> <div id="view_basket_qty"> <input type="text" name="qty<?php echo $id; ?>" value="<?php echo $qty; ?>" size="3" maxlength="3" class="view_basket_qty" /> </div> <div id="view_basket_price"> <span class="view_basket_x">x</span>£<?php echo $rows['price']; ?> <?php /* WORK OUT ITEM WEIGHTS */ $itemweight = $rows['weight'] * $qty; $totalweight += $rows['weight'] * $qty; ?> </div> <div id="view_basket_itemtotal"> <?php $itemtotalprice = $rows['price'] * $qty; $itemtotal = number_format($itemtotalprice, 2, '.', ','); echo '&pound'; echo $itemtotal; $total += $rows['price'] * $qty; ?> </div> <div class="clear"></div> </li> <?php } } ?> </ul> </div> <?php } ?>
  11. dachshund
    <?php $image = $_GET['img']; $query = mysql_query("SELECT * FROM uploaded_images WHERE id LIKE $image"); while ($rows = mysql_fetch_array($query)) { ?> <img src="<?php echo $rows['url']; ?>" /> <?php } ?>
  12. dachshund
    not sure i entirely understand? sorry!
  13. dachshund
    Thanks to the help of user Winstons on another post I've managed to almost finished this bit of code. I thought I would move it over because the other subject doesn't explain the new problem that's occured. Basically it's a shopping cart with contains both the id of selected items and the selected size in a session. Everything is stored like this 12s3,6s1 etc. Where 12 and 6 are the item ids and then 3 and 1 are the selected size of that item. In the code below when I do: <?php echo 'ID ' . $val[0] . '; Size: ' . $val[1] . '<br/>'; ?> Each of the items and their accompanying size is echoed out perfectly. However if there are two of 12s3 is would need to recognise that and change the quantity ($qty) to 2, rather than display the same item twice. Here is my code. Any help would be great. <div id="view_basket"> <ul> <?php $basket = $_SESSION['basket']; if ($basket) { $data = preg_split("#[s,]#", $basket); $data = array_chunk($data, 2); foreach($data as $key => $val) $contents[] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; echo '<form action="basket.php?action=update" method="post">'; echo '<table>'; foreach ($data as $id=>$qty) { $sql = "SELECT * FROM store WHERE id LIKE '$id' AND live LIKE '0'"; $result = mysql_query($sql); while ($rows = mysql_fetch_array($result)) { extract($rows); ?> <li> <div id="view_basket_image"> <img src="<?php echo $rows['indeximage']; ?>" /> </div> <div id="view_basket_title"> <span class="view_basket_brand"><?php echo $rows['brand']; ?> ·</span> <span class="view_basket_description"><?php echo $rows['title']; ?></span> </div> <div id="view_basket_qty"> <input type="text" name="qty<?php echo $id; ?>" value="<?php echo $qty; ?>" size="3" maxlength="3" class="view_basket_qty" /> </div> <div id="view_basket_price"> <span class="view_basket_x">x</span>£<?php echo $rows['price']; ?> <?php /* WORK OUT ITEM WEIGHTS */ $itemweight = $rows['weight'] * $qty; $totalweight += $rows['weight'] * $qty; ?> </div> <div id="view_basket_itemtotal"> <?php $itemtotalprice = $rows['price'] * $qty; $itemtotal = number_format($itemtotalprice, 2, '.', ','); echo '&pound'; echo $itemtotal; $total += $rows['price'] * $qty; ?> </div> <div class="clear"></div> </li> <?php } } ?> </ul> </div> <?php } ?>
  14. dachshund
    ok. i don't think that's where the problem is though. it hasn't changed anything
  15. dachshund
    here's the relevant stuff. the rest is unrelated. function showBasket() { ?> <div id="view_basket"> <ul> <?php $basket = $_SESSION['basket']; if ($basket) { $data = preg_split("#[s,]#", $basket); $data = array_chunk($data, 2); foreach($data as $key => $val) { $contents[] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; } echo '<form action="basket.php?action=update" method="post">'; echo '<table>'; foreach ($data as $id=>$qty) { $sql = "SELECT * FROM store WHERE id LIKE '$id' AND live LIKE '0'"; $result = mysql_query($sql); while ($rows = mysql_fetch_array($result)) { extract($row); ?> <li> <div id="view_basket_image"> <img src="<?php echo $rows['indeximage']; ?>" /> </div> <div id="view_basket_title"> <span class="view_basket_brand"><?php echo $rows['brand']; ?> ·</span> <span class="view_basket_description"><?php echo $rows['title']; ?></span> </div> <div id="view_basket_qty"> <input type="text" name="qty<?php echo $id; ?>" value="<?php echo $qty; ?>" size="3" maxlength="3" class="view_basket_qty" /> </div> <div id="view_basket_price"> <span class="view_basket_x">x</span>£<?php echo $rows['price']; ?> <?php /* WORK OUT ITEM WEIGHTS */ $itemweight = $rows['weight'] * $qty; $totalweight += $rows['weight'] * $qty; ?> </div> <div id="view_basket_itemtotal"> <?php $itemtotalprice = $rows['price'] * $qty; $itemtotal = number_format($itemtotalprice, 2, '.', ','); echo '&pound'; echo $itemtotal; $total += $rows['price'] * $qty; ?> </div> <div class="clear"></div> </li> <?php } } ?> </ul> </div>
  16. dachshund
    still blank. this is my php <?php $basket = $_SESSION['basket']; if ($basket) { $data = preg_split("#[s,]#", $basket); $data = array_chunk($data, 2); foreach($data as $key => $val) { $contents[] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; } echo '<form action="basket.php?action=update" method="post">'; echo '<table>'; foreach ($data as $id=>$qty) { $sql = "SELECT * FROM store WHERE id LIKE '$id' AND live LIKE '0'"; $result = mysql_query($sql); while ($rows = mysql_fetch_array($result)) { extract($row); ?>
  17. dachshund
    weird. now it's completely blank and not showing any items and I can't get it to show them again…
  18. dachshund
    i thought that, so tried it, but it is still the same
  19. dachshund
    i have <?php echo print_r($qty) ?> as the value in the input of the view_basket_qty div at the bottom of the code above. that is the part that echos array. it also kills the rest of the loop. thanks
  20. dachshund
    still no luck. it still says "array". here's what i have <?php $basket = $_SESSION['basket']; if ($basket) { $data = preg_split("#[s,]#", $basket); $data = array_chunk($data, 2); foreach($data as $key => $val) { $contents[] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; } echo '<form action="basket.php?action=update" method="post">'; echo '<table>'; foreach ($data as $id=>$qty) { $sql = "SELECT * FROM store WHERE id LIKE '$id' AND live LIKE '0'"; $result = mysql_query($sql); while ($rows = mysql_fetch_array($result)) { extract($rows); ?> <li> <div id="view_basket_image"> <img src="<?php echo $rows['indeximage']; ?>" /> </div> <div id="view_basket_title"> <span class="view_basket_brand"><?php echo $rows['brand']; ?> ·</span> <span class="view_basket_description"><?php echo $rows['title']; ?></span> </div> <div id="view_basket_qty"> <input type="text" name="qty<?php echo $id; ?>" value="<?php echo print_r($qty); ?>" size="3" maxlength="3" class="view_basket_qty" /> </div>
  21. dachshund
    thanks! almost there. 1 last thing. $qty is now being echoed out as "array". any ideas why? and thank you for your time. this has been messing with my head. <?php $basket = $_SESSION['basket']; if ($basket) { $data = preg_split("#[s,]#", $basket); $data = array_chunk($data, 2); foreach($data as $key => $val) { $contents[] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; } echo '<form action="basket.php?action=update" method="post">'; echo '<table>'; foreach ($data as $id=>$qty) { $sql = "SELECT * FROM store WHERE id LIKE '$id' AND live LIKE '0'"; $result = mysql_query($sql); while ($rows = mysql_fetch_array($result)) { extract($row); ?>
  22. dachshund
    sorry, but then how do i condense the duplicates? so for example if someone selects 1s2,1s2 in my current code it would show up as one item (id 1) with quantity at 2. the full code is: <?php $basket = $_SESSION['basket']; if ($basket) { $items = explode(',',$basket); $contents = array(); foreach ($items as $item) { $contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; } echo '<form action="basket.php?action=update" method="post">'; echo '<table>'; foreach ($contents as $id=>$qty) { $sql = "SELECT * FROM store WHERE id LIKE '$id' AND live LIKE '0'"; $result = mysql_query($sql); while ($rows = mysql_fetch_array($result)) { extract($row); ?>
  23. dachshund
    sorry, i don't really understand these. would you be able to edit my current version so i can understand what's what a little better? $basket = $_SESSION['basket']; if ($basket) { $items = explode(',',$basket); $contents = array(); foreach ($items as $item) { $contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; }
  24. dachshund
    thanks guys, will this work to seperate the commas as well. if there's more than 1 item it is currently just the ids, like - 1,12,16,28 now with the size it will be - 1s1,12s2,16s3,28s1 the current code I have is: $basket = $_SESSION['basket']; if ($basket) { $items = explode(',',$basket); $contents = array(); foreach ($items as $item) { $contents[$item] = (isset($contents[$item])) ? $contents[$item] + 1 : 1; }
  25. dachshund
    Hi there, In a string for a shopping cart I am storing both the item id and the item size selected in a number like this 12s1 where 12 is the id and 1 is the size. How can I separate these from one another again? I'm guessing it's to do with expand() ? Thanks, Jack
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.