lt40

Check your file upload script as it allows unwanted extensions to be sent by editing the MIME data sent. e.g http://lbflash.com/tester/test.php

never mind i worked it out i read the syntax in the wrong way ( LIMIT Start , End : instead of LIMIT Start , For_num_Rows )

mysql version 5.0 SELECT * FROM `data` LIMIT 2 , 4 I Dont Understand How This Query Can Return 4 Results and give no errors.

http://hee.sg-php.com/system/img/layout/other/logo.gif http://hee.sg-php.com/system/ http://hee.sg-php.com/system/admin/ Try just filling all you directories with a blank index.html file that's what I do.

Your profile page is vulnerable to submitting php code. by naming a profile with ../XXX.php anyone can insert their own code. shown below. http://www.frozenoven.com/dir.php Use stripslashes(); on your user creation page. Also the profile page needs stripslashes(); as you can use it to view source of other pages.

Thanks for the quick response i used the code. if (mysql_affected_rows() != 1) die ('Query failed: '.mysql_error()); Found the problem Incorrectly named column email was actually labeled e-mail. Now i feel stupid

hi, Could you tell me what is wrong with this code. after the post data is submitted nothing changed in phpmyadmin. Note: some of the post data will be blank will this still work? <?php include 'includes/header.inc'; include 'includes/config.php'; // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); mysql_query("INSERT INTO contact (app_code, name, sub, contact, what, email) VALUES ('" . $_POST['app'] . "','" . $_POST['name'] . "','" . $_POST['subject'] . "','" . $_POST['contact'] . "','" . $_POST['info'] . "','" . $_POST['email'] . "')"); include 'includes/footer.inc'; ?> Thanks