dannyb785

can you tell me where file input was accepted? or do you mean that there was a folder found with permissions that allow an upload?

whooooooooooooooooooooooooaaa!! are you serious?? thats awesome!!

^ haha, well someone out there has voted a few thousand times. And can someone tell me how they're masking their ip? In my ip-tracking column, sometimes there's "<script>blahblah</script>" among other interesting stuff, but it's a field that the user had no control of(atleast I thought)

^ oh lol gotcha. I guess you weren't the one who was doing the mass votes. I have the results appearing now, I just need to make it look nice possibly with bars, or atleast aligning them evenly

I went ahead and did the ENT_QUOTES parameter for my htmlentities function. thank you for it, I wasn't aware of it.

Lol I know. but I figured if you were the one doing a few thousand votes, that you'd wanna see the results reflect that

Haha and I just caught why you want me to do it... you wanna see the damage you've caused

I did htmlentities bc I thought that by doing it, it erased any chance of using js/html. Do I need to use both? And I know what you mean about displaying results... that's been me being lazy. I'll get to it by tomorrow night

Thank you for catching those 2! I got them both fixed. Very helpful

^ That was actually done by them. each page is custom edit-able by them so they can choose to put whatever they want. I can only suggest they not do it, but I cant change it

Ok so I got that done... awesome... not what would be the best way to prevent a visitor from submitting the form a million times, whether by clicking refresh or with a script. Thru sessions? or something else

I understand your suggestion about validation, but at the moment, I have it setup so my client can create the form themself(my system does most of the work for them) so they basically just create the field title and if it's required or not. But it's all just submitted to a database for my client to read and look over so validation isn't required, but more just suggested. So I use simple js to validate a blank field bc the typical user who is filling out the form isn't going to try and hack around it to keep the field blank.

Would just htmlentities do the job? I read somewhere that strip_tags doesnt completely remove all possible malicious input

would adding htmlentities help this problem? I'm scared to run the script to see what it does!

do you mean js validation? Or server-side filtering? And how can you tell because once something is submitted, it's never repeated back to the user nor made public

I know what you're saying. It has its place on some pages, depending on the company's theme. This one is a college group and the director told me he wanted something 'rough-around-the-edges'.

Hello all, this is a client of mine's page. The only parts that even allow user input are on the contacts page(typing info to be emailed), the polls that you vote on, and the search field. So there shouldn't be any main security vulnerability, however there is a behind-the-scenes area to log into and edit things so I suppose just make a sure someone couldn't accidently stumble into it(it requires the user to be logged in even if they did know the address of the page). http://www.xausf.com

sorry, had I been to the site earlier, I would've expound on my post by explaining what you figured out. But I feel it's better that you figured it out since we won't be here all the time.. I learned by hours of troubleshooting

Yea, I didn't realize that you'd have a different value in each input field. I thought you'd have ("Name") in every input but then I realized you'd have a different value like "Phone" and whatnot

I'm not sure if that first name was a joke or not but a quick typo I noticed: if(document.getElementById('urnmae').value=='') { alert('You must enter a name!'); document.getElementById('urname').focus(); } first line has urnmae and the 4th is urname but regardless, it's not going to work because you're calling a string into the function and it's not gonna do what you need. You need to replace "Name" with 'this.value'(without the single quotes) and make sure there are no quotes in the function in the input field

Beta Test Your Stuff! Post a link to your work with inputs and expected outputs for people to test. A mod can move it if it's a problem.

that made me lol

It's the way the template is setup. It's a separate image, so you need to hover for about 2 seconds. I need a way to preload the hover images so that this doesn't happen. I havent tried anything yet, but I think maybe just loading them and giving them a position of like position:absolute; top: -1000px. You think that'd do it?

I don't have(or know) the exact code, but it should be something like this: -read file A line by line -write each line to file B, as long as it's not blank(or long as it's not whatever line you want to not be printed), so you'd do a conditional[ if($data != "whatever") fprintf(something); ] or something to that effect. Look up fopen, fprintf, and similar functions, then you'll gert an idea of how to write the code for it. that's pretty much it.

Ready for the complicated, in depth, difficult code to accomplish this task? It goes like this: you will have a file in your main directory called '.htaccess'(just that, no more no less). Open it in an editor, and add the following lines: RewriteEngine on RewriteRule ^([a-zA-Z0-9_-]+)$ viewprofile.php?user=$1 RewriteRule ^([a-zA-Z0-9_-]+)/$ viewprofile.php?user=$1 Granted, viewprofile.php and the $_GET['user'] variable needs to be replaced with whatever page you have that views the user's profile