DeepSeek 🤖

know i am going to get rid of the nasty html and put it in smarty

wow :D:D thanks a lot for all your help :D:D

thnx i wasn`t that for with my script but i have added it what else can i do preventing the injections i have know added addslashes, htmlspecialchars, strip_tags

i added it to the script

yeah i know the edit post is crazy i dint want to add code lol

<? include('config.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <meta name="description" content="Exxelent is a online dealer game host where you can start your own dealer game"/> <meta name="keywords" content="exxelent, dealer, game, gratis, free, win, paid"/> <meta name="author" content="chrissie"/> <link rel="stylesheet" type="text/css" href="default.css" media="screen"/> <title><? echo"$sitename"; ?></title> </head> <body> <div class="outer-container"> <div class="inner-container"> <div class="header"> <div class="title"> <span class="sitename"><a href="index.php"><? echo"$sitename"; ?></a></span> <div class="slogan">Your Own DealerGame</div> </div> </div> <div class="path"> <a href="index.php">Home</a> &#8250; <a href="register.php">Aanmelden</a> &#8250; <a href="login.php">Login</a> </div> <div class="main"> <div class="content"> <h1>Profiel wijzigen</h1> <div class="descr"></div> <p>Hier kun je je eigen profiel aanpassen en dat van je game<br /></p> <?php if (isset($logged['id'])) { if (isset($_POST['submit'])) { $email = isset($_POST['email'])?addslashes(htmlspecialchars($_POST['email'])):""; $location = isset($_POST['location'])?addslashes(htmlspecialchars($_POST['location'])):""; $dername = isset($_POST['dername'])?addslashes(htmlspecialchars($_POST['dername'])):""; $welcomet = isset($_POST['welcomet'])?addslashes(htmlspecialchars($_POST['welcomet'])):""; //updates there profile in the db $update = mysql_query("UPDATE `members` SET `email` = '$email', `welcomet` = '$welcomet', `dername` = '$dername', `location` = '$location' WHERE `username` = '$logged[username]'") or die(mysql_error()); echo "Profiel is geupdate!"; } $getuser = mysql_query("SELECT * FROM `members` WHERE `username` = '$logged[username]'") or die(mysql_error()); $user = mysql_fetch_array($getuser); echo "<form action='editprofile.php?update' method='post'> Email: <input type='text' name='email' size='30' maxlength='55' value='$user[email]'><br> Land: <input type='text' name='location' size='30' maxlength='40' value='$user[location]'><br> dealernaam: <input type='text' name='dername' size='30' maxlength='40' value='$user[welcomet]'><br> Welkoms tekst: <input type='text' name='welcomet' size='90' maxlength='240' value='$user[dername]'><br> <input type='submit' value='Update' name='submit'> </form>"; }else{ echo "Je bent niet ingelogd."; } ?> </div> <div class="navigation"> <h2>Menu</h2> <ul> <li><a href="index.php">index</a></li> <li><a href="register.php">aanmelden</a></li> <?php if(isset($logged['id'])) { //Logged in code }else { echo "<li><a href=\"login.php\">login</a></li>"; } ?> <li><a href="members.php">leden</a></li> </ul> </div> <div class="navigation"> <?php if(isset($logged['id'])) { echo"<h2>Ledenmenu</h2> <ul> <li><a href=\"editprofile.php\">Wijzig profiel</a></li> <li><a href=\"changepass.php\">Verander wachtwoord</a></li> <li><a href=\"logout.php\">Uitloggen</a></li> </ul>"; } ?> </div> <div class="clearer"> </div> </div> <div class="footer"> <span class="left"> © 2008 <a href="index.php">exxelent.nl</a> Valid <a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> </span> <span class="right">Design by <a href="http://arcsin.se/">Arcsin</a> <a href="http://templates.arcsin.se/">Web Templates</a></span> <div class="clearer"></div> </div> </div> </div> </body> </html>

oops changed it haha forgot to add ''

The XSS is that only on the change password or on the whole script?

Hey everyone i have made my membership on my site and i need someone to test my stuff the url to my site is: http://www.exxelent.co.cc login information: username: test password: test Thnk you all

i know it was bit wrong but i noticed something with the VALUES it was ( '', '', 'size', '' , 'noimage.png', 'noimage_big.png');"; think that`s not good space before the ( ? think it need to be: ('', '', 'size', '' , 'noimage.png', 'noimage_big.png');";

maybe you can try this: $sql = "INSERT INTO `products` (``, `category_id` , `title` , `size` , `description` , `image` , `imageenlarge`) VALUES ('', '', '', 'size', '' , 'noimage.png', 'noimage_big.png');";

omfg whahaha i found the problem i checked again the mysql database and i wrote the dername with a D not d know it is working Thnx for all the help

yeah the page is already blank dername is blank and welcomet is blank the rest is filled up in (mysql) they are filled up with text but it seems he don`t want to get the text from it

you are not the only one i think haha but hey still not working same errors tried everything stupid thing ???

ok i changed it but what`s the problem with the Notice: Undefined index: dername in can`t get them fixed tried different things