Jump to content

chrissie18

Members
  • Posts

    17
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

chrissie18's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. know i am going to get rid of the nasty html and put it in smarty
  2. wow :D:D thanks a lot for all your help :D:D
  3. thnx i wasn`t that for with my script but i have added it what else can i do preventing the injections i have know added addslashes, htmlspecialchars, strip_tags
  4. yeah i know the edit post is crazy i dint want to add code lol
  5. <? include('config.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <meta name="description" content="Exxelent is a online dealer game host where you can start your own dealer game"/> <meta name="keywords" content="exxelent, dealer, game, gratis, free, win, paid"/> <meta name="author" content="chrissie"/> <link rel="stylesheet" type="text/css" href="default.css" media="screen"/> <title><? echo"$sitename"; ?></title> </head> <body> <div class="outer-container"> <div class="inner-container"> <div class="header"> <div class="title"> <span class="sitename"><a href="index.php"><? echo"$sitename"; ?></a></span> <div class="slogan">Your Own DealerGame</div> </div> </div> <div class="path"> <a href="index.php">Home</a> &#8250; <a href="register.php">Aanmelden</a> &#8250; <a href="login.php">Login</a> </div> <div class="main"> <div class="content"> <h1>Profiel wijzigen</h1> <div class="descr"></div> <p>Hier kun je je eigen profiel aanpassen en dat van je game<br /></p> <?php if (isset($logged['id'])) { if (isset($_POST['submit'])) { $email = isset($_POST['email'])?addslashes(htmlspecialchars($_POST['email'])):""; $location = isset($_POST['location'])?addslashes(htmlspecialchars($_POST['location'])):""; $dername = isset($_POST['dername'])?addslashes(htmlspecialchars($_POST['dername'])):""; $welcomet = isset($_POST['welcomet'])?addslashes(htmlspecialchars($_POST['welcomet'])):""; //updates there profile in the db $update = mysql_query("UPDATE `members` SET `email` = '$email', `welcomet` = '$welcomet', `dername` = '$dername', `location` = '$location' WHERE `username` = '$logged[username]'") or die(mysql_error()); echo "Profiel is geupdate!"; } $getuser = mysql_query("SELECT * FROM `members` WHERE `username` = '$logged[username]'") or die(mysql_error()); $user = mysql_fetch_array($getuser); echo "<form action='editprofile.php?update' method='post'> Email: <input type='text' name='email' size='30' maxlength='55' value='$user[email]'><br> Land: <input type='text' name='location' size='30' maxlength='40' value='$user[location]'><br> dealernaam: <input type='text' name='dername' size='30' maxlength='40' value='$user[welcomet]'><br> Welkoms tekst: <input type='text' name='welcomet' size='90' maxlength='240' value='$user[dername]'><br> <input type='submit' value='Update' name='submit'> </form>"; }else{ echo "Je bent niet ingelogd."; } ?> </div> <div class="navigation"> <h2>Menu</h2> <ul> <li><a href="index.php">index</a></li> <li><a href="register.php">aanmelden</a></li> <?php if(isset($logged['id'])) { //Logged in code }else { echo "<li><a href=\"login.php\">login</a></li>"; } ?> <li><a href="members.php">leden</a></li> </ul> </div> <div class="navigation"> <?php if(isset($logged['id'])) { echo"<h2>Ledenmenu</h2> <ul> <li><a href=\"editprofile.php\">Wijzig profiel</a></li> <li><a href=\"changepass.php\">Verander wachtwoord</a></li> <li><a href=\"logout.php\">Uitloggen</a></li> </ul>"; } ?> </div> <div class="clearer"> </div> </div> <div class="footer"> <span class="left"> © 2008 <a href="index.php">exxelent.nl</a> Valid <a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a> </span> <span class="right">Design by <a href="http://arcsin.se/">Arcsin</a> <a href="http://templates.arcsin.se/">Web Templates</a></span> <div class="clearer"></div> </div> </div> </div> </body> </html>
  6. The XSS is that only on the change password or on the whole script?
  7. Hey everyone i have made my membership on my site and i need someone to test my stuff the url to my site is: http://www.exxelent.co.cc login information: username: test password: test Thnk you all
  8. i know it was bit wrong but i noticed something with the VALUES it was ( '', '', 'size', '' , 'noimage.png', 'noimage_big.png');"; think that`s not good space before the ( ? think it need to be: ('', '', 'size', '' , 'noimage.png', 'noimage_big.png');";
  9. maybe you can try this: $sql = "INSERT INTO `products` (``, `category_id` , `title` , `size` , `description` , `image` , `imageenlarge`) VALUES ('', '', '', 'size', '' , 'noimage.png', 'noimage_big.png');";
  10. omfg whahaha i found the problem i checked again the mysql database and i wrote the dername with a D not d know it is working Thnx for all the help
  11. yeah the page is already blank dername is blank and welcomet is blank the rest is filled up in (mysql) they are filled up with text but it seems he don`t want to get the text from it
  12. you are not the only one i think haha but hey still not working same errors tried everything stupid thing ???
  13. ok i changed it but what`s the problem with the Notice: Undefined index: dername in can`t get them fixed tried different things
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.