andy9

What exactly would the above injections achieve? Thanks again, wasn't aware of all of these methods.

Thanks Coreye, nice find. All fixed htmlentities() with quotes used...

Alright, thanks for that - I'll start implementing that soon. Thanks again.

Sorry, could you explain a little further? ???

Well, this is what you essentially want: <html> <head> <title>Title_Menu</title> </head> <body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <!--Main Content--> <table cellspacing="0" cellpadding="0"> <tr><td> <?php include("home page.php"); ?> </td></tr> <tr><td> <?php include("Nav_include.php"); ?> </td></tr> <tr><td> <?php include("Body_Include.php"); ?> </td></tr> </table> <!--End Main Content--> </body> </html> So try using that code, but I've noticed you're using 'home page.php', you may want to rename this to 'homepage.php', or 'home_page.php'. Spaces never turn out well in programming I've just done a demo, it works for me without any spaces and I used exactly the same technique as you described.

http://kbscraps.co.cc First thing first, proof of ownership of the site I'm talking about - Click Here I started programming, or coding, using PHP about 5 months ago. So far I've done two projects, one being a private social network site, very similar to Facebook. My current on-going project is that of a new 'Comical, honest technological reviews' site. I aim to create articles on technological products I personally own, or friends/colleagues who allow me to review their stuff! The reviews will hopefully include some sarcasm (my specialty), some comedy and will be completely honest from a users' perspective. So far, the articles are almost all 'Lorem Ipsum', and the rest are my own dummy text for testing simple injection methods and HTML/PHP execution via posted messages. My primary accomplishments within this project are; 99.9% of the site is designed and coded by myself, some code taken from my earlier project - currently only 1 javascript function is not written by myself All images, and layouts designed myself The site software AND forum software is FULLY coded by myself BBCode system personally coded (smiley images currently taken from the phpBB default pack) Administration Panel operational 3rd Normalised form database, checked by a professional Since I am fairly new to PHP, I understand that my site will probably be full of bugs, but I need you to find them for me. You can try anything, but if you know it will destroy the site, I'd prefer it if you told me rather than carrying it out. The registration page is operational, so you can make your own account (probably best), or you can use the one I made for people of this forum; Username: phpfreaks Password: beta123 I have backed up the entire site, including the database Currently I'm not allowing access to the admin areas, instead, here are some screenshots of administration features: This is the administration panel, only accessible by admins - else you get put back to index.php if you try to directly access it This shows a topic, viewtopic.php; Admins can sticky, lock or delete the whole topic (which then deletes all linked posts); also, admins can delete any post from any topic. If a user deletes a post from the forum - it will not be physically deleted, the message will notify people of the 'soft' deletion. Currently you cannot edit/delete comments, or edit posts - that will hopefully be implemented within the next week. Please let me know how things go for you as a user and if there's anything that needs fixing/implementing. If you do manage to break something, please let me know how and what exactly you broke Kindest regards, Andy