NaveAdair

Alright, cool. So, I've included the GET and put the rewrite into .htaccess. The includes work again, and I've test RFI by trying to include a few sites (like Google) to no avail. It seems that site it both working, and secure, and it was easier than I'd imagined. Thanks for your help.

Posted all the PHP on the page above. The rest of the page is just an HTML layout. But, even if I do fix the include, I need to make sure it's secure, too. Otherwise, I'm in the same position I was in (my page being insecure and open to remote file inclusion).

How would I declare what page is? Before updating to PHP5, it worked fine. Also, how can I secure it so that external URLs can't be used?

Thanks for replying. There's nothing to it, seriously. I link to pages like: <a href="http://www.website.com/?page=var And index contains: <?php if ($page != null) include $page.".php"; else include "home.php"; ?> If you could tell me how to make it work in PHP5, and how to make it be secure, I'd greatly appreciate it.

I have a few PHP files. Currently, if the URL contains page=var, index includes var.php, otherwise it includes home.php. Apparently, this method makes the site easy to hack through Remote File Inclusion. Also, using PHP5 breaks this method entirely, as no matter what you set page to in the URL, it includes home.php. What's the best way to do this without using the URL? Give example code if possible. I've used PHP for a while but haven't really gotten past the beginner level. I'd really appreciate any help. Thanks.

http://rfcy.net/fitness/beta/videos.php For the most part, the pull-up menu on the bottom of the page is on top. However, the YouTube videos, when embedded, are over it... causing navigation problems. Setting the z-index doesn't seem to help. Thanks in advance for any help.

I have a page that's calling data from a MySQL table. One thing it's calling is an id number. I've changed an id number from 11 to 7. However, when it calls the data, it's still retrieving an 11. This pretty much breaks everything. I've refreshed, restarted Apache, etc. and it's still happening. Here's where the call is being made: while($pterow3 = mysql_fetch_array($pteditr3)) echo "<option value=\"".$pterow3['id']."\">".$pterow3['title']."</option>";

Well, that fixed it. I forgot to create the "images" directory. XD Thanks, all.

That doubled the amount of error messages, for better or worse. Warning: move_uploaded_file(images/1240606194.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\xampp\htdocs\Residential\admin\projects\add.php on line 25 Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\xampp\tmp\php327.tmp' to 'images/1240606194.jpg' in C:\xampp\htdocs\Residential\admin\projects\add.php on line 25

Also tried: function upload($image) { if ($_FILES[$image]['name']) { $filename = stripslashes($_FILES[$image]['name']); $extension = getExtension($filename); $extension = strtolower($extension); if (($extension == "jpg") || ($extension == "jpeg") || ($extension == "png") || ($extension == "gif")) { $image_name=time().'.'.$extension; $newname="images/".$image_name; $copied = copy($_FILES[$image]['tmp_name'], $newname); } return $newname; } } $pic1 = upload("pic1"); $pic2 = upload("pic2"); $pic3 = upload("pic3"); $pic4 = upload("pic4"); $pic5 = upload("pic5"); $pic6 = upload("pic6"); $pic7 = upload("pic7"); $pic8 = upload("pic8"); $pic9 = upload("pic9"); $pic10 = upload("pic10"); $pic11 = upload("pic11"); $pic12 = upload("pic12"); Now I get a URL in the database, but the image doesn't actually copy over, and the error: Warning: copy(images/1240605845.jpg) [function.copy]: failed to open stream: No such file or directory in C:\xampp\htdocs\Residential\admin\projects\add.php on line 25

I'm not sure myself. >_> Might that be the solution to my problem? EDIT: Ugh, I might need to find a better tutorial, since the one I went off just threw code at me... EDIT 2: Tried this function upload($image) { if ($image) { $filename = stripslashes($_FILES['image']['name']); $extension = getExtension($filename); $extension = strtolower($extension); if (($extension == "jpg") || ($extension == "jpeg") || ($extension == "png") || ($extension == "gif")) { $size=filesize($_FILES['image']['tmp_name']); $image_name=time().'.'.$extension; $newname="images/".$image_name; $copied = copy($_FILES['image']['tmp_name'], $newname); } return $newname; } } $pic1 = upload($_FILES['pic1']['name']); $pic2 = upload($_FILES['pic2']['name']); $pic3 = upload($_FILES['pic3']['name']); $pic4 = upload($_FILES['pic4']['name']); $pic5 = upload($_FILES['pic5']['name']); $pic6 = upload($_FILES['pic6']['name']); $pic7 = upload($_FILES['pic7']['name']); $pic8 = upload($_FILES['pic8']['name']); $pic9 = upload($_FILES['pic9']['name']); $pic10 = upload($_FILES['pic10']['name']); $pic11 = upload($_FILES['pic11']['name']); $pic12 = upload($_FILES['pic12']['name']); Didn't work. Worth a try, I guess. >_>

Disregard this... >_>

I'm in the process of making an ACP, which include image uploading. Since it's been a long time since I did something like this in PHP (I'm mostly a RoR programmer now >_>) I followed a tutorial. Index, with form (under "Add a Project"): http://rfcy.net/residential/beta/index.txt Page the form links to: http://rfcy.net/residential/beta/add.txt I'm sure the problem is obvious, hopefully easy to fix. Basically, the data goes into the MySQL database, but the image URL doesn't... it remains blank. Thanks in advance for any help.