Jump to content

scampbell

Members
 View Profile  See their activity

  • Posts

    25

  • Joined

  • Last visited

Profile Information

  • Gender
    Not Telling

scampbell's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. scampbell
    Im no expert on XSS but I believe sanitizing data users have submitted to the site when displaying it in the browser is a good start. Such as using htmlentities($data) when outputting data from the database to the browser.
  2. scampbell
    Yeah the manual http://php.net/manual/en/function.mysql-real-escape-string.php $prodID = mysql_real_escape_string($_GET['productID']); assuming it was alphanumberic. If it was only numeric you could just as easily use $prodID = intval($_GET['productID']); edit: %2F is a / character. Just remove that from /product_page.php somewhere in the code.
  3. scampbell
    mysql_real_escape _string will sanitize data going into MySQL. htmlentities will sanitize any data being displayed on screen. Of course any data being submitted to your site should be validated server side too, before ever being displayed or added to your database.
  4. scampbell
    Not sure what your trying to do but this will connect the tables in the query SELECT cities.id_cities, cities.city, connects.connects FROM connects JOIN cities ON connects.id_cities = cities.id_cities
  5. scampbell
    What are in those lines referenced? Do they output anything to the browser?
  6. scampbell
    You can use getimagesize on the temp file BEFORE moving it anywhere. If you want to use javascript I suggest asking in the javascript forum, not PHP.
  7. scampbell
    Try making you upload dir relative to the script location like ../../images
  8. scampbell
    Use getimagesize http://php.net/manual/en/function.getimagesize.php
  9. scampbell
    At the top of every page session_start(); When they have submitted $_SESSION['submitted'] = true; To check if they have submitted if ($_SESSION['submitted'] == true){ display_error(); }
  10. scampbell
    Either store the users IP in a database and disallow multiple submissions from the same IPs or set a $_SESSION var when they have submitted and only allow users with the var unset to submit. $_SESSIONS will expire. Your DB IPs will not.
  11. scampbell
    print_r not print
  12. scampbell
    Please explain better. Do you want to display checkboxes checked or unchecked depending on the results of your query?
  13. scampbell
    Yeah something like <a onclick='return confirm(\"DELETE: Are you sure?\")' href=
  14. scampbell
    Im no expert on SQL injection but as a rule, I would sanitize everything that is sumbitted by users. That way you cant make any silly mistakes
  15. scampbell
    these POSTs $SQL = $SQL . " ('$_COOKIE[phpSESSID]', '$_POST[username]', '$_POST[password]', '$_SESSION[attempts]', '$_SERVER[REMOTE_ADDR]') "; md5 stuff here
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.