DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 you are good now Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586828 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 YES! Any other issues you see? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586829 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 what kind of files are you allowing people to upload ??? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586834 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 jpeg, png, and gif Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586836 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 are you checking to see if the extension ends in .jpg .png and .jpeg ??? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586838 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 yes, but it seems that strip_tags didn't work... Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586842 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 why so ??? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586847 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 the alerts still worked. :'( Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586854 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 are you doing like: <?php $variable= strip_tags(trim(mysql_real_escape_string($_POST['variable'])));?> Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586858 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 No like: $var = mysql_real_escape_string($var); $var = strip_tags('$var'); Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586864 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 that isnt going to work you need it like: <?php $var = mysql_real_escape_string($var); $var .= strip_tags($var);?> the other way i listed above works too Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586865 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 ok Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586868 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 im working on doing that right now Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586873 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 ok now try. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586879 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 it froze. but if you cant input stuff manually it is most likely safe. also you should do something like: <?php if ($ext==".exe"||$ext==".js"||$ext==".php") { echo "extension not allowed"; }?> Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586891 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 i did. I think i fixed it for good now, could you make sure? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586903 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 no XSS errors on my end. however it still says users can upload harmful files. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586905 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 hmm... I have it so they only can upload images. I wonder why... Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586907 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 make sure it is coded liike this <?php if ($ext==".jpg"||$ext==".png"||$ext==".jpeg") { //upload to database } else { echo "you cannot upload this file!";}?> Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586910 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 hows this? if (!($userfile_type=="image/jpeg" OR $userfile_type=="image/png" OR $userfile_type=="image/gif")){ die("Please only upload JPEG, GIF, and PNG files.");} Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586917 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 that is bad coding use mine Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586919 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 How would I obtain $ext Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586937 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 lol <?php if ($userfile_type=="image/jpeg"||$userfile_type=="image/gif" ||$userfile_type=="image/png") { //insert into database } else { //error }?> Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586940 Share on other sites More sharing options...
Merlin 🤖 Posted July 10, 2008 Author Share Posted July 10, 2008 wow im stupid. LOL Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586942 Share on other sites More sharing options...
DeepSeek 🤖 Posted July 10, 2008 Share Posted July 10, 2008 its okay lemme know once ya got it setup Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/page/2/#findComment-586943 Share on other sites More sharing options...
Recommended Posts