Test This Site

darkfreaks · July 10, 2008

you are good now

magebash · July 10, 2008

YES!

Any other issues you see?

darkfreaks · July 10, 2008

what kind of files are you allowing people to upload ???

magebash · July 10, 2008

jpeg, png, and gif

darkfreaks · July 10, 2008

are you checking to see if the extension ends in .jpg .png and .jpeg ???

magebash · July 10, 2008

yes, but it seems that strip_tags didn't work...

darkfreaks · July 10, 2008

why so ???

magebash · July 10, 2008

the alerts still worked. :'(

darkfreaks · July 10, 2008

are you doing like:

<?php
$variable= strip_tags(trim(mysql_real_escape_string($_POST['variable'])));?>

magebash · July 10, 2008

No like:

$var = mysql_real_escape_string($var);

$var = strip_tags('$var');

darkfreaks · July 10, 2008

that isnt going to work you need it like:

<?php
$var = mysql_real_escape_string($var);
$var .= strip_tags($var);?>

the other way i listed above works too

magebash · July 10, 2008

ok

magebash · July 10, 2008

im working on doing that right now

magebash · July 10, 2008

ok now try.

darkfreaks · July 10, 2008

it froze. but if you cant input stuff manually it is most likely safe.

also you should do something like:

<?php
if ($ext==".exe"||$ext==".js"||$ext==".php") { echo "extension not allowed"; }?>

magebash · July 10, 2008

i did. I think i fixed it for good now, could you make sure?

darkfreaks · July 10, 2008

no XSS errors on my end. however it still says users can upload harmful files.

magebash · July 10, 2008

hmm... I have it so they only can upload images. I wonder why...

darkfreaks · July 10, 2008

make sure it is coded liike this

<?php
if ($ext==".jpg"||$ext==".png"||$ext==".jpeg") { //upload to database
} else { echo "you cannot upload this file!";}?>

magebash · July 10, 2008

hows this?

if (!($userfile_type=="image/jpeg" OR $userfile_type=="image/png" OR $userfile_type=="image/gif")){ die("Please only upload JPEG, GIF, and PNG files.");}

darkfreaks · July 10, 2008

that is bad coding use mine

magebash · July 10, 2008

How would I obtain $ext

darkfreaks · July 10, 2008

lol

<?php

if ($userfile_type=="image/jpeg"||$userfile_type=="image/gif"
||$userfile_type=="image/png") { //insert into database
} else { //error
}?>

magebash · July 10, 2008

wow im stupid. LOL

darkfreaks · July 10, 2008

its okay lemme know once ya got it setup

Sign In

Test This Site

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Important Information