please test for security!

ricmetal · December 8, 2008

and the errors

Server Status Code: 302 Moved Temporarily

Tested value: 1' OR '1'='1

Server Status Code: 302 Moved Temporarily

Tested value: 1' OR '1'='1

Server Status Code: 302 Moved Temporarily

Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31

Server Status Code: 302 Moved Temporarily

Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --

Server Status Code: 302 Moved Temporarily

Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE

Server Status Code: 302 Moved Temporarily

Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116

Server Status Code: 302 Moved Temporarily

Tested value: ' OR username IS NOT NULL OR username = '

Server Status Code: 302 Moved Temporarily

Tested value: 1' AND non_existant_table = '1

Server Status Code: 302 Moved Temporarily

Tested value: 1'1

Server Status Code: 302 Moved Temporarily

Tested value: '; DESC users; --

Server Status Code: 302 Moved Temporarily

Tested value: 1 AND USER_NAME() = 'dbo'

Server Status Code: 302 Moved Temporarily

Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --

Server Status Code: 302 Moved Temporarily

Tested value: 1 AND 1=1

Server Status Code: 302 Moved Temporarily

Tested value: 1 EXEC XP_

Server Status Code: 302 Moved Temporarily

Tested value: 1'1

Server Status Code: 302 Moved Temporarily

Tested value: 1' OR '1'='1

Server Status Code: 302 Moved Temporarily

Tested value: 1 OR 1=1

ricmetal · December 8, 2008

Failures:

134

those same errors for every field

darkfreaks · December 8, 2008

<?php


function clean($var)
{
$var=trim(mysql_real_escape_string(strip_tags($var)));
$var=htmlspecialchars($var,ENT_QUOTES);
$var=preg_replace("/n","<br>",$var);

return filter_var($var,FILTER_SANITIZE_STRING);
}

echo clean(recaptcha_get_html($publickey, $error));

?>

Should be:

<?php
echo clean(recaptcha_get_html($publickey, $error));?>

ricmetal · December 8, 2008

i just get

\n\n \n \n \n \n

where the captcha should be now

darkfreaks · December 8, 2008

Try:

<?php


function clean($var)
{
$var=trim(mysql_real_escape_string(strip_tags($var)));
$var=htmlspecialchars($var,ENT_QUOTES);
$var=preg_replace("/n","<br>",$var);

return filter_var($var,FILTER_SANITIZE_STRING);
}

echo clean(recaptcha_get_html($publickey, $error));

?>

ricmetal · December 8, 2008

no captcha..

darkfreaks · December 8, 2008

<?php


function clean($var)
{//removed htmlspecialchars
$var=trim(mysql_real_escape_string(strip_tags($var)));

return filter_var($var,FILTER_SANITIZE_STRING);
}

echo clean(recaptcha_get_html($publickey, $error));

?>

ricmetal · December 8, 2008

..still nothing :/

no captcha...

with preg and without preg

darkfreaks · December 8, 2008

is there another file that defines captcha ???

ricmetal · December 8, 2008

yes

ricmetal · December 8, 2008

http://www.pastie.org/private/jj7ekmnepfunaetdefiyw

ricmetal · December 8, 2008

but i dont see how that interfeers with the database ?

arent injections just bad data going in the database?

darkfreaks · December 8, 2008

ok i combined everything put the file back like it was before with captcha then put this...

<?php
//GET FORM INFO INTO VARIABLES AND CLEAN---------------------------------------
$referralRAW                   = RemXSS(clean($_POST['referralForm']));
$my_ptcRAW                     = RemXSS(clean($_POST['my_ptcForm']));
$his_ptcRAW                    = RemXSS(clean($_POST['his_ptcForm']));
$dealRAW                       = RemXSS(clean($_POST['dealForm']));
$contact_userRAW               = clean($_POST['contact_userForm']);
$recaptcha_challenge_fieldRAW  = $_POST['recaptcha_challenge_field'];
$recaptcha_response_fieldRAW   = $_POST['recaptcha_response_field'];
$submitRAW                     = RemXSS(clean($_POST['submit']));?>

ricmetal · December 8, 2008

u mean var

?

$referralVar = RemXSS(clean($_POST['referralForm']));

darkfreaks · December 8, 2008

yes just combine everything like i shown you

dont worry about captcha its not going into the database that can fail

ricmetal · December 8, 2008

still getting those 302 errors

darkfreaks · December 8, 2008

would u stop deleting logins please i gotta test these things yanno ???

ricmetal · December 8, 2008

i didnt delete the login...

dealstesting@fake.com

12345678

ricmetal · December 8, 2008

did u log in?

its here

http://www.dealsground.byethost7.com/index.php

darkfreaks · December 8, 2008

can you paste the link to the reformatted code ???

ricmetal · December 8, 2008

http://www.pastie.org/private/csd8h7sohvjrxagvfsdn2w

darkfreaks · December 8, 2008

Changed your if statements to smaller ones incase it was failing

	
<?php
session_start();
if (!isset($_SESSION['user'])) { header("Location: index.php"); }
//------------------------------------------------------------------------ANTI-XSS FUNCTION------------------------------
function RemXSS($val) {
   // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
   // this prevents some character re-spacing such as <java\0script>
   // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
   $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);

   // straight replacements, the user should never need these since they're normal characters
   // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>
   $search = 'abcdefghijklmnopqrstuvwxyz';
   $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
   $search .= '1234567890!@#$%^&*()';
   $search .= '~`";:?+/={}[]-_|\'\\';
   for ($i = 0; $i < strlen($search); $i++) {
      // ;? matches the ;, which is optional
      // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars

      // &#x0040 @ search for the hex values
      $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
      // &#00064 @ 0{0,7} matches '0' zero to seven times
      $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
   }

   // now the only remaining whitespace attacks are \t, \n, and \r
   $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
   $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
   $ra = array_merge($ra1, $ra2);

   $found = true; // keep replacing as long as the previous round replaced something
   while ($found == true) {
      $val_before = $val;
      for ($i = 0; $i < sizeof($ra); $i++) {
         $pattern = '/';
         for ($j = 0; $j < strlen($ra[$i]); $j++) {
            if ($j > 0) {
               $pattern .= '(';
               $pattern .= '(&#[xX]0{0,8}([9ab])';
               $pattern .= '|';
               $pattern .= '|(&#0{0,8}([9|10|13])';
               $pattern .= ')*';
            }
            $pattern .= $ra[$i][$j];
         }
         $pattern .= '/i';
         $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
         $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
         if ($val_before == $val) {
            // no replacements were made, so exit the loop
            $found = false;
         }
      }
   }
   return $val;
} 
//---------------------------------------------------------------CLEAN FUNCTION--------------------------------------
function clean($var)
{
$var=trim(mysql_real_escape_string(strip_tags($var)));
$var=htmlspecialchars($var,ENT_QUOTES);

return filter_var($var,FILTER_SANITIZE_STRING);
}

?>

<html><head><title>Deals Admin</title>
<link href="css/crosspage.css" rel="stylesheet" type="text/css">
<link href="css/addeditDeal.css" rel="stylesheet" type="text/css">
</head><body>
<div id="myaccount">
<table id="topHeader" cellpadding="0" border="0" cellspacing="0">
<tr><td id="logoTd"><span id="dealsAdmin">Deals Admin</span><br><?php if (isset($_SESSION['user'])) { ?><span id="loggedAs">Logged in as: <?php echo $_SESSION['user']; }?></span>
</td><td id="xperimentTd"> </td></tr></table></div><div id="menu"><a href="myaccount.php" class="menuLinks">Deals</a> | <a href="settings.php" class="menuLinks">Settings</a> | <a href="backup.php" class="menuLinks">Backup</a> | <a href="about.php" class="menuLinks">About</a> | <a href="logout.php" class="menuLinks">Logout</a> |  </div>

<div id="topper"> </div>



<div id="content" align="center">

<p> </p>
<p> </p>

<span id="sectionName"><img src="imgs/add.png" class="img"> Add Deal<span>
<p> </p>
<form name='form1' method='post' action=''>
<table id='addDealTable' border='0' cellpadding='0' cellspacing='0'><tr><td> </td>
<td id='adtCenter'>DETAILS</td></tr><tr><td id='adtRight'>REFERRAL USERNAME <input type='text' name='referralForm' size='30' /></td>
<td id='adtCenter' rowspan='5'><textarea name='dealForm' cols='36' rows='8'/></textarea></td></tr><tr><td id='adtRight'>
** REFERRAL JOINS <input type='text' name='my_ptcForm' size='30'/></td></tr><tr><td id='adtRight'>
** I JOIN <input type='text' name='his_ptcForm' size='30' /></td></tr><tr>
<td id='adtRight'>CONTACT REFERRAL <input type='text' name='contact_userForm' size='30' /></td></tr><tr>
<td id='asteriscoTd'><span id='asterisco'>** full URL (http://www.site.com) to make links clickable from the deals list</span>
</td>
</tr><tr>
<td> </td>
<td id='adtCenter'>
<?php
include 'dbcDealsbase.php';

require_once('recaptchalib.php');
$publickey = "6LdlMQQAAAAAAO2NFGDOE0blpjzZLzvsbApD";
$privatekey = "6LdlMQQAAAAAAIH6OaaxXoyjFwrjZpl5K";

# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;

# are we submitting the page?
if ($_POST["submit"]) {
  $resp = recaptcha_check_answer ($privatekey,
                                  $_SERVER["REMOTE_ADDR"],
                                  $_POST["recaptcha_challenge_field"],
                                  $_POST["recaptcha_response_field"]);

  if ($resp->is_valid) {


//GET FORM INFO INTO VARIABLES---------------------------------------
$referralVar= RemXSS(clean($_POST['referralForm']));
$my_ptcVar = RemXSS(clean($_POST['my_ptcForm']));
$his_ptcVar= RemXSS(clean($_POST['his_ptcForm']));
$dealVar= RemXSS(clean($_POST['dealForm']));
$contact_userVar= clean($_POST['contact_userForm']);
$recaptcha_challenge_field= $_POST['recaptcha_challenge_field'];
$recaptcha_response_field= $_POST['recaptcha_response_field'];
$submit= RemXSS(clean($_POST['submit']));
//------------------------------------------------------------------------

if(!isset($referralVar)||empty($referralVar)) { echo"somethings wrong";}
if(!isset($my_ptcVar)||empty($my_ptcVar)){ echo"somethings wrong";}
if(!isset($his_ptcVar)||empty($his_ptcVar)){ echo"somethings wrong";}
if(!isset($dealVar)||empty($dealVar)){ echo"somethings wrong";}
if(!isset($contact_userVar)||empty($contect_userVar)){ echo"somethings wrong";}
if(!isset($recaptcha_challenge_field)||empty($recaptcha_challenge_field)){ echo"somethings wrong";}
if(!isset($recaptcha_response_field)||empty($recaptcha_response_field)){ echo"somethings wrong";}
if(!isset($submit)||empty($submit)){ echo"somethings wrong";}
else{

$realUser = $_SESSION['user'];
$sql = "INSERT INTO table (id, referral, my_ptc, his_ptc, deal, contact_user, member) VALUES ('','$referralVar','$my_ptcVar','$his_ptcVar','$dealVar','$contact_userVar','$realUser')";

  header("Location: adddeal.php");				

if (!mysql_query($sql,$link)) { die('Error: ' . mysql_error()); }



exit();
}



  } else {
  header("Location: adddeal.php");				
    $error = $resp->error;
  }
}
echo recaptcha_get_html($publickey, $error);
?>
<input type="submit" name="submit" value="submit" />
</form>
</td>
</tr>
</table>
<p> </p><p> </p><p> </p>
<a href='myaccount.php'><img src='imgs/back.png' class='img'> back to deals</a>   


</div>
<div id="publicity">
<?php include('includes/pubCol.php'); ?>
</div>
</body>
</html>

darkfreaks · December 8, 2008

i finally figured out why its leaking your defining the functions in the top PHP tag

therefore when you call clean() RemXSS() it comes up undefined

ricmetal · December 8, 2008

ill check that later (again)

it didnt do any difference, but ill have to double check the coding to make sure its correct

and ill go back to a error free code and build from there and see if i can produce it free of errors

based on what youve written

so, thanks and c you later

darkfreaks · December 9, 2008

only thing i can think of is filter_var() is a PHP5 function so if you run PHP4 it wont work properly

in which case you would need :

<?php
session_start();
if (!isset($_SESSION['user'])) { header("Location: index.php"); }
//------------------------------------------------------------------------ANTI-XSS FUNCTION------------------------------
function RemXSS($val) {
   // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
   // this prevents some character re-spacing such as <java\0script>
   // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
   $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);

   // straight replacements, the user should never need these since they're normal characters
   // this prevents like <IMG SRC=&#38;#X40&#38;#X61&#38;#X76&#38;#X61&#38;#X73&#38;#X63&#38;#X72&#38;#X69&#38;#X70&#38;#X74&#38;#X3A&#38;#X61&#38;#X6C&#38;#X65&#38;#X72&#38;#X74&#38;#X28&#38;#X27&#38;#X58&#38;#X53&#38;#X53&#38;#X27&#38;#X29>
   $search = 'abcdefghijklmnopqrstuvwxyz';
   $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
   $search .= '1234567890!@#$%^&*()';
   $search .= '~`";:?+/={}[]-_|\'\\';
   for ($i = 0; $i < strlen($search); $i++) {
      // ;? matches the ;, which is optional
      // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars

      // &#38;#x0040 @ search for the hex values
      $val = preg_replace('/(&#38;#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
      // &#38;#00064 @ 0{0,7} matches '0' zero to seven times
      $val = preg_replace('/(&#38;#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
   }

   // now the only remaining whitespace attacks are \t, \n, and \r
   $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
   $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
   $ra = array_merge($ra1, $ra2);

   $found = true; // keep replacing as long as the previous round replaced something
   while ($found == true) {
      $val_before = $val;
      for ($i = 0; $i < sizeof($ra); $i++) {
         $pattern = '/';
         for ($j = 0; $j < strlen($ra[$i]); $j++) {
            if ($j > 0) {
               $pattern .= '(';
               $pattern .= '(&#38;#[xX]0{0,8}([9ab])';
               $pattern .= '|';
               $pattern .= '|(&#38;#0{0,8}([9|10|13])';
               $pattern .= ')*';
            }
            $pattern .= $ra[$i][$j];
         }
         $pattern .= '/i';
         $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag
         $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
         if ($val_before == $val) {
            // no replacements were made, so exit the loop
            $found = false;
         }
      }
   }
   return $val;
} 
//---------------------------------------------------------------CLEAN FUNCTION--------------------------------------
function clean($var)
{
$var=trim(mysql_real_escape_string(strip_tags($var)));
$var=htmlspecialchars($var,ENT_QUOTES);

return $var;
}

?>

<html><head><title>Deals Admin</title>
<link href="css/crosspage.css" rel="stylesheet" type="text/css">
<link href="css/addeditDeal.css" rel="stylesheet" type="text/css">
</head><body>
<div id="myaccount">
<table id="topHeader" cellpadding="0" border="0" cellspacing="0">
<tr><td id="logoTd"><span id="dealsAdmin">Deals Admin</span><br><?php if (isset($_SESSION['user'])) { ?><span id="loggedAs">Logged in as: <?php echo $_SESSION['user']; }?></span>
</td><td id="xperimentTd"> </td></tr></table></div><div id="menu"><a href="myaccount.php" class="menuLinks">Deals</a> | <a href="settings.php" class="menuLinks">Settings</a> | <a href="backup.php" class="menuLinks">Backup</a> | <a href="about.php" class="menuLinks">About</a> | <a href="logout.php" class="menuLinks">Logout</a> |  </div>

<div id="topper"> </div>



<div id="content" align="center">

<p> </p>
<p> </p>

<span id="sectionName"><img src="imgs/add.png" class="img"> Add Deal<span>
<p> </p>
<form name='form1' method='post' action=''>
<table id='addDealTable' border='0' cellpadding='0' cellspacing='0'><tr><td> </td>
<td id='adtCenter'>DETAILS</td></tr><tr><td id='adtRight'>REFERRAL USERNAME <input type='text' name='referralForm' size='30' /></td>
<td id='adtCenter' rowspan='5'><textarea name='dealForm' cols='36' rows='8'/></textarea></td></tr><tr><td id='adtRight'>
** REFERRAL JOINS <input type='text' name='my_ptcForm' size='30'/></td></tr><tr><td id='adtRight'>
** I JOIN <input type='text' name='his_ptcForm' size='30' /></td></tr><tr>
<td id='adtRight'>CONTACT REFERRAL <input type='text' name='contact_userForm' size='30' /></td></tr><tr>
<td id='asteriscoTd'><span id='asterisco'>** full URL (http://www.site.com) to make links clickable from the deals list</span>
</td>
</tr><tr>
<td> </td>
<td id='adtCenter'>
<?php
include 'dbcDealsbase.php';

require_once('recaptchalib.php');
$publickey = "6LdlMQQAAAAAAO2NFGDOE0blpjzZLzvsbApD";
$privatekey = "6LdlMQQAAAAAAIH6OaaxXoyjFwrjZpl5K";

# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;

# are we submitting the page?
if ($_POST["submit"]) {
  $resp = recaptcha_check_answer ($privatekey,
                                  $_SERVER["REMOTE_ADDR"],
                                  $_POST["recaptcha_challenge_field"],
                                  $_POST["recaptcha_response_field"]);

  if ($resp->is_valid) {


//GET FORM INFO INTO VARIABLES---------------------------------------
$referralVar= RemXSS(clean($_POST['referralForm']));
$my_ptcVar = RemXSS(clean($_POST['my_ptcForm']));
$his_ptcVar= RemXSS(clean($_POST['his_ptcForm']));
$dealVar= RemXSS(clean($_POST['dealForm']));
$contact_userVar= clean($_POST['contact_userForm']);
$recaptcha_challenge_field= $_POST['recaptcha_challenge_field'];
$recaptcha_response_field= $_POST['recaptcha_response_field'];
$submit= RemXSS(clean($_POST['submit']));
//------------------------------------------------------------------------

if(!isset($referralVar)||empty($referralVar)) { echo"somethings wrong";}
if(!isset($my_ptcVar)||empty($my_ptcVar)){ echo"somethings wrong";}
if(!isset($his_ptcVar)||empty($his_ptcVar)){ echo"somethings wrong";}
if(!isset($dealVar)||empty($dealVar)){ echo"somethings wrong";}
if(!isset($contact_userVar)||empty($contect_userVar)){ echo"somethings wrong";}
if(!isset($recaptcha_challenge_field)||empty($recaptcha_challenge_field)){ echo"somethings wrong";}
if(!isset($recaptcha_response_field)||empty($recaptcha_response_field)){ echo"somethings wrong";}
if(!isset($submit)||empty($submit)){ echo"somethings wrong";}
else{

$realUser = $_SESSION['user'];
$sql = "INSERT INTO table (id, referral, my_ptc, his_ptc, deal, contact_user, member) VALUES ('','$referralVar','$my_ptcVar','$his_ptcVar','$dealVar','$contact_userVar','$realUser')";

  header("Location: adddeal.php");            

if (!mysql_query($sql,$link)) { die('Error: ' . mysql_error()); }



exit();
}



  } else {
  header("Location: adddeal.php");            
    $error = $resp->error;
  }
}
echo recaptcha_get_html($publickey, $error);
?>
<input type="submit" name="submit" value="submit" />
</form>
</td>
</tr>
</table>
<p> </p><p> </p><p> </p>
<a href='myaccount.php'><img src='imgs/back.png' class='img'> back to deals</a>   


</div>
<div id="publicity">
<?php include('includes/pubCol.php'); ?>
</div>
</body>
</html>

Sign In

please test for security!

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Important Information