Lukeidiot Posted February 23, 2009 Share Posted February 23, 2009 Here's the site http://lukesq.sytes.net I built this from ground up, in PHP, and MySQL. Please test the sites security. Thanks! Link to comment Share on other sites More sharing options...
Coreye Posted February 24, 2009 Share Posted February 24, 2009 Cross Site Scripting (XSS): You can submit ">code when editing your profile and it will execute on the members list and when viewing profiles. Link to comment Share on other sites More sharing options...
Lukeidiot Posted February 24, 2009 Author Share Posted February 24, 2009 Cross Site Scripting (XSS): You can submit ">code when editing your profile and it will execute on the members list and when viewing profiles. Thanks for that, I believe I have fixed this issue now. Link to comment Share on other sites More sharing options...
darkfreaks Posted April 3, 2009 Share Posted April 3, 2009 you have some injection use something like <?php function connected(){ /* Create a new mysqli object with database connection parameters */ $mysqli = new mysqli('localhost', 'user','pass','database'); if(mysqli_connect_errno()) { echo "Connection Failed: " . mysqli_connect_errno(); exit(); } } function clean($text) { $text=trim(mysql_real_escape_string(strip_tags($text))); return $text; text.=html_entities($text,ENT_QUOTES); } $username= clean($_POST['username']); $login= clean($_POST['login']); $password=clean($_POST['password']); //using mysqli prepared statement to escape any other injection $connect= connected(); $stmt=$connect ->prepare("INSERT INTO table VALUES (:login,:username,:password)") $stmt ->bindParam(':login',$login); $stmt ->bindParam(':username',$username); $stmt ->bindParam(':password',$password); $stmt ->execute(); ?> Link to comment Share on other sites More sharing options...
Recommended Posts