3raser Posted February 26, 2010 Share Posted February 26, 2010 It makes no since!!! Why isn't my ip and message table updating in the database to the text, it's suppose to be updated but it isn't! (see the code below, look at the $output code and then mysql update queries) <?php header("Content-type: image/png"); $dbhost = "****"; $db = "****"; $dbuser = "****"; $dbpassword = "****"; //connect to database $connect = mysql_connect("$dbhost","$dbuser","$dbpassword") or die("Connection failed!"); mysql_select_db("$db") or die("Database fail!"); //protection $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $message = $_POST['message']; $ip = $_SEVER['REMOTE_ADDR']; if (!$message) { //extract $extract2 = mysql_query("SELECT * FROM data"); $numrows2 = mysql_num_rows($extract2); while ($row2 = mysql_fetch_assoc($extract2)) { $number = $row2[messagenumber]; $views = $row2[imageviews]; $message = $row2[message]; } } else { mysql_query("UPDATE data SET messagenumber = messagenumber + 1"); mysql_query("UPDATE data SET message='$output'"); $message = $_POST['message']; } mysql_query("UPDATE data SET ip='$ip'"); mysql_query("UPDATE data SET imageviews = imageviews + 1"); $background_color = imagecolorallocate($im, 255, 255, 0); // yellow $blue = imagecolorallocate($im, 0, 0, 255); // blue $idk = imagecolorallocate($im, 0, 0, 50); //idk imagestring($im, 2, 5, 2, "WWC: ". $message ."", $blue); imagestring($im, 3, 5, 15, "Make a world-wide-comment at srl.comoj.com", $idk); imagestring($im, 3, 5, 25, "Total comments made: ". $number ."!", $idk); imagestring($im, 3, 5, 35, "The total amount of message views is: ". $views ."!", $idk); imagepng($im); imagedestroy($im); ?> Link to comment https://forums.phpfreaks.com/topic/193430-why-isnt-is-working/ Share on other sites More sharing options...
Coreye Posted February 26, 2010 Share Posted February 26, 2010 Change: $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $message = $_POST['message']; $ip = $_SEVER['REMOTE_ADDR']; To: $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $message = $_POST['message']; $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $ip = $_SEVER['REMOTE_ADDR']; Link to comment https://forums.phpfreaks.com/topic/193430-why-isnt-is-working/#findComment-1018362 Share on other sites More sharing options...
3raser Posted February 26, 2010 Author Share Posted February 26, 2010 THANK YOU! Link to comment https://forums.phpfreaks.com/topic/193430-why-isnt-is-working/#findComment-1018366 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.