3raser Posted February 26, 2010 Share Posted February 26, 2010 It makes no since!!! Why isn't my ip and message table updating in the database to the text, it's suppose to be updated but it isn't! (see the code below, look at the $output code and then mysql update queries) <?php header("Content-type: image/png"); $dbhost = "****"; $db = "****"; $dbuser = "****"; $dbpassword = "****"; //connect to database $connect = mysql_connect("$dbhost","$dbuser","$dbpassword") or die("Connection failed!"); mysql_select_db("$db") or die("Database fail!"); //protection $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $message = $_POST['message']; $ip = $_SEVER['REMOTE_ADDR']; if (!$message) { //extract $extract2 = mysql_query("SELECT * FROM data"); $numrows2 = mysql_num_rows($extract2); while ($row2 = mysql_fetch_assoc($extract2)) { $number = $row2[messagenumber]; $views = $row2[imageviews]; $message = $row2[message]; } } else { mysql_query("UPDATE data SET messagenumber = messagenumber + 1"); mysql_query("UPDATE data SET message='$output'"); $message = $_POST['message']; } mysql_query("UPDATE data SET ip='$ip'"); mysql_query("UPDATE data SET imageviews = imageviews + 1"); $background_color = imagecolorallocate($im, 255, 255, 0); // yellow $blue = imagecolorallocate($im, 0, 0, 255); // blue $idk = imagecolorallocate($im, 0, 0, 50); //idk imagestring($im, 2, 5, 2, "WWC: ". $message ."", $blue); imagestring($im, 3, 5, 15, "Make a world-wide-comment at srl.comoj.com", $idk); imagestring($im, 3, 5, 25, "Total comments made: ". $number ."!", $idk); imagestring($im, 3, 5, 35, "The total amount of message views is: ". $views ."!", $idk); imagepng($im); imagedestroy($im); ?> Quote Link to comment https://forums.phpfreaks.com/topic/193430-why-isnt-is-working/ Share on other sites More sharing options...
Coreye Posted February 26, 2010 Share Posted February 26, 2010 Change: $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $message = $_POST['message']; $ip = $_SEVER['REMOTE_ADDR']; To: $before = array('(', ')', '^', '<', '>', '`', '*', '<script>', '</script>', ';DROP TABLE users;', 'users', 'DROP', 'TABLE'); $after = array('', '', '', '', '', '', '', '', '', '', '', '', '', ''); $message = $_POST['message']; $output = str_replace($before, $after, $message); $im = @imagecreate(500, 48) or die("Error"); $ip = $_SEVER['REMOTE_ADDR']; Quote Link to comment https://forums.phpfreaks.com/topic/193430-why-isnt-is-working/#findComment-1018362 Share on other sites More sharing options...
3raser Posted February 26, 2010 Author Share Posted February 26, 2010 THANK YOU! Quote Link to comment https://forums.phpfreaks.com/topic/193430-why-isnt-is-working/#findComment-1018366 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.