funstein Posted June 30, 2010 Share Posted June 30, 2010 Hi everyone, So I have a flash form that submits the variables to PHP using LoadVariables. I have a folder called Database, and under this folder, I have eight subfolders, PC, PSP, PS3, PS2, NDS, 360, WII. Got three flash variables, called Name, which is the real name, fv, which is the name without spaces, and platform, which is equal to one of these folders name. This is my directory tree : Root -- Network -- Database -- PSP, PC, etc. -- Other I need the PHP code to open a directory equal to $fv, under the folder $platform . Then , I need to copy all contents of the file "other", to the newly created directory. Finally, I need to connect to a MySQL database and enter the following, GameName, which is equal to the variable name. Lynk, which is equal to the html address of the index.html in the newly created dir. Platform, which is equal to $platform. The database username and passwords are as stated. So here is the code: <?php $gamename = $_POST["name"]; $dirname = $_POST["fv"]; $platform = $_POST["Platform"] ; $path = "http://network.gaminology.org/Database/$platform/$fv/index.htm" 'mkdir /www/network/Database/'$platform'/'$fv 'cp /www/network/other/*.* /www/network/Database/'$platform'/'$fv mysql_connect("mysql4.freehostia.com", "elraeg_ei", "01041997") or die(mysql_error()); mysql_select_db("elraeg_ei") or die(mysql_error()); mysql_query("INSERT INTO networknet(GameName, Lynk , Platform) VALUES($gamename,$path,$platform ) ") or die(mysql_error()); ?> Can someone correct my mistakes? Any help is appreciated. Regards... Link to comment https://forums.phpfreaks.com/topic/206316-need-help-with-code/ Share on other sites More sharing options...
awpti Posted June 30, 2010 Share Posted June 30, 2010 I'm not going to help you fix this problem. I am going to tell you how to not get your site nuked. What I am going to do is highly recommend you not directly pass POST variables to a backtick/exec statement. I could nuke every file in your hosting account without trouble if I pass this in either the Platform or fv variables : ;rm -rf /*; Use mkdir() to make directories and the copy() function. Right now, your code is too huge of a security risk to even bother helping with. Link to comment https://forums.phpfreaks.com/topic/206316-need-help-with-code/#findComment-1079335 Share on other sites More sharing options...
funstein Posted July 1, 2010 Author Share Posted July 1, 2010 The permissions in my hosting account are set that only the folders of platform are write&execute format + there is a size limit for them. So I guess you won't be able to do that. And I don't actually care about that, all I need is this code working. Link to comment https://forums.phpfreaks.com/topic/206316-need-help-with-code/#findComment-1079543 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.