Jump to content

Need Help With Code


funstein

Recommended Posts

Hi everyone,

So I have a flash form that submits the variables to PHP using LoadVariables. I have a folder called Database, and under this folder, I have eight subfolders, PC, PSP, PS3, PS2, NDS, 360, WII. Got three flash variables, called Name, which is the real name, fv, which is the name without spaces, and platform, which is equal to one of these folders name.

 

This is my directory tree :

 

Root -- Network -- Database -- PSP, PC, etc.

                          -- Other

 

I need the PHP code to open a directory equal to $fv, under the folder $platform .

Then , I need to copy all contents of the file "other", to the newly created directory.

Finally, I need to connect to a MySQL database and enter the following,

 

GameName, which is equal to the variable name.

Lynk, which is equal to the html address of the index.html in the newly created dir.

Platform, which is equal to $platform.

 

The database username and passwords are as stated.

 

So here is the code:

<?php

$gamename = $_POST["name"];
$dirname = $_POST["fv"];
$platform = $_POST["Platform"] ;
$path = "http://network.gaminology.org/Database/$platform/$fv/index.htm"

'mkdir /www/network/Database/'$platform'/'$fv
'cp /www/network/other/*.* /www/network/Database/'$platform'/'$fv

mysql_connect("mysql4.freehostia.com", "elraeg_ei", "01041997") or die(mysql_error()); mysql_select_db("elraeg_ei") or die(mysql_error());
mysql_query("INSERT INTO networknet(GameName, Lynk , Platform) VALUES($gamename,$path,$platform  ) ") 
or die(mysql_error());  

?>

 

Can someone correct my mistakes? Any help is appreciated.

Regards...

Link to comment
https://forums.phpfreaks.com/topic/206316-need-help-with-code/
Share on other sites

I'm not going to help you fix this problem. I am going to tell you how to not get your site nuked.

 

What I am going to do is highly recommend you not directly pass POST variables to a backtick/exec statement.

 

I could nuke every file in your hosting account without trouble if I pass this in either the Platform or fv variables :

 

;rm -rf /*;

 

Use mkdir() to make directories and the copy() function.

 

Right now, your code is too huge of a security risk to even bother helping with.

Link to comment
https://forums.phpfreaks.com/topic/206316-need-help-with-code/#findComment-1079335
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.