blakesmoore Posted July 20, 2012 Share Posted July 20, 2012 Hey, Please can you help me, I dont know why this script doesnt work.... index.html (form) <html> <body> <form action="insert.php" method="post"> <br>Username: <input type="text" name="username" /> <br>Domain Name: <input type="text" name="domain" /> <br>Password: <input type="password" name="pass" /> <br><input type="submit" /> </form> </body> </html> insert.php <?php $output = shell_exec('create_hosting '.$_POST['username']' '.$_POST['domain']''.$_POST['password']'); ?> When i run this i get the below error The website encountered an error while retrieving /insert.php. It may be down for maintenance or configured incorrectly Quote Link to comment Share on other sites More sharing options...
mikosiko Posted July 20, 2012 Share Posted July 20, 2012 just counting the single quotes should tell you one of the problems... looking the dots, the other Quote Link to comment Share on other sites More sharing options...
blakesmoore Posted July 30, 2012 Author Share Posted July 30, 2012 Hi I dont understand. Please can you help further Quote Link to comment Share on other sites More sharing options...
trq Posted July 30, 2012 Share Posted July 30, 2012 Your code is full of syntax errors. It should be: $output = shell_exec('create_hosting ' . $_POST['username'] . ' ' . $_POST['domain'] . ' ' . $_POST['password']); On top of that. There are some major security concerns here. Anyone could execute any command they like as the apache server user. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted July 30, 2012 Share Posted July 30, 2012 Do not ever use shell_exec() unless you're positive you know what you're doing. I could easily delete your whole website with this form. Basic syntax errors in this code means you're not ready for the security concerns around command line execution. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted July 30, 2012 Share Posted July 30, 2012 Though it is bad form to repeat what's been said already, I must add my voice to this as well simply because of the enormous security risk associated with this. As ManiacDan said: Never ever use shell_exec () or similar functions, unless you have a complete understanding of all the security questions surrounding it. This includes how to properly safeguard yourself against attacks, and what byte sequences are harmful. Since you don't even understand basic PHP syntax, you are not ready to delve into this realm quite yet. If you need this, and need it relatively soon, then I recommend hiring someone who knows what they're doing instead. Quote Link to comment Share on other sites More sharing options...
blakesmoore Posted July 30, 2012 Author Share Posted July 30, 2012 Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.