insrtsnhere13

Having some trouble with my uploading script. My host isnt helping very much either, here is the script im using to try and upload pdf files. <?php $target_path = "/testsite/flyers/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; } else{ echo "There was an error uploading the file, please try again!"; } ?> I always end up getting the error echo though, any help? Please post if i need to give any more info.

change [code] <?php         if(isset($_SESSION['username'])) {             $data = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `username`="'.$_SESSION['username'].'"'));             echo 'You are logged in, '.$_SESSION['username'].'. [/code] to [code] <?php         if(isset($_SESSION['username'])) {             $data = mysql_fetch_array(mysql_query('SELECT * FROM `users` WHERE `username`="'.$_SESSION['username'].'"'); );             echo 'You are logged in, '.$_SESSION['username'].'. [/code]

sorry to thread jack but is that all that is required to treat forms?  what about forms with larger content such as a message or forum post?

Oh, sorry, i did a little more troubleshooting and found out what the problem was.. it didnt like echoing the $receiver variable after hitting post.. so i just made another hidden field with that variable in it.. thanks!

Hey everyone, little bit of background info.  Trying to make a private messaging system.  I have a form on a profile page that just submits the users id to a sendmessage.php file where the actual script is.  Problem is, the receiver's id is not being placed in the database.. heres the code: Relevant parts of viewprofile.php: [code] <?php $user = $_GET['user']; ?> <form action="sendmessage.php" method="post"> <input type="hidden" name="receiver" value="<?php echo "$user"; ?>"> <input type="submit" value="Send user a message"></form> [/code] sendmessage.php: [code] <?php $receiver = $_POST['receiver']; //sender would be = $_SESSION['id']; $sender = "000002"; $date = date("l, F d, Y - h:i A"); if(!isset($_POST['submit'])) { //form hasnt been submitted ?> Send a message<br> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Message:<br> <textarea name="message" cols="40" rows="10"></textarea><br><br> <input type="submit" name="submit" value="Post"></form> <?php } else {     $message = $_POST['message'];     $message = stripslashes($message);     include("connect.php");     $query = "INSERT INTO messages (sender, receiver, message, date) VALUES('$sender', '$receiver', '$message', '$date')";     $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());     echo "Your message was sent";     mysql_close($connection); } ?> [/code] everything is being placed into the database except receiver..

well.. if your table is large and have enough people you should be able to do this.. ORDER BY rank ASC

[!--quoteo(post=375493:date=May 20 2006, 09:34 AM:name=shoz)--][div class=\'quotetop\']QUOTE(shoz @ May 20 2006, 09:34 AM) [snapback]375493[/snapback][/div][div class=\'quotemain\'][!--quotec--] It wouldn't take a very complicated script to spam the site. The way you have it coded now means that the numbers are user submitted values. So, the tool can send whatever numbers it likes. Keep in mind that I'm not trying to discourage you. It's a good thing to be thinking about ways to secure your site and you should continue doing so. The "d" from the fread line has been removed to allow the post to the forum to go through. [code] <?php $host = 'yoursite.com'; $path = '/path/to/script.php'; $content = 'usernumber=1&number=0&number2=2&submit=Submit'; $length = strlen($content); $header = "POST $path HTTP/1.0\r\n"         ."Host: $host\r\n"         ."Content-Length: $length\r\n"         ."Connection: close\r\n"         ."\r\n"         ."$content"; $fp = fsockopen($host, 80, $errno, $errstr, 15); if(!$fp) {     print "couldn't connect<br />\n";     exit; } if (FALSE === fwrite($fp, $header)) {     print "couldn't write to socket<br />\n";     exit; } $output = ''; while (!feof($fp) ) {      //The "d" from the end of fread has been removed here     $output .= frea($fp, 2048); } print $output; ?> [/code] EDIT: Btw, I do realize that you're saying that you're not trying to come up with a solution as effective as a CAPTHA but I think you're also saying that you don't want to come up with a solution thats very easy to break either. [/quote] Uhhh.. im not wuite sure, but i dont think this has anything to do with my post.. other than the info at the top about not trying to discourage me, and in regards to the script being able to enter whatever number it wants, since the numbers are randomly generated, a random number generator wouldnt work.. unless the script was actually made for this specific code.. and yes, this is not a maximum security code, just a thought on security thats a little easier to understand than a captcha

went through this morning and wrote some code.. heres what I came up with, I think it works pretty good!! [code] <?php if(!isset($_POST[submit])) { $number = rand(0, 1000); $number2 = $number + 13; echo "Please enter a number greater than ".$number." and less than ".$number2; ?> <form method="POST" action="<?php $_SERVER["PHP_SELF"] ?>" <input type="text" name="usernumber" size="10"> <input type="hidden" name="number" value="<?php echo "$number"; ?>" <input type="hidden" name="number2" value="<?php echo "$number2"; ?>" <input type="submit" name="submit" value="Submit"> </form> <?php }else{   $usernumber = $_POST['usernumber'];   $number = $_POST['number'];   $number2 = $_POST['number2'];      if ($usernumber > $number && $usernumber < $number2) {     echo "Correct!! $usernumber is inbetween $number and $number2"; }else { echo "Try again!!"; } } ?> [/code]

yea, i knew this wasnt as good as a captcha code but i think that for a minimum threat level site, this would be more then enough to prevent someone from costantly spamming, or stop a simple program

Yea, I mean, it really is a check and guess thing, but as long as the value remains the same, its a little easier to break, in my case, the number values always change.. there for inputting random numbers would yield far less results

Hey guys, I just thought of any idea for form security, I dont think it could be nearly as good as a CAPTCHA image but its pretty good for basic protection from automatic form fillers. Couldnt it be possible to have an extra form field, which instructs the user to enter a number between a random set of numbers that are within a certain range of each other.. ie.. two random numbers are selected within say.. 13 numbers of each other. 26 and 39 the form instructs users to enter a number between 26 - 39. When the user enters the number, it is compared with the two and if it is found to be between the two numbers, the form is verified and the information is allowed to be sent, if not, it is rejected and is sent back with another set of random numbers.. obviously the hole in this is that a person could just keep entering random numbers until they get it right.. which is where bigger numbers come in. i understand it might be a little less convienient then a CAPTCHA but its seems a lot simpler to code let me know what you think

$appcounter++; thats the correct syntax

according to his code, I would assume its spanish. I could be horribly wrong though [img src=\"style_emoticons/[#EMO_DIR#]/wink.gif\" style=\"vertical-align:middle\" emoid=\":wink:\" border=\"0\" alt=\"wink.gif\" /]

Hey, recently installed php on my laptop and I cant do something like this... <? code ?> html code <? code ?> if have any other <? ?> on a page otehr than the first two, it doesnt parse anything after the added tag... this is make my include not working.. cuz some of my include are php scripts so i have to have the tags in there and when they get included the added tags messes up everything.. please help!

found something else.. if i do <? include("nav.php"); ?> i get a blank screen.. if i do <?php include("nav.php"); ?> i get what i need.. anyone know a way to disable that <?php thing so i can just do <? and if i do something like.. have part of a php script at the top, end the <? ?> somewhere in the middle to display html without having to worry about echos and the reopen the php tags.. it messes up that page and display the rest of the php coding without parsing it