LIJI

[!--quoteo(post=364018:date=Apr 12 2006, 03:24 PM:name=chriscloyd)--][div class=\'quotetop\']QUOTE(chriscloyd @ Apr 12 2006, 03:24 PM) [snapback]364018[/snapback][/div][div class=\'quotemain\'][!--quotec--] okay i need help it uploads the file and enters it into the directory heres the actual part that uploads it works fine but i want to give the image a random name using numberand letters can u help me? [code]<? //other code above not shown for personal reasons $target_path = "userimages/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $filename = $_FILES['uploadedfile']['name']; $fileaddress = "userimages/".$_FILES['uploadedfile']['name']; if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";     mysql_query("INSERT INTO `pictures` (`pid`, `uid`, `file`, `description`, `filename`) VALUES ('', '$userid', '$fileaddress', NULL, '$filename')") or die(mysql_error()); } else{     echo "There was an error uploading the file, please try again!"; } ?>[/code] [/quote] idea: [code]substr(trim(md5("sitename".$numberofrows)), 0,8) //number of rows can be gotten using a mysql function, i'll post it's name if needed[/code]

[!--quoteo(post=363286:date=Apr 10 2006, 03:08 PM:name=lpxxfaintxx)--][div class=\'quotetop\']QUOTE(lpxxfaintxx @ Apr 10 2006, 03:08 PM) [snapback]363286[/snapback][/div][div class=\'quotemain\'][!--quotec--] Would adding addslashes and strip_tags to $_POST and $_GET's prevent MySQL injection? If not, what else can I do to improve my site's security? Concerned Web Master, LPXXFAINTXX [/quote] the best and easiest way to do it is: [code]mysql_real_escape_string($_POST['value'])) //(or $_GET)[/code] more info: [a href=\"http://php.net/manual/en/function.mysql-real-escape-string.php\" target=\"_blank\"]http://php.net/manual/en/function.mysql-re...cape-string.php[/a]

anyone?

you forgot the `s and you better don't use array values in "s try [code]$rep_id=$get_reps_row[rep_id][/code] before the query and replace it by [code]"SELECT * FROM reps WHERE rep_id = '$rep_id' ORDER BY `nickname` ASC"[/code]

[!--quoteo(post=363458:date=Apr 10 2006, 11:42 PM:name=mistergoomba)--][div class=\'quotetop\']QUOTE(mistergoomba @ Apr 10 2006, 11:42 PM) [snapback]363458[/snapback][/div][div class=\'quotemain\'][!--quotec--] editplus rocks. [/quote] agreed. has also MySQL, HTML, C++ and you can even create your own coloring system for others.

Hey! I saw a forum system that can get a cookies from another domain. I looked it it's source file and couldn't find out how do they do that. Does someone know a PHP script that can get a cookie from another domain? If so, I would appreciate it very much. Thanking in advance, LIJI