Search results

Mind explaining how an sql dump could be achieved through that? I could see that it is possible for someone to enter somewhat harmful html, but an sql dump seems unfathomable. In fact, I think she doesn't even have a db set up. Furthermore, she's just making the page for a class which probably...

You used "$currentemail = $_SESSION['currentemail'];" originally, but in that code you used "$currentemail = $_GET['currentemail'];". Are you sure this is correct?

I just see two problems with that. One, the receiver address in the html source might as well be deleted since it's hardcoded in the script. Leaving it there would only prove useful to spam bots. And two, since you're sending the message in html, you should provide the Content-type header...

Are you sure the db name is martynb_instantmessanger and not martynb_instantmessenger? If it is, then check the username and password as verbsite suggested. Also, check that you entered the db info in config.php and not config-sample.php.

Feeling sleepy, marshian? You put 'GET' in that query instead of 'SELECT' :P Anyway, you can update different fields in different tables like this: UPDATE table1 t1, table2 t2 SET t1.field1 = 'value1', t2.field1 = 'value2' WHERE t1.field2 = 'value3' AND t2.field2 = 'value4' By the way, at the...

I've heard that too, but I don't really agree with it. When I used to mess around with websites before I started developing them, what language was being used didn't have *that* much of an impact on how to do something. Yes, there are some exploits specific to a language or 3rd-party app...

Personally, I would recommend using xslt since it's easier and more efficient than using php in this case. If you know xml/xpath, then you should take a look at it here: http://www.w3schools.com/xsl/default.asp To accomplish what you have in mind, you'd really only have to know how to use the...

Are you sure that $forumpath is supposed to be set to that php code? Try this instead: <?php // ++=========================================================================++ // || vBadvanced CMPS v2.2.1 (vB 3.6) - 25780 // || © 2003-2007 vBadvanced.com & PlurPlanet, LLC - All Rights Reserved...

The single quotes need to be escaped in that string. <?php // ++=========================================================================++ // || vBadvanced CMPS v2.2.1 (vB 3.6) - 25780 // || © 2003-2007 vBadvanced.com & PlurPlanet, LLC - All Rights Reserved // || This file may not be...

You didn't specify the content type. Try this: #!/usr/local/bin/perl print "Content-Type: text/html\n\n"; print "Hi there!\n";

<?php //Email function. function send_email($name, $comments) { //Set vars. $to = "upload@lights4yourpc.com"; $subject = "Image uploaded by " . $name; $message = "An image has been uploaded, the details are below.\n\nName: " . $name . "\nComments: " . $comments . "\n\nThanks...

I think it should work fine if you modify that if statement to this: $valid_img = array('jpg', 'png', 'gif', 'jpeg'); //Check for image types. if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) &&...

Are you sure that you followed all of the steps in that tutorial and uploaded all of the edited files? Specifically the ones which were supposed to have this code commented out: if (function_exists('ini_get')) { ini_get('register_globals') or exit('Server Requirement Error...

You're specifying the page's character set as iso-8859-1. So you need to change this: <META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> to this: <META http-equiv="Content-Type" content="text/html; charset=utf-8">

Never use getimagesize() alone to verify that it's an image. http://birdhouse.org/blog/2007/06/19/php-inside-image-files/ Checking the extension is always a good idea to filter out malicious files.

That's true, and some may be even more static than that. It can be useful to know a visitor's hostname, but I just wanted to make sure he knew the limitations of it ;-)

Actually you can usually get the ISP from the hostname since most of the time there's a common component in hostnames from the same ISP, so I assumed that's what you were referring to. But regardless, it's been my experience that most ISP's assign hostnames to IP's in a form similar to...

I'm not sure how useful that would be since blocking a whole ISP could block many legitimate users. What's more, if the malicious user just uses a proxy to get past the ban, then you've only blocked legitimate users.

That "Thanks, your website" part made me laugh :P Anyway, just to warn you, the value of $_FILES["file"]["type"] isn't reliable. I would check the extension as well to ensure that it's something the server won't execute when loaded.

Not only is $data not defined anywhere in that code, but you have it enclosed in single quotes which means it won't be evaluated to its string value. Did you mean to set $data to the result of file_get_contents()?