even offline
- Thread starter stefkee3
- Start date
- Status
- Messages
- 5,508
- Reaction score
- 35
- Points
- 48
PHP:
$user = "mygaming_corlet";
PHP:
$user = "stefkee3_corlet";
PHP:
$tablename = "mygaming_gangster";
PHP:
$tablename = "stefkee3_gangster";
- Messages
- 5,508
- Reaction score
- 35
- Points
- 48
Your site seems working now, but you are including the files wrong. I think it should be
instead of
PHP:
include(config2.php);instead of
PHP:
include(_include-config2.php);
Last edited:
$sitelink doesn't look to be involved with the database at all. It looks like it's used when referring to other resources (e.g. stylesheets and other pages). You should change it so that links don't refer to resources off-site.
Only if you keep us up-to-date on what problem you're having and what you've done in trying to solve it.
Don't neglect to quote the script names:
PHP:
include('_include-config2.php');This long sequence of queries can be replaced with just two:
PHP:
mysql_query("UPDATE `[users]` SET `camera`=`camera`+2 WHERE `ctype` % 2");
mysql_query("UPDATE `[users]` SET `shotgun`=`shotgun`+2 WHERE (`ctype` % 2) = 0");The posted code (index.php &c.) has massive SQL injection vulnerabilities. You have two potential solutions:
- use the quote_smart function defined in _include-config2.php everywhere you get data that will end up in an SQL statement from a relevant superglobal (e.g. $_GET, $_POST). For example, in index.php change:
to:PHP:if(isset($_POST['login'],$_POST['pass'])) { $dbres = mysql_query("SELECT `login`,`activated` FROM `[users]` WHERE `login`='{$_POST['login']}' AND `pass`=MD5('{$_POST['pass']}')");
PHP:if(isset($_POST['login'],$_POST['pass'])) { $dbres = mysql_query("SELECT `login`,`activated` FROM `[users]` WHERE `login`='" . quote_smart($_POST['login']) . "' AND `pass`=MD5('" . quote_smart($_POST['pass']) . "')"); - switch to using PDO and prepared statements.
Last edited:
- Status