x10Hosting Member
Need help with PHP stoof
ok so im not the best at coding with PHP but im not that bad but could anyone tell my why it dosnt work ;[
the code = http://pastebin.com/UYv4aW9Z
please help! thanks
p.s the script is a user carrd sorta thing..abit like a buisness card but with your user info on it :D
Site URL - americawars.exofire.net (not finished yet tho..)
Last edited by ryanbowen201046; 03-24-2011 at 09:04 PM.
Grim Squeaker
How is it failing?
Where does $id come from?
Nothing is always absolutely so.
x10Hosting Member
it was originaly a modification my freind made but i needed to edit it to fit my game ( i have his permission + he gave it out free anyway xP) but i wasnt sure since im new with this game engine
but try http://pastebin.com/icQ3yRBC i dont see anything wrong and i just get a blank screen :/
americawars.exofire.net/usercard.php
ohh i think i know what ive missed i need the ?id=IDHERE lol but i dont know how to do it :/ any help anyone?
x10 Spammer
It sounds like the script relies on register_globals, a long deprecated feature of PHP. It is also vulnerable to SQL injection, which is a very serious security risk. To fix this hole, switch from the outdated mysql extension to PDO and use prepared statements. If you need a PDO tutorial, try "Writing MySQL Scripts with PHP and PDO". The site you save may just be your own.
Last edited by misson; 03-24-2011 at 10:53 PM.
Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.Misson, not Mission.
not alex mac
yourpage.php?id=7%3B%20DROP%20TABLE%20users
All gone!
As misson said, NEVER use register_globals and ALWAYS sanitise user input
~Callum
I can customise your phpBB board. Send me a PM.
lynxphp - info, tutorials and scripts
"A forum post should be like a skirt; long enough to cover the subject but short enough to keep things interesting."
x10Hosting Member
Yeh thanks for the help guys but i still cant seem to get it working but i dont mind, could you help me with this one though? http://pastebin.com/UQJCbBKq
(its a flash game arcade my freind made for me :D) theres nothing wrong with the code and still gives white blank page -.-
americawars.exofire.net/arcade.php
D:
not alex mac
Try turning error reporting on. Also, where is that $username variable set? If it is set in logincheck() it will not be in the local variable scope at line 6.
You're still using the ancient mysql_* libraries - you should definitely try something like PDO (read my article on it here)
You shouldn't be using <center>, it has been deprecated, and you shouldn't be using tables for layout
~Callum
Last edited by callumacrae; 03-25-2011 at 02:10 PM.
I can customise your phpBB board. Send me a PM.
lynxphp - info, tutorials and scripts
"A forum post should be like a skirt; long enough to cover the subject but short enough to keep things interesting."
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote