Visite Webhosting Latino, el site sobre alojamiento web.
bug in script - Mombu the Php Forum
Mombu the Php Forum sponsored links

Go Back   Mombu the Php Forum > Php > bug in script
User Name
REGISTER NOW! Mark Forums Read

sponsored links

1 14th May 00:58
dark angel
External User
Posts: 1
Default bug in script

But recently found a bug in there that lets them subit the iteam even if its
I've think I've figured a way around this.
The script below is what should stop this.
Whould this work? or am I going about it the wrong way? <?php
if $_GET[] == '' { print (Please full all parts of the form out.<br> Please
go back and try again.);
} else { include ("phplinksconfig.php");
$sql = "INSERT INTO phpLinks (`id`, `name`, `site_name`, `url`, `category`,
`comment`) VALUES ('', '$_POST[name]', '$_POST[site_name]', '$_POST[url]',
'$_POST[category]', '$_POST[comment]')"; if (mysql_query($sql,$connect)) {
echo "your input as been entered<br>";
echo "<a href=\"http://$site\">Click here</a> to retun to the main
page.<br>\n"; } else {
echo "There was an error, please try again later<br>";
echo "<a href=\"addlink.html\">Click here</a> to try again.<br>\n";
echo "or <a href=\"$site\">Click here</a> to retun to your homepage.<br>"; }

Best Regards
Dark Angel

-------------------------------------------------------------------------- - My Home Page - Free spam filter for windows - My shrine to Aeris from FF7
  Reply With Quote

  sponsored links

2 14th May 00:58
janwillem borleffs
External User
Posts: 1
Default bug in script

Apart from the syntax being incorrect, why would you evaluate $_GET while
your are retrieving your data from $_POST?

It would make more sense to something like the following:

if ($_POST['url'] == '') {
// error

but this way, the error won't be raised when the user has entered a single
white space character.

You could get around this by using trim:

if (trim($_POST['url']) == '') {
// error

but now, all the user has to do is enter 1 non-white space character to pass

The way to get around this is to use regular expressions, e.g (and this is a
VERY basic expression which needs work):

if (!preg_match("|^http://[^\s.]+(.[^\s]+)+(/[^\s]+)*$|", $_POST['url'])) {
// error

Read the online manual for more info about regular expressions.

Teach yourself to use quotes around array keys:

Reasons: with the highest error reporting level there will be warnings all
over the place and it is well possible that one of the used names will be
defined as a constant in future PHP releases (`comment` in `$_POST[comment]`
is converted to a constant with `comment` as the value) .

  Reply With Quote

Thread Tools
Display Modes

Copyright 2006 - Dies Mies Jeschet Boenedoesef Douvema Enitemaus -