|
sponsored links |
|
|
sponsored links
|
|
1
14th May 00:58
External User
Posts: 1
|
bug in script
But recently found a bug in there that lets them subit the iteam even if its
blank. I've think I've figured a way around this. The script below is what should stop this. Whould this work? or am I going about it the wrong way? <?php if $_GET[] == '' { print (Please full all parts of the form out.<br> Please go back and try again.); } else { include ("phplinksconfig.php"); mysql_select_db($database,$connect); $sql = "INSERT INTO phpLinks (`id`, `name`, `site_name`, `url`, `category`, `comment`) VALUES ('', '$_POST[name]', '$_POST[site_name]', '$_POST[url]', '$_POST[category]', '$_POST[comment]')"; if (mysql_query($sql,$connect)) { echo "your input as been entered<br>"; echo "<a href=\"http://$site\">Click here</a> to retun to the main page.<br>\n"; } else { echo "There was an error, please try again later<br>"; echo "<a href=\"addlink.html\">Click here</a> to try again.<br>\n"; echo "or <a href=\"$site\">Click here</a> to retun to your homepage.<br>"; } ?> -- Best Regards Dark Angel -------------------------------------------------------------------------- http://www.stateofmind.me.uk - My Home Page http://www.keir.net/k9.html - Free spam filter for windows http://www.shrine2aeris.co.uk - My shrine to Aeris from FF7 |
|
|
|
2
14th May 00:58
External User
Posts: 1
|
bug in script
Apart from the syntax being incorrect, why would you evaluate $_GET while
your are retrieving your data from $_POST? It would make more sense to something like the following: if ($_POST['url'] == '') { // error } but this way, the error won't be raised when the user has entered a single white space character. You could get around this by using trim: if (trim($_POST['url']) == '') { // error } but now, all the user has to do is enter 1 non-white space character to pass by. The way to get around this is to use regular expressions, e.g (and this is a VERY basic expression which needs work): if (!preg_match("|^http://[^\s.]+(.[^\s]+)+(/[^\s]+)*$|", $_POST['url'])) { // error } Read the online manual for more info about regular expressions. Teach yourself to use quotes around array keys: $_POST['comment']; Reasons: with the highest error reporting level there will be warnings all over the place and it is well possible that one of the used names will be defined as a constant in future PHP releases (`comment` in `$_POST[comment]` is converted to a constant with `comment` as the value) . JW |
|
|
Linear Mode
