>>function pic_upload($userid)
>>if (is_uploaded_file($_FILES['devpicture']['tmp_name']))
>>$filename = $_FILES['devpicture']['tmp_name'];
>>$realname = $_FILES['devpicture']['name'];

>>$username = $userid.".jpg";

>>echo "Possible file upload attack: filename

>>and then the updating


>>$query = "UPDATE os_developers SET devpicture = '$username' WHERE devid
>>= $id";
>>$result = mysql_query($query) or die(mysql_error());

I don't exactly know what is wrong, but I can definitely tell you that you
have two gaping security holes with this code.  Unless you're doing checks
that you did not show (which is highly likely), $username and $id can be set
to anything.  I'm not exactly sure how important/unimpornant some of that
stuff is, but you might want to make sure you kill off MySQL comment code
inside there and other possible exploits.

The other problem with your code is that you're not debugging it.  Set up
echo statements here and there to make sure variables are defined as you
think they are, that's the biggest mistake I see myself and others make, not
defining variables as I think I am.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to