well,what is the problem with these manuals :) ?
google these ones:
security exploits that are SQL injection, Cross Site Scripting(xss) and
Cross Site Request Forgery
many security issues you can find
also
for your code problems try this site:
stackoverflow.com
previous times when I had
Ok so I have tried to create a sort of messaging system on my website and I have run into some problems storing who the message is from, ill try to take you through step by step what I am trying to do.step #1 (messages.php): --This is where the member will view the recent messages that have been
in previous pages you must have a login page and in login page you must
store the username and then in next steps you have username in
$_SESSION['user']
now if it is not your problem then what is the problem?
Well my problem is when i click submit, the $_SESSION['user'] ('from' part of the table in my db) is blank, so im guessing the $_SESSION variable didnt pass through. On Aug 04, 2011, at 10:11 PM, Negin Nickparsa nickpa...@gmail.com wrote:in previous pages you must have a login page and in login
you must check setting your session with this one:
if(isset($_SESSION['user']))
{
// Identifying the user
$user = $_SESSION['user'];
// Information for the user.
}
tell me what you have done in login page?
This is the login.php which checks the form on the login page.?phpsession_start();include('connect.php');$user=$_POST['user'];$pass=$_POST['pass'];$sql="SELECT * FROM members WHERE username='$_POST[user]' and password='$_POST[pass]'";$result=mysql_query($sql,
did you set the form method='post'
?
in this line password='$_POST[pass]';
you have error change it to password='$_POST['pass']';
well,sorry change it to password=$pass (better)
also check your errors by php yourpage.php
it is more better to not stock in errors like this one
2011 04:49:32
To: PHP MAILINGLISTphp-general@lists.php.net; Philly
Holbrookpholbro...@gmail.com
Subject: [PHP] Sending a message
Ok so I have tried to create a sort of messaging system on my website and I
have run into some problems storing who the message is from, ill try to take
you through step
...@gmail.com
Subject: [PHP] Sending a message
Ok so I have tried to create a sort of messaging system on my website and I have run into some problems storing who the message is from, ill try to take you through step by step what I am trying to do.
step #1 (messages.php): --This is where the member
or if you want to do this risky and none secure thing try this:
$query=select * from members where user='.$_POST['user'].'and
pass=password('$pas');
well first you must check errors in mysql
then storing in session
also it is better to use:
$user=mysql_real_escape_string($_POST['user']);
then
well I wonder!
with error syntaxes now it is working? or without them?
I think Ill just use the better secured one, thanks!On Aug 04, 2011, at 10:41 PM, Negin Nickparsa nickpa...@gmail.com wrote:or if you want to do this risky and none secure thing try this:$query="select * frommemberswhere user='"$_POST['user']."'and pass=password('$pas')";
well first you must check
it is better to use this one:
http://www.php.net/mysql_real_escape_string
if you don't use this by inputting just a qoute or this input '--'
a hacker can easily hack your syntax
in another steps your site will send a message like:
error in mysql on this line lob lob ..
in this part he will
On 8/5/2011 9:49 PM, wil prim wrote:
Ok so I have tried to create a sort of messaging system on my website and I have
run into some problems storing who the message is from, ill try to take you
through step by step what I am trying to do.
*step #1 *(messages.php):--This is where the member
lol wow ok thanks, Im very new to coding, started html about 2 months ago, so ty for letting me know the security of the language! is there any place where i can read (other than the php manual), about a tutorial on security?On Aug 04, 2011, at 10:49 PM, Negin Nickparsa nickpa...@gmail.com
17 matches
Mail list logo
