drellout Posted July 4, 2010 Report Share Posted July 4, 2010 Izveidoju piev skriptu, gribetos ar jums pakonsulteties ko vajag ieverot kad veido shadu skriptu <html><body> <script LANGUAGE=JAVASCRIPT> function verify(){ msg = "Do you want to continiu ?" return confirm(msg); } </SCRIPT> <? include ("includes/config.php"); if($ip == "83........."){ echo "Tu edito sidebar_one ! <br> <form action='?page=add_sidebar_one' onSubmit='return verify()' method='post'> Bloka nosaukums: <input type='text' name='title' /> Bloka links: <input type='text' name='file' /> <input type='submit' value= 'Pievienot sidebar_one'/> </form>";} else { echo "Jums nav pieeja pievienot blokus";} ?> </body></html> Ar to $ip = 83.... ir tikai pagaidam, kamer nav datubaze ar useriem <?php include ("includes/config.php"); $sql="INSERT INTO sidebar_one (title, file) VALUES ('$_POST[title]','$_POST[file]')"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } echo "1 sidebar added"; ?> Jautajumi tadi vai shis ir drosh pret hakeriem ? Ja nav droshi butu labi ja paaraditu kljudas, vai iedotu kadu labaku ideju :) Un kaa var apvienot visu kopaa ? Lai nebutu 2 php faili Quote Link to comment Share on other sites More sharing options...
emsy Posted July 5, 2010 Report Share Posted July 5, 2010 ('$_POST[title]','$_POST[file]') Šis vien parāda, ka tu vnk uzprasies uz injekciju!!!! Uzliec mysql_string_escape() (man liekas, ka šitā bija, nevaru uz sitienu atcerēties) Quote Link to comment Share on other sites More sharing options...
rATRIJS Posted July 5, 2010 Report Share Posted July 5, 2010 mysql_real_escape_string(); + vecs HTML Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.