Streaming game development: https://www.twitch.tv/stabyourself Image

My first PHP and HTML website.

If it doesn't fit elsewhere, it should go here
rokit
User avatar
Posts: 2108
Joined: 03 Feb 2012, 00:47
Reputation: 98

Post » 11 Mar 2012, 11:45

It took me about 2 minuites :D. I'm into PHP now. Link: evil_bartek.byethost9.com

byethost is a very good webhosting website, UNLIMITED BANDWITH AND UPLOAD SIZES! but only 50mb worth of mysql data, but I don't even think I will need 3mb.

On topic:

This is a VERY basic form with a binded php script.
You enter your name and your age and it will greet you.
How to do this the cool way:
evil_bartek.byethost9.com/welcome.php?fname=NAME&age=AGE
For people interested in seeing the source code then pm me.

A plus tard,

rokit boy.

rokit
User avatar
Posts: 2108
Joined: 03 Feb 2012, 00:47
Reputation: 98

Post » 11 Mar 2012, 12:15

Will update soon.

rokit
User avatar
Posts: 2108
Joined: 03 Feb 2012, 00:47
Reputation: 98

Post » 11 Mar 2012, 12:26

Nobody like PHP? D:

Sašo
Stabyourself.net
User avatar
Posts: 1387
Joined: 06 Jan 2012, 12:07
Reputation: 343
Contact:

Post » 11 Mar 2012, 12:44

It's been only an hour since you made the thread. Calm down.

The script is extremely basic. And also not very secure. See http://evil_bartek.byethost9.com/welcom ... e%3E&age=B
At the moment that isn't a very big problem, but if you were using a database, it would be an EXTREMELY big problem. Note that the iframe doesn't really work since you're escaping " and ', but sometimes that isn't enough.

This should help prevent the above example.
http://php.net/manual/en/function.htmlspecialchars.php

And once you start working with databases, read this
http://si2.php.net/manual/en/security.d ... ection.php

rokit
User avatar
Posts: 2108
Joined: 03 Feb 2012, 00:47
Reputation: 98

Post » 11 Mar 2012, 12:56

It's not really a database, and I don't plan it to be. I do know how to check if it is a string so I will update that. So, I basically have to convert the inputs to strings and that's it? Ok i'll update.

Thanks Saso.

rokit
User avatar
Posts: 2108
Joined: 03 Feb 2012, 00:47
Reputation: 98

Post » 11 Mar 2012, 13:06

Wow I totally fail at PHP.

Code: Select all

<html>
<body>
<?php
if($_GET["fname"]!="" and $_GET["age"]!="")
{
$_GETage = htmlspecialchars($_GET["age"], ENT_DISALLOWED);
$_GETname = htmlspecialchars($_GET["fname"], ENT_DISALLOWED);
echo "Welcome " . $_GETname . "!\nYou are " . $_GETage . " years old.";
} else {
echo "Welcome " . "UKNOWN" . "!\nYou are " . "UKNOWN" . " years old.";
}
?>
</body>
</html>

Failed.

rokit
User avatar
Posts: 2108
Joined: 03 Feb 2012, 00:47
Reputation: 98

Post » 11 Mar 2012, 16:33

bewmp


Return to “Twatter”

Who is online

Users browsing this forum: No registered users and 1 guest