My first PHP and HTML website.

If it doesn't fit elsewhere, it should go here
Post Reply
User avatar
rokit
Posts: 2095
Joined: 03 Feb 2012, 00:47

Post » 11 Mar 2012, 11:45

It took me about 2 minuites :D. I'm into PHP now. Link: evil_bartek.byethost9.com

byethost is a very good webhosting website, UNLIMITED BANDWITH AND UPLOAD SIZES! but only 50mb worth of mysql data, but I don't even think I will need 3mb.

On topic:

This is a VERY basic form with a binded php script.
You enter your name and your age and it will greet you.
How to do this the cool way:
evil_bartek.byethost9.com/welcome.php?fname=NAME&age=AGE
For people interested in seeing the source code then pm me.

A plus tard,

rokit boy.
Top
User avatar
rokit
Posts: 2095
Joined: 03 Feb 2012, 00:47

Post » 11 Mar 2012, 12:15

Will update soon.
Top
User avatar
rokit
Posts: 2095
Joined: 03 Feb 2012, 00:47

Post » 11 Mar 2012, 12:26

Nobody like PHP? D:
Top
User avatar
Sašo
Stabyourself.net
Posts: 1444
Joined: 06 Jan 2012, 12:07

Post » 11 Mar 2012, 12:44

It's been only an hour since you made the thread. Calm down.

The script is extremely basic. And also not very secure. See http://evil_bartek.byethost9.com/welcome.php?fname=%3Ciframe%20width=%22425%22%20height=%22344%22%20src=%22http://www.youtube.com/embed/A_sY2rjxq6M?fs=1&autoplay=1&loop=1%22%20frameborder=%220%22%20allowFullScreen=%22%22%3E%3C/iframe%3E&age=B
At the moment that isn't a very big problem, but if you were using a database, it would be an EXTREMELY big problem. Note that the iframe doesn't really work since you're escaping " and ', but sometimes that isn't enough.

This should help prevent the above example.
http://php.net/manual/en/function.htmlspecialchars.php

And once you start working with databases, read this
http://si2.php.net/manual/en/security.d ... ection.php
Top
User avatar
rokit
Posts: 2095
Joined: 03 Feb 2012, 00:47

Post » 11 Mar 2012, 12:56

It's not really a database, and I don't plan it to be. I do know how to check if it is a string so I will update that. So, I basically have to convert the inputs to strings and that's it? Ok i'll update.

Thanks Saso.
Top
User avatar
rokit
Posts: 2095
Joined: 03 Feb 2012, 00:47

Post » 11 Mar 2012, 13:06

Wow I totally fail at PHP.

Code: Select all

<html>
<body>
<?php
if($_GET["fname"]!="" and $_GET["age"]!="") 
{
$_GETage = htmlspecialchars($_GET["age"], ENT_DISALLOWED);
$_GETname = htmlspecialchars($_GET["fname"], ENT_DISALLOWED);
echo "Welcome " . $_GETname . "!\nYou are " . $_GETage . " years old.";
} else {
echo "Welcome " . "UKNOWN" . "!\nYou are " . "UKNOWN" . " years old.";
}
?>
</body>
</html>
Failed.
Top
User avatar
rokit
Posts: 2095
Joined: 03 Feb 2012, 00:47

Post » 11 Mar 2012, 16:33

bewmp
Top
Post Reply

Return to “Twatter”