It took me about 2 minuites :D. I'm into PHP now. Link: evil_bartek.byethost9.com
byethost is a very good webhosting website, UNLIMITED BANDWITH AND UPLOAD SIZES! but only 50mb worth of mysql data, but I don't even think I will need 3mb.
On topic:
This is a VERY basic form with a binded php script.
You enter your name and your age and it will greet you.
How to do this the cool way:
evil_bartek.byethost9.com/welcome.php?fname=NAME&age=AGE
For people interested in seeing the source code then pm me.
A plus tard,
rokit boy.
My first PHP and HTML website.
-
- Stabyourself.net
- Posts: 1447
- Joined: 06 Jan 2012, 12:07
It's been only an hour since you made the thread. Calm down.
The script is extremely basic. And also not very secure. See http://evil_bartek.byethost9.com/welcome.php?fname=%3Ciframe%20width=%22425%22%20height=%22344%22%20src=%22http://www.youtube.com/embed/A_sY2rjxq6M?fs=1&autoplay=1&loop=1%22%20frameborder=%220%22%20allowFullScreen=%22%22%3E%3C/iframe%3E&age=B
At the moment that isn't a very big problem, but if you were using a database, it would be an EXTREMELY big problem. Note that the iframe doesn't really work since you're escaping " and ', but sometimes that isn't enough.
This should help prevent the above example.
http://php.net/manual/en/function.htmlspecialchars.php
And once you start working with databases, read this
http://si2.php.net/manual/en/security.d ... ection.php
The script is extremely basic. And also not very secure. See http://evil_bartek.byethost9.com/welcome.php?fname=%3Ciframe%20width=%22425%22%20height=%22344%22%20src=%22http://www.youtube.com/embed/A_sY2rjxq6M?fs=1&autoplay=1&loop=1%22%20frameborder=%220%22%20allowFullScreen=%22%22%3E%3C/iframe%3E&age=B
At the moment that isn't a very big problem, but if you were using a database, it would be an EXTREMELY big problem. Note that the iframe doesn't really work since you're escaping " and ', but sometimes that isn't enough.
This should help prevent the above example.
http://php.net/manual/en/function.htmlspecialchars.php
And once you start working with databases, read this
http://si2.php.net/manual/en/security.d ... ection.php
-
- Posts: 2095
- Joined: 03 Feb 2012, 00:47
It's not really a database, and I don't plan it to be. I do know how to check if it is a string so I will update that. So, I basically have to convert the inputs to strings and that's it? Ok i'll update.
Thanks Saso.
Thanks Saso.
-
- Posts: 2095
- Joined: 03 Feb 2012, 00:47
Wow I totally fail at PHP.
Failed.
Code: Select all
<html>
<body>
<?php
if($_GET["fname"]!="" and $_GET["age"]!="")
{
$_GETage = htmlspecialchars($_GET["age"], ENT_DISALLOWED);
$_GETname = htmlspecialchars($_GET["fname"], ENT_DISALLOWED);
echo "Welcome " . $_GETname . "!\nYou are " . $_GETage . " years old.";
} else {
echo "Welcome " . "UKNOWN" . "!\nYou are " . "UKNOWN" . " years old.";
}
?>
</body>
</html>