The Arcive of Official vBulletin Modifications Site.

error_22 · #1 02-28-2006, 05:42 PM

HTML Code:

<form action="new_isy.php" method="POST">
First name:<br>
<input type="text" name="fname"><br>
Last name:<br>
<input type="text" name="lname"><br>
Email:<br>
<input type="text" name="email"><br>
Head<br>
<input type="text" name="head"><br>
Message<br>
<textarea name="message" cols="30" rows="8"></textarea><br>
<select name="category">
<option>option1</option>
<option>option2</option>
<option>option3</option>
<option>option4</option>
</select><br><br>
<input type="submit" value="Send"></form>

new_isy.php:

PHP Code:


			
$date = date("Y-m-d H:i:s");

    $sql = "INSERT INTO `ads` 

            (

            `fname`, 

            `lname`, 

            `email`, 

            `head`, 

            `message`, 

            `category`, 

            `date`

            )

    VALUES     (

            '{$_POST['fname']}', 

            '{$_POST['lname']}', 

            '{$_POST['email']}', 

            '{$_POST['head']}', 

            '{$_POST['message']}', 

            '{$_POST['category']}', 

            '$date'

            )";



mysql_query($sql) or die("SQL: $sql ".mysql_error());



// ##### Back to main page #####

header ("Location: index.php");

exit;

Ok so i want option1/option2/option3/option4 to be saved in the field called "category". The point is that people can choose a category and that category should be saves in the db. What am i doing wrong?

Thanks in advance
Niklas

filburt1 · #2 02-28-2006, 05:44 PM

Give each option a "value" attribute.

Also, perish the thought of using raw user data in queries. Escape it always.

error_22 · #3 02-28-2006, 05:57 PM

HTML Code:

<form action="new_isy.php" method="POST">
First name:<br>
<input type="text" name="fname"><br>
Last name:<br>
<input type="text" name="lname"><br>
Email:<br>
<input type="text" name="email"><br>
Head<br>
<input type="text" name="head"><br>
Message<br>
<textarea name="message" cols="30" rows="8"></textarea><br>
<select name="category">
<option value="option1">option1</option>
<option value="option2">option2</option>
<option value="option3">option3</option>
<option value="option4">option4</option>
</select><br><br>
<input type="submit" value="Send"></form>

Like that you mean? its still not working

And what do you mean by "raw user data in queries"?

Thanks

error_22 · #4 03-06-2006, 07:28 PM

anyone?

Princeton · #5 03-06-2006, 08:39 PM

Quote:

And what do you mean by "raw user data in queries"?

what he means is that you should make sure that all data is checked/cleaned before saving it into the database

(security risk)

error_22 · #6 03-06-2006, 09:08 PM

Quote:

Originally Posted by princeton

what he means is that you should make sure that all data is checked/cleaned before saving it into the database

(security risk)

and how do i do that?

error_22 · #7 03-21-2006, 04:16 PM

bump

Xenon · #8 03-21-2006, 09:40 PM

take a look into a general vb-file, especially how they user $vbulletin->gpc and these parts of code

error_22 · #9 03-23-2006, 09:02 AM

hmmm how would that string of code help me when I have no idea what any of you are talking about? I think you have forgotten what its like to not understand

Xenon · #10 03-23-2006, 08:00 PM

well, sorry but we can't teach you coding by posting on this forum.

we can just give you examples of how good code looks like, and i said, you should take any vb-file as an example, and will see that nowhere a $_POST is entered directly into the db, but all results are sanitized by the $vbulletin->gpc_cleaner

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04927 seconds Memory Usage 2,266KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (2)bbcode_html (1)bbcode_php (2)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!