The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
<select> problem
HTML Code:
<form action="new_isy.php" method="POST"> First name:<br> <input type="text" name="fname"><br> Last name:<br> <input type="text" name="lname"><br> Email:<br> <input type="text" name="email"><br> Head<br> <input type="text" name="head"><br> Message<br> <textarea name="message" cols="30" rows="8"></textarea><br> <select name="category"> <option>option1</option> <option>option2</option> <option>option3</option> <option>option4</option> </select><br><br> <input type="submit" value="Send"></form> PHP Code:
Thanks in advance Niklas |
#2
|
|||
|
|||
Give each option a "value" attribute.
Also, perish the thought of using raw user data in queries. Escape it always. |
#3
|
|||
|
|||
HTML Code:
<form action="new_isy.php" method="POST"> First name:<br> <input type="text" name="fname"><br> Last name:<br> <input type="text" name="lname"><br> Email:<br> <input type="text" name="email"><br> Head<br> <input type="text" name="head"><br> Message<br> <textarea name="message" cols="30" rows="8"></textarea><br> <select name="category"> <option value="option1">option1</option> <option value="option2">option2</option> <option value="option3">option3</option> <option value="option4">option4</option> </select><br><br> <input type="submit" value="Send"></form> And what do you mean by "raw user data in queries"? Thanks |
#4
|
|||
|
|||
anyone?
|
#5
|
||||
|
||||
Quote:
(security risk) |
#6
|
|||
|
|||
Quote:
|
#7
|
|||
|
|||
bump
|
#8
|
||||
|
||||
take a look into a general vb-file, especially how they user $vbulletin->gpc and these parts of code
|
#9
|
|||
|
|||
hmmm how would that string of code help me when I have no idea what any of you are talking about? I think you have forgotten what its like to not understand
|
#10
|
||||
|
||||
well, sorry but we can't teach you coding by posting on this forum.
we can just give you examples of how good code looks like, and i said, you should take any vb-file as an example, and will see that nowhere a $_POST is entered directly into the db, but all results are sanitized by the $vbulletin->gpc_cleaner |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|