kylebuch8

Ok, thanks click. I'll just make sure that the input that I am accepting is limited to certain numbers and characters.

I'm using mysql_real_escape_string() to secure user input and I'm not receiving any errors when I run the function. How can I tell that the function is working? Here is the code that I'm using: > $username = "<script>testing</script>"; $password = "kyle's test"; $conn = mysql_connect(dbhost, dbuser, dbpass); $query = sprintf("INSERT INTO Test (username, password) VALUES ('%s', '%s')", mysql_real_escape_string($username, $conn), mysql_real_escape_string($password), $conn); mysql_query($query, $conn); When I view the information in my database, the input shows exactly as it is entered in the script above. I thought that the mysql_real_escape_string() function would prevent the <script> tags from being entered. Am I wrong? I know there are other functions to strip tags from user input, but I thought the mysql_real_escape_string() function would also handle this. Any ideas, thoughts, help is appreciated. Thanks.

Thanks everyone. The script worked as it should have. It turned out it was a problem with permissions. I felt like an idiot when I found that out. I've got everything worked out now. Thanks for all your help.

Hi, I've been having a lot of trouble uploading files from an HTML form to a directory on my server. I have set all of the appropriate permissions to 777 and I have used code from other topics on this forum to try to make this work. Here is the code that I am using for my HTML form. <form enctype="multipart/form-data" method="post" action="upload.php"> Send this file: <input name="userfile" type="file"><br> <input type="submit" value="Send File"> </form> Here is the code that I am using for upload.php. I have taken out my user name where all of the *'s are. <?php $uploadDir = '/home/********/public_html/images/'; $uploadFile = $uploadDir . basename($_FILES['userfile']['name']); if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile)) { echo "File {$_FILES['userfile']['name']} was uploaded successfully.\n"; } else { echo "Upload Failed!\n"; } ?> Here are the error messages that I am receiveing: Warning: move_uploaded_file(/home/********/public_html/images/aap_dyk_issue9_img1.gif) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/*******/public_html/upload.php on line 6 Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpFbCAfc' to '/home/********/public_html/images/aap_dyk_issue9_img1.gif' in /home/********/public_html/upload.php on line 6 Upload Failed! I have been all over this forum and other tutorials for the past week and I still cannot get this to work. The error that I have been receiving from most of my attempts using a lot of different code seem to be around using "move_uploaded_file()". Any help on this would be appreciated. Thanks.