Jump to content

kylebuch8

Members
  • Posts

    4
  • Joined

  • Last visited

Posts posted by kylebuch8

  1. I'm using mysql_real_escape_string() to secure user input and I'm not receiving any errors when I run the function. How can I tell that the function is working? Here is the code that I'm using:

     

    >		$username = "<script>testing</script>";
    	$password = "kyle's test";	
    	
    	$conn = mysql_connect(dbhost, dbuser, dbpass);	
    			
    	$query = sprintf("INSERT INTO Test (username, password) VALUES ('%s', '%s')",
                       mysql_real_escape_string($username, $conn),
                       mysql_real_escape_string($password), $conn);
    
           mysql_query($query, $conn);
    

     

    When I view the information in my database, the input shows exactly as it is entered in the script above. I thought that the mysql_real_escape_string() function would prevent the <script> tags from being entered. Am I wrong?

     

    I know there are other functions to strip tags from user input, but I thought the mysql_real_escape_string() function would also handle this.

     

    Any ideas, thoughts, help is appreciated. Thanks.

  2. Hi,

     

    I've been having a lot of trouble uploading files from an HTML form to a directory on my server. I have set all of the appropriate permissions to 777 and I have used code from other topics on this forum to try to make this work.

     

    Here is the code that I am using for my HTML form.

     

    <form enctype="multipart/form-data" method="post" action="upload.php">

     

    Send this file: <input name="userfile" type="file"><br>

    <input type="submit" value="Send File">

     

     

    </form>

     

     

    Here is the code that I am using for upload.php. I have taken out my user name where all of the *'s are.

     

    <?php

     

    $uploadDir = '/home/********/public_html/images/';

    $uploadFile = $uploadDir . basename($_FILES['userfile']['name']);

     

    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile))

    {

    echo "File {$_FILES['userfile']['name']} was uploaded successfully.\n";

    }

    else {

    echo "Upload Failed!\n";

    }

    ?>

     

     

    Here are the error messages that I am receiveing:

     

    Warning: move_uploaded_file(/home/********/public_html/images/aap_dyk_issue9_img1.gif) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/*******/public_html/upload.php on line 6

     

    Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpFbCAfc' to '/home/********/public_html/images/aap_dyk_issue9_img1.gif' in /home/********/public_html/upload.php on line 6

    Upload Failed!

     

    I have been all over this forum and other tutorials for the past week and I still cannot get this to work. The error that I have been receiving from most of my attempts using a lot of different code seem to be around using "move_uploaded_file()". Any help on this would be appreciated. Thanks.

×
×
  • Create New...