Jump to content


  • Posts

  • Joined

  • Last visited

Posts posted by kylebuch8

  1. I'm using mysql_real_escape_string() to secure user input and I'm not receiving any errors when I run the function. How can I tell that the function is working? Here is the code that I'm using:


    >		$username = "<script>testing</script>";
    	$password = "kyle's test";	
    	$conn = mysql_connect(dbhost, dbuser, dbpass);	
    	$query = sprintf("INSERT INTO Test (username, password) VALUES ('%s', '%s')",
                       mysql_real_escape_string($username, $conn),
                       mysql_real_escape_string($password), $conn);
           mysql_query($query, $conn);


    When I view the information in my database, the input shows exactly as it is entered in the script above. I thought that the mysql_real_escape_string() function would prevent the <script> tags from being entered. Am I wrong?


    I know there are other functions to strip tags from user input, but I thought the mysql_real_escape_string() function would also handle this.


    Any ideas, thoughts, help is appreciated. Thanks.

  2. Hi,


    I've been having a lot of trouble uploading files from an HTML form to a directory on my server. I have set all of the appropriate permissions to 777 and I have used code from other topics on this forum to try to make this work.


    Here is the code that I am using for my HTML form.


    <form enctype="multipart/form-data" method="post" action="upload.php">


    Send this file: <input name="userfile" type="file"><br>

    <input type="submit" value="Send File">






    Here is the code that I am using for upload.php. I have taken out my user name where all of the *'s are.




    $uploadDir = '/home/********/public_html/images/';

    $uploadFile = $uploadDir . basename($_FILES['userfile']['name']);


    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile))


    echo "File {$_FILES['userfile']['name']} was uploaded successfully.\n";


    else {

    echo "Upload Failed!\n";





    Here are the error messages that I am receiveing:


    Warning: move_uploaded_file(/home/********/public_html/images/aap_dyk_issue9_img1.gif) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/*******/public_html/upload.php on line 6


    Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpFbCAfc' to '/home/********/public_html/images/aap_dyk_issue9_img1.gif' in /home/********/public_html/upload.php on line 6

    Upload Failed!


    I have been all over this forum and other tutorials for the past week and I still cannot get this to work. The error that I have been receiving from most of my attempts using a lot of different code seem to be around using "move_uploaded_file()". Any help on this would be appreciated. Thanks.

  • Create New...