| php $_GET method | |
|---|---|
| Tweet Topic Started: May 31 2009, 01:58 AM (390 Views) | |
| Knight13 | May 31 2009, 01:58 AM Post #1 |
|
0
Edited by Knight13, Mar 19 2010, 06:56 AM.
|
![]() |
|
| Mike | May 31 2009, 02:10 AM Post #2 |
|
Check if the user is in the database? |
![]()
| |
![]() |
|
| Darksorrow131 | Jun 1 2009, 08:33 PM Post #3 |
|
If "username" is a unique key in your database (aka it's guaranteed that no two users have the same username), then where you have the while loop that goes through the results of the query, change that "while" into "if" (since the loop won't run more than once anyways if username is unique), and add an else clause to it to handle the case where the user enters something weird in the URL such as printing error messages or redirecting. Your code does have another issue though, what if the user puts the following into the "username=" part of the URL?
|
|
(let loop () (loop)) ((lambda (x) (x x)) (lambda (x) (x x))) (let ((k #f)) (call/cc (lambda (cc) (set! k cc)) (k)) ((call/cc call/cc) (call/cc call/cc)) -- Infinite loops are awesome! -- Tell me if you have other awesome infinite loops! | |
![]() |
|
| Knight13 | Jun 2 2009, 06:58 AM Post #4 |
|
0
Edited by Knight13, Mar 19 2010, 06:56 AM.
|
![]() |
|
| Darksorrow131 | Jun 2 2009, 06:52 PM Post #5 |
|
Something like this, which is the URL-escaped form of the stuff I wrote before (obviously substitute "whatever" for the real path)
If my brain was still working when I read the code yesterday, accessing this will delete your database. Edited by Darksorrow131, Jun 2 2009, 06:53 PM.
|
|
(let loop () (loop)) ((lambda (x) (x x)) (lambda (x) (x x))) (let ((k #f)) (call/cc (lambda (cc) (set! k cc)) (k)) ((call/cc call/cc) (call/cc call/cc)) -- Infinite loops are awesome! -- Tell me if you have other awesome infinite loops! | |
![]() |
|
| Knight13 | Jun 2 2009, 08:56 PM Post #6 |
|
0
Edited by Knight13, Mar 19 2010, 06:56 AM.
|
![]() |
|
| Darksorrow131 | Jun 2 2009, 10:15 PM Post #7 |
|
urlencode() is what converts the spaces to '+' and a bunch of other things. I'm not sure why the hacking attempt in my last post would fail, but usually the way to deal with this kind of thing is to call a quotes-escaping function on the user-entered parts of the SQL string. I don't remember exactly what the function is called but it probably looks like mysql_*blah*_escape_string() or something (search the php documentation). |
|
(let loop () (loop)) ((lambda (x) (x x)) (lambda (x) (x x))) (let ((k #f)) (call/cc (lambda (cc) (set! k cc)) (k)) ((call/cc call/cc) (call/cc call/cc)) -- Infinite loops are awesome! -- Tell me if you have other awesome infinite loops! | |
![]() |
|
| Knight13 | Jun 4 2009, 05:18 AM Post #8 |
|
0
Edited by Knight13, Mar 19 2010, 06:56 AM.
|
![]() |
|
| Darksorrow131 | Jun 4 2009, 07:16 PM Post #9 |
|
I never ran any of that code, only sort of "ran the code in my head" so I don't know if it's right.
|
|
(let loop () (loop)) ((lambda (x) (x x)) (lambda (x) (x x))) (let ((k #f)) (call/cc (lambda (cc) (set! k cc)) (k)) ((call/cc call/cc) (call/cc call/cc)) -- Infinite loops are awesome! -- Tell me if you have other awesome infinite loops! | |
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · Web-Based Programming Support · Next Topic » |







so I don't know if it's right.
10:18 AM Jul 11