12-31-2006, 07:28 AM
12-31-2006, 07:46 AM
Use a switch statement to handle the $_GET this way only what you want will be able to be used.
12-31-2006, 07:53 AM
how do I do switch statements? and how would i make it say if value of name is "<script" or if <script(anything else) .. turn it into "forbidden" or ".."
12-31-2006, 08:43 AM
UPDATE: Actualy.. it is a MySQL database , i forgot to tell you, and it is HTTPGETVARS instead of $_GET .... it dumps into the mysql by HTTP GET VARS... and then it calls upon the stuff in the database by going
and then doing $name and $picture to echo the stuff from the mysql row ... how will i get it to where when it dumps into the database it changes, or when it echo from the database it changes.
12-31-2006, 09:17 PM
You should be using mysql_real_escape_string() to filter things being inserted into a mysql database and htmlentities() to filter anything being written to a web page.
12-31-2006, 10:03 PM
how would i go about doing to where when it dumps into the mysql database it filters? Could you please PM me with ur AIM or MSN SN so i can send u my files (dont want to give out on the forums)... Willing to pay.
12-31-2006, 10:18 PM
I sent you a pm, awaiting your reply.