Most of our features and services are available only to members, so we encourage you to login or register a new account. Registration is free, fast and simple. You only need to provide a valid email. Being a member you'll gain access to all member forums and features, post a message to ask question or provide answer, and share or find resources related to mobile phones, tablets, computers, game consoles, and multimedia.
All that and more, so what are you waiting for, click the register button and join us now! Ito ang website na ginawa ng pinoy para sa pinoy!
Dapat kinompleto mo na, like Indexing, Sorting, Paganation, at Report convert to excel or pdf file boss
Dapat kinompleto mo na, like Indexing, Sorting, Paganation, at Report convert to excel or pdf file boss
manghihingi ka na nga lang, nagmamadali ka pa... baka naman may sariling buhay din yang gumawa niyan. Buti nga at may ganyan nagse-share ng nalalaman eh. Matuto ka din maghintay.
Sa second figure mo, napansin ko lang sa conditions mo,
if(empty($_POST["name"]))
suggest lang, cguro gamitin mo ang mga functions ng php para maging secure ang system. For now cguro oke lang yan kc basi panaman.
try mo to sa baba
1. Problem with empty value
<?php
$_POST["name"]=" "; ////puro space walang laman na character
if(!empty($_POST["name"])) //check if empty
{
echo "Your name is =". $_POST["name"]; ////echo the value
}
else
{
echo "Your name is ="empty"; ////echo the value
}
?>
OUTPUT: Your name is
So ang space ay valid value.
-> correct
a) if(!empty(trim($_POST["name"])) //trim spaces before checking if empty :note space between letters are not trim sample trim("he llo") = he llo
b) $name = trim($_POST["name"]; //trim spaces before checking if empty trim(" hello") = hello, trim(" hello ") = hello, trim(" h e l l o") = h e l l o
if(!empty($name)){}
FIX: gamit ka ng trim() function
ltrim() = trim spaces/empty value on left
rtrim() = trim spaces/empty value on right
trim() = trim spaces/empty value both sides
2) HTML tags will be inserted XSS attack
$_POST['"><script>document.write(document.cookie());</script>'];
so "><script>document.write(document.cookie());</script> is valid input
you can add htmlspecialchars()
htmlspecialchars($_POST['"><script>document.write(document.cookie());</script>'])
OUTPUT : "><script>document.write(document.cookie());</script>
3) SQL injection
dangerous when executed
$_POST['' or 1=1; --'];
$_POST['' or 1=1 drop table_users; --']; ' or 1=1 drop table_users; --
$_POST['' or 1=1 drop database ; --'];
str_replace('"', "", $string);
str_replace("'", "", $string);
Otherwise, go for some regex, this will work for html quotes for example:
preg_replace("/<!--.*?-->/", "", $string);
C-style quotes:
preg_replace("/\/\/.*?\n/", "\n", $string);
CSS-style quotes:
preg_replace("/\/*.*?\*\//", "", $string);
bash-style quotes:
preg-replace("/#.*?\n/", "\n", $string);
echo $_POST['lastname']; // O\'hack
echo addslashes($_POST['lastname']); // O\\\'hack
if (get_magic_quotes_gpc()) {
$lastname = stripslashes($_POST['lastname']);
}
else {
$lastname = $_POST['lastname'];
}
mysql_real_escape_string($user),
mysql_real_escape_string($password));
Marami pa....
-> dito kayo mag test online
https://eval.in/877730
Salamat dito ka TS..
Thank you!
pasubok boss newbie on php malaki matutulong nito para sa kinabukasan ko