Jump to content

Doesn't work!


Sami

Recommended Posts

<?php// MySQL connect $con = mysql_connect('localhost','gbok','******');if (!$con)  {  die('Vennligst rapporter: ' . mysql_error());  }// Select comment DBmysql_select_db("gbok", $con);$result = mysql_query("SELECT * FROM banned");// Look for IP-banwhile($row = mysql_fetch_array($result))  {  if ($row['ip'] == $_SERVER["REMOTE_ADDR"]){$uban=true}  }// Check that there's any contentif($_POST["comment"]=="" || $_POST["name"]=""){header("location:/?side=gjestebok&s=7");die();}// MySQL real Escape String$r = mysql_real_escape_string($_POST["comment"], $con);$n = mysql_real_escape_string($_POST["name"], $con);// Set the name inside a cookie, to remember it what the poster called him/herselfsetcookie("name", $_POST["name"], PHP_INT_MAX);// Add the date$d = date("d.m.Y H:i");// Check if there's any forbidden content, or if the user is banned.if($_POST["name"]=="Sami" || $_POST["name"]=="sami"){header("");die;}if("true" == $uban){header("");die;}if($_GET["stop"]=="true"){die;}// Store it in the database.mysql_query("INSERT INTO comments (name,comment,ip,date)VALUES ('$n', '$r', '$_SERVER[REMOTE_ADDR]', '$d')");?>

It returns *nothing* :)

Link to comment
Share on other sites

I prefer to change the php.ini.I've tried to change it, even restart apache, but I didn't get a single error messange!And about your suggestion, justsomeguy, I tough php would stop because of one single error - even an included one..

Link to comment
Share on other sites

Here's the setup:test.php

<?php   ini_set('display_errors',1);   error_reporting(E_ALL|E_STRICT);   include ('my_problem_file.php');?>

That's the whole file. When the interpreter parses the test script, it does not parse the include file. This means that error reporting gets switched on. When the interpreter executes the script, it tries to parse the include file. When that fails, the script terminates, and the error is reported.

Link to comment
Share on other sites

Hi!I Think Your Page Is Reading This Query After All Queries And After That Your Page Is Not Getting Any Printed Value.

<?php// Store it in the database.mysql_query("INSERT INTO comments (name,comment,ip,date) VALUES ('$n', '$r', '$_SERVER[REMOTE_ADDR]', '$d')");print "Print Something Here For Checking.";?>

Link to comment
Share on other sites

Here's the setup:test.php
<?php$con = mysql_connect('localhost','gbok','*******');$r = mysql_real_escape_string($_POST["comment"], $con);$n = mysql_real_escape_string($_POST["name"], $con);setcookie("name", "Sami", PHP_INT_MAX);$d = date("d.m.Y H:i");if (!$con)  {  header("location:?side=gjestebok&s=2");  die();  }mysql_select_db("gbok", $con);$banned=mysql_query("SELECT * FROM banned");while($row = mysql_fetch_array($banned))  {  if($row['ip']==$_SERVER["REMOTE_ADDR"]) { $uban=true; }  }if($uban==true){header("location:panel.php");}else{$sql="INSERT INTO comments (date, name, comment, ip)VALUES('$d','$n','$r','$_SERVER[REMOTE_ADDR]')";if (!mysql_query($sql,$con))  {  //header("location:panel.php");  //If an error still appears, it might be wise to see what it is.  die(mysql_error($con));  }  else  {  header("location:panel.php");  }}mysql_close($con);?>

Link to comment
Share on other sites

are you checking if name is even come over in $_POST as you expect it to? Why not echo it out and see.
<input id="name" maxlength="20" style="text-align:center; width:422px;" type="text" name="name" value="" >
Link to comment
Share on other sites

are you checking if name is even come over in $_POST as you expect it to? Why not echo it out and see.
What scientist meant here is to echo the $_POST variable to see if the value exists. Try putting this at the top of your script:echo nl2br(print_r($_POST, true));What does that give you?
Link to comment
Share on other sites

What scientist meant here is to echo the $_POST variable to see if the value exists. Try putting this at the top of your script:echo nl2br(print_r($_POST, true));What does that give you?
as a basic test of proof of concept, it's always important to check that when you're passing variables and values from page/script to page/script that the receiving page/script is indeed getting a value at all. By doing this basic test, you can see if the value is being correctly passed. This is often the downfall of many (newbie) scripts, in such that they are assuming the data is there and go away hacking at their scripts, only find out they had the variable name wrong in the beginning, and thus they were experiencing a cascading effect from one simple bug in the beginning gumming up the whole works.
Link to comment
Share on other sites

I already know that path: /etc/apache2But there's no logs inside thereBy the way, I found the log.It was just where thescientist suggested. Only my sftp client that didn't want to open it first time ...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...