Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Eugenie, in TEST-EDIT.PHP you created a form in the script TEST-EXEC.PHP by the name of "form1" which uses the POST method. Inside of form1 you are seeding the variables username, uid, password and email. When you submit form1 it TEST-EXEC.PHP needs to capture the variables that you seeded. You do this by:</p> <pre><code>$username = $_POST['username']; $uid = $_POST['uid']; $password = $_POST['password']; $email = $_POST['email']; </code></pre> <p>$_POST is a predefined variable that gets the values from a form sent with method="post". Put these at the top of TEST-EXEC.PHP. You can also use $user = mysql_real_escape_string($_POST['user']); like another person mentioned so the values in variable user are escaped.</p> <p>I am going to echo others and tell you that you have some serious security issues happening with this code because you are not paying attention to your strings. If you do not research the security dangers people are mentioning then if you use this code in production you are opening up the entire database and webserver to malicious code. And it's just not worth it.</p> <p>Here's something you need, it is a function that validates email addresses to make sure they do not contain bad things.</p> <pre><code>function validEmail($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) &amp;&amp; !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen &lt; 1 || $localLen &gt; 64) { // local part length exceeded $isValid = false; } else if ($domainLen &lt; 1 || $domainLen &gt; 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%&amp;`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { $isValid = false; } } // if ($isValid &amp;&amp; !(checkdnsrr($domain,"MX") || ?checkdnsrr($domain,"A"))) if ($isValid &amp;&amp; !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) { // domain not found in DNS $isValid = false; } } return $isValid; } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload