Equinox

$sql = "INSERT INTO login SET id = '', name = '" .mysql_real_escape_string($_POST['name']). "', signup =NOW() , password = '" .mysql_real_escape_string($pass). "', state = '0', mail = '" .mysql_real_escape_string($_POST['mail']). "',location='".mysql_real_escape_string($_POST['location'])."', signup_ip='".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."',ref='".mysql_real_escape_string($_POST['ref'])."'"; $res = mysql_query($sql);   All wrong....   $sql = "INSERT INTO login (id,name,signup,password,state,mail,location,signup_ip,ref) VALUES('', '" .mysql_real_escape_string($_POST['name']). "',NOW() , '" .mysql_real_escape_string($pass). "', 0, '" .mysql_real_escape_string($_POST['mail']). "','".mysql_real_escape_string($_POST['location'])."','".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."','".mysql_real_escape_string($_POST['ref'])."')"; $res = mysql_query($sql) or die(mysql_error());   Another problem could be the quotes - but I cannot see them properly, so cannot judge. But try that.

That maybe true, and again, I'm not supporting the idea. I'm simply saying that you cannot make the assumption that something will fail and claim it as a certainty. He is taking a dump on someone's idea because he doesn't think it will work. And feels like everyone else thinks the same as he does.

But, you are wrong. There is no way you can look at something as make the assumption that it will fail and expect to be right. You can guess, yes, doesn't mean you're going to be right. Different people could see this thread and offer to help, people that only joined today or within the past week, you simply don't know. Lots of people own Google and they are all working together, and correct me if I'm mistaken, but isn't Google doing pretty damn well? So, unless you can give me proof that this will fail (this topic in particular, not saying "look at other attempts") - your comments will be null and void. You can say it will fail in a week, and you could be right, but it's not a certainty - I'm in no way saying it'll work, my feelings towards the subject are mutual, it could go either way. I'm sure as hell not putting the starter down though. So how about stepping down off of that high horse of yours, and set aside the ability to predict the future that your few years experience have given you and stop putting people down. Thanks.

I'd like nothing more. He can challenge all he likes, the fact of the matter is, he's wrong. Just because someone thinks it's not going to work, doesn't mean everyone else will think that.

It's nice to see the mentality of some of the MWG community hasn't changed. You're making an assumption. Not everyone conforms to your way of thinking.

http://www.tineye.com/search/b285dec8db0aa607b8c42cc086f35f5589118f00/

Yesterday, today and tomorrow

Yes, I know - but I was just explaining the specifics. Knowledge is power.

Actually, with the amount people use it, you'd be surprised. It's not to do with the use of variables, that would be within the quote. Double quotes will look for a variable whereas single quotes won't. They are both language constructs, and echo is better to use simply because it's shorter to write. The difference in speed is minor unless you used it millions of times in one go.

That's the one!

The one time I'm nice, and you ruin it. I keep wanting to say Dayo, but I know it's not him. I swear it begins with D?

I've just had another play, still a lot is exploitable. Check your ID's, you are clearly just making use of strip_tags() Forms can be edited via the source, I won't reveal the errors here because some people on this forum 'hack' for fun. However, feel free to contact me. Although, I doubt many people on this forum are smart enough to understand more than a simple SQL injection and a simple HTML injection, like the boy who used to troll and claim to be a hacker, I forget his name, someone remind me >.<

I just signed in, made a post in my journal with an <iframe> and it worked. This is not secure.

#C0C0C0

  He also has an example game with a "l33t" game engine, you can't see the inside though. But if you want to, give me a shout. Or, why not just have a go yourself at getting inside the game, it's mega easy.