CJ - Twitch Posted April 4, 2010 Posted April 4, 2010 Can I have some help on this snippit of code please? function gang_staff_pic() { global $ir,$c,$userid,$gangdata; if($gangdata['gangPRESIDENT'] == $userid) { if($_POST['subm'] == "") { print "You did not enter a new pic. [url='yourgang.php?action=staff']> Back[/url]"; } else { if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['newpic'])) { echo "Invalid Extension!"; } if(@getimagesize($_POST['newpic']) == FALSE) { echo "Invalid Extension!"; } $_POST['subm'] = str_replace(array(".php"), array(""), $_POST['subm']); $_POST['subm']=str_replace('\\\'',''', $_POST['subm']); mysql_query("UPDATE gangs SET gangPIC='{$_POST['vp']}' WHERE gangID={$gangdata['gangID']}",$c); print "Gang pic changed! [url='yourgang.php?action=staff']> Back[/url]"; } { print "Current Pic: "; if($gangdata['gangPIC']) { print "[img={$gangdata[]"; } else { print "[b]No Gang Picture[/b]"; } print"<hr /> <form action='yourgang.php?action=staff&act2=pic' method='post'> Please note that the pic must be externally hosted, [url='http://tinypic.com']Tinypic[/url] is our recommendation. Any pics that are not 400x100 will be automatically resized. <input type='hidden' name='subm' value='submit' /> tag: <input type='text' name='vp' value='' /> <input type='submit' value='Change' /></form>"; } } } It works but shows th errors when i dont want them to be shown. For example. "You did not enter a new pic" when I havent clicked submit yet and "Invalid Extension!Gang pic changed". Its hard to explain but im sure you'll figure it out. :thumbsup: Thanks in advance -CJ - Twitch PS: How secure is this? Quote
bluegman991 Posted April 4, 2010 Posted April 4, 2010 Line 20: $_POST['subm']=str_replace('\\\'',''', $_POST['subm']); should be $_POST['subm']=str_replace('\\\'','\'', $_POST['subm']); thats the first thing i saw from looking but what error exactly r u getting? Quote
Danny696 Posted April 4, 2010 Posted April 4, 2010 $_POST['newname'] = str_replace(array("meta","http-equiv","http","refresh","content","www.",".com",".co.uk"), "", $_POST['newname']); Who did that? Quote
CJ - Twitch Posted April 4, 2010 Author Posted April 4, 2010 I don't know. Where did you get that from? Quote
Magictallguy Posted April 4, 2010 Posted April 4, 2010 <?php function gang_staff_pic() { global $db, $ir, $c, $userid, $gangdata; if($gangdata['gangPRESIDENT'] != $userid) { echo "You are not the gang leader"; $h->endpage(); exit; } if(isset($_POST['vp'])) { if(empty($_POST['vp'])) { print "You did not enter a new pic. [url='yourgang.php?action=staff']> Back[/url]"; $h->endpage(); exit; } if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['newpic'])) { echo "Invalid Extension!"; $h->endpage(); exit; } if(@getimagesize($_POST['newpic']) === FALSE) { echo "Invalid Extension!"; $h->endpage(); exit; } $_POST['vp'] = str_replace(array(".php"), array(""), $_POST['vp']); $_POST['vp']=str_replace('\\\'','\'', $_POST['vp']); $_POST['vp'] = $db->escape($_POST['vp']); $db->query("UPDATE gangs SET gangPIC='{$_POST['vp']}' WHERE gangID={$gangdata['gangID']}",$c); print "Gang pic changed! [url='yourgang.php?action=staff']> Back[/url]"; } else { print "Current Pic: "; if($gangdata['gangPIC']) { print "[img=".htmlspecialchars(stripslashes($gangdata[]"; } else { print "[b]No Gang Picture[/b]"; } print"<hr /><form action='yourgang.php?action=staff&act2=pic' method='post'> Please note that the pic must be externally hosted, [url='http://tinypic.com']Tinypic[/url] is our recommendation. Any pics that are not 400x100 will be automatically resized. Pic: <input type='text' name='vp' value='' /> <input type='submit' value='Change' /></form>"; } } Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.