CJ - Twitch Posted April 4, 2010 Share Posted April 4, 2010 Can I have some help on this snippit of code please? function gang_staff_pic() { global $ir,$c,$userid,$gangdata; if($gangdata['gangPRESIDENT'] == $userid) { if($_POST['subm'] == "") { print "You did not enter a new pic. [url='yourgang.php?action=staff']> Back[/url]"; } else { if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['newpic'])) { echo "Invalid Extension!"; } if(@getimagesize($_POST['newpic']) == FALSE) { echo "Invalid Extension!"; } $_POST['subm'] = str_replace(array(".php"), array(""), $_POST['subm']); $_POST['subm']=str_replace('\\\'',''', $_POST['subm']); mysql_query("UPDATE gangs SET gangPIC='{$_POST['vp']}' WHERE gangID={$gangdata['gangID']}",$c); print "Gang pic changed! [url='yourgang.php?action=staff']> Back[/url]"; } { print "Current Pic: "; if($gangdata['gangPIC']) { print "[img={$gangdata[]"; } else { print "[b]No Gang Picture[/b]"; } print"<hr /> <form action='yourgang.php?action=staff&act2=pic' method='post'> Please note that the pic must be externally hosted, [url='http://tinypic.com']Tinypic[/url] is our recommendation. Any pics that are not 400x100 will be automatically resized. <input type='hidden' name='subm' value='submit' /> tag: <input type='text' name='vp' value='' /> <input type='submit' value='Change' /></form>"; } } } It works but shows th errors when i dont want them to be shown. For example. "You did not enter a new pic" when I havent clicked submit yet and "Invalid Extension!Gang pic changed". Its hard to explain but im sure you'll figure it out. :thumbsup: Thanks in advance -CJ - Twitch PS: How secure is this? Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted April 4, 2010 Share Posted April 4, 2010 Line 20: $_POST['subm']=str_replace('\\\'',''', $_POST['subm']); should be $_POST['subm']=str_replace('\\\'','\'', $_POST['subm']); thats the first thing i saw from looking but what error exactly r u getting? Quote Link to comment Share on other sites More sharing options...
Danny696 Posted April 4, 2010 Share Posted April 4, 2010 $_POST['newname'] = str_replace(array("meta","http-equiv","http","refresh","content","www.",".com",".co.uk"), "", $_POST['newname']); Who did that? Quote Link to comment Share on other sites More sharing options...
CJ - Twitch Posted April 4, 2010 Author Share Posted April 4, 2010 I don't know. Where did you get that from? Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted April 4, 2010 Share Posted April 4, 2010 <?php function gang_staff_pic() { global $db, $ir, $c, $userid, $gangdata; if($gangdata['gangPRESIDENT'] != $userid) { echo "You are not the gang leader"; $h->endpage(); exit; } if(isset($_POST['vp'])) { if(empty($_POST['vp'])) { print "You did not enter a new pic. [url='yourgang.php?action=staff']> Back[/url]"; $h->endpage(); exit; } if(!preg_match('~(.?).(jpg|jpeg|gif|png)~i', $_POST['newpic'])) { echo "Invalid Extension!"; $h->endpage(); exit; } if(@getimagesize($_POST['newpic']) === FALSE) { echo "Invalid Extension!"; $h->endpage(); exit; } $_POST['vp'] = str_replace(array(".php"), array(""), $_POST['vp']); $_POST['vp']=str_replace('\\\'','\'', $_POST['vp']); $_POST['vp'] = $db->escape($_POST['vp']); $db->query("UPDATE gangs SET gangPIC='{$_POST['vp']}' WHERE gangID={$gangdata['gangID']}",$c); print "Gang pic changed! [url='yourgang.php?action=staff']> Back[/url]"; } else { print "Current Pic: "; if($gangdata['gangPIC']) { print "[img=".htmlspecialchars(stripslashes($gangdata[]"; } else { print "[b]No Gang Picture[/b]"; } print"<hr /><form action='yourgang.php?action=staff&act2=pic' method='post'> Please note that the pic must be externally hosted, [url='http://tinypic.com']Tinypic[/url] is our recommendation. Any pics that are not 400x100 will be automatically resized. Pic: <input type='text' name='vp' value='' /> <input type='submit' value='Change' /></form>"; } } Quote Link to comment Share on other sites More sharing options...
CJ - Twitch Posted April 4, 2010 Author Share Posted April 4, 2010 Thanks MTG. :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.