 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
>> smattering of PHP (if you saw the code for the
tracker
>> I'm making you would give yourself a tummy ache
>> giggling) I assumed that those were variables I'm
>Do tell! And let us know what you need help with.
Well if I'm going to ask a question it should probably
be on the part where I'm most likely to get cracked,
user input. Below is the page to handle a form on
index.php. Now stop laughing! It's my first module.
Anyway, if any of you real programmers see any
particularly idiotic screwups please let me know. A
friend mentioned that I should sanitize the users
input. Any suggested reading on some simple ways to
do this? Thanks for suggestions.
- Eric C.
****************************************
<?php
/*
* xpsTorrent! - a bittorrent tracker module for
XOOPS
*
* form.php
*/
require('../../mainfile.php');
require(XOOPS_ROOT_PATH.'/header.php');
global $xoopsDB;
global $xoops_url;
$name=htmlspecialchars($_POST['name']);
$hash=htmlspecialchars($_POST['hash']);
$announce=$_POST['announce'];
$metadata=$_POST['metadata'];
$linkback=$xoops_url;
// Let's check to see if this hash is already in the
database
$query = "SELECT DISTINCT hash FROM
".$xoopsDB->prefix('xps_torrents'). " WHERE hash =
'$hash'";
$result = $xoopsDB->query($query);
if ($result) {
if ($xoopsDB->getRowsNum($result) > 0) {
echo " <p>This torrent is already in our database.
<b>Please try again.</b></p>
<a href=$linkback>Click here to return to the
main page.</a>";
}
else {
// Insert a row into the table
$sql = "INSERT INTO
".$xoopsDB->prefix('xps_torrents');
$sql .= " ( name, hash, announce, metadata,
last_scrape ) VALUES ";
$sql .= " ( '$name', '$hash', '$announce',
'$metadata', NOW() )";
if ( ! $xoopsDB->query($sql) ) {
echo( $xoopsDB->error." : ".$xoopsDB->errno );
}
echo " <p>Your information has been successfully
added to the database.</p>
<a href=$linkback>Click here to return to the
main page.</a>";
}
}
require(XOOPS_ROOT_PATH.'/footer.php');
?>
****************************************
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
