Code: Select all
E85v3j <a href="http://eafymxuiivls.com/">eafymxuiivls</a>, http://fzqbzkdpuqvg.com/]fzqbzkdpuqvg[/url], [link=http://qtgjorhunkih.com/]qtgjorhunkih[/link], http://ynafpdstzjgl.com/This is the second time it's happened, and I don't know how whoever it was is able to do that; there is no account in my MySQL database with the username '2005', and by right non-signed in members are automatically allocated the name of 'Guest'.
Is there something wrong with my code that's allowing this to happen?
($scheck) = not logged in =
session_start();
$scheck = (!(isset($_SESSION['login']) && $_SESSION['login'] != ''));
Comments code:
Code: Select all
<?
if($scheck) {
$cname = "Guest";
}
else {
$cname = $uname;
}
include '../db.php';
include '../common.php';
$page = $_SERVER['REQUEST_URI'];
$sql = "SELECT * FROM comments WHERE page='$page' ORDER BY postdate ASC";
$result = mysql_query($sql);
if(!$result) die(mysql_error());
$num_rows = mysql_num_rows($result);
if ($result) {
if ($num_rows > 0) {
print "<b>Comments</b>";
print "<p><table border='1' bordercolor='black'>";
while($info = mysql_fetch_object($result)) {
print "<tr><td class='sm' colspan='2' width='800'>" .stripslashes($info->subject). " (" .stripslashes($info->postdate). ")</td>";
print "</td></tr><tr><td class='c' width='150'><b>" .stripslashes($info->cname). "</b>";
if($info->cname != 'Guest') {
if($info->cname !='') {
$scname = $info->cname;
$sql = "SELECT * FROM comments WHERE cname='$scname'";
$presult = mysql_query($sql);
if(!$presult) die(mysql_error());
$num_rows = mysql_num_rows($presult);
$postcount = $num_rows;
print "<br>Posts: " . $postcount . "</td>";
}
}
print "<td valign='top' class='c'>" .stripslashes(nl2br($info->comment));
if($info->cname != 'Guest') {
if($info->cname == $uname) {
$page = $_SERVER['REQUEST_URI'];
print "<form name='edit' method='post' action='editcomments.php'>";
print "<input type='hidden' name='page' value='$page'>";
print "<input type='hidden' name='comment' value='$info->comment'>";
print "<input type='hidden' name='commentid' value='$info->commentid'>";
print "<input type='image' src='../pictures/edit.png' name='ec'>";
print "</form>";
}
}
print "</td></tr>";
}
print "</table>";
print "<hr>";
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$comment = $_POST['comment'];
$comment = mysql_real_escape_string($comment);
$comment = htmlspecialchars($comment);
$comment = eregi_replace('(\\\')', ''', $comment);
$comment = eregi_replace('(\[b\])', '<b>', $comment);
$comment = eregi_replace('(\[/b\])', '</b>', $comment);
$comment = eregi_replace('(\[i\])', '<i>', $comment);
$comment = eregi_replace('(\[/i\])', '</i>', $comment);
$comment = eregi_replace('(\[u\])', '<u>', $comment);
$comment = eregi_replace('(\[/u\])', '</u>', $comment);
$subject = $_POST['subject'];
$subject = mysql_real_escape_string($subject);
$page = $_POST['page'];
$date = $_POST['date'];
$cname = $_POST['cname'];
if ($comment == '') {
error('Comment field left empty. Please fill it in and try again.');
}
else {
$sql = "INSERT INTO comments SET page='$page', cname='$cname', postdate='$date', subject='$subject', comment='$comment'";
$result = mysql_query($sql) or die(mysql_error());
if (!result) {
error('Error connecting to database');
}
else {
header('Location: http://' . $_SERVER['HTTP_HOST'] . $_POST['page'] . "#comments");
}
}
}
?>