Sorry if I'm sounding stupid, I'm very new to PHP and I'm trying to get this set up for a Flash that I am making and don't want things to be exploited Server-Side, Client-Side I can deal with if needed, but it is the server that will be handling all the information, ect.
Code: Select all
<?php
mysql_connect(localhost,whatzhot_chat,XXXXX);
@mysql_select_db(whatzhot_chat);
if ($_REQUEST["reset"] == 1)
{
mysql_query("TRUNCATE TABLE `log` ");
mysql_query("ALTER TABLE `log` AUTO_INCREMENT = 1");
echo "Database reset...";
}
else
{
if($_REQUEST["request_current_index"])
{
echo mysql_numrows(mysql_query("SELECT * FROM log"));
}
else
{
if($_REQUEST["message"] && $_REQUEST["user_id"])
{
mysql_query("INSERT INTO log VALUES ('','" . gmdate("m-d-Y H:i:s") . "','" . filter_var ($_REQUEST["user_id"], FILTER_SANITIZE_NUMBER_INT) . "','". filter_var (mb_convert_encoding($_REQUEST["message"], 'HTML-ENTITIES', "UTF-8"), FILTER_SANITIZE_STRING) . "')");
}
else
{
if($_REQUEST["message"] || $_REQUEST["user_id"])
{
echo "Error: Either message or user_id passed, not both. <br />";
}
}
$result=mysql_query("SELECT * FROM log");
$db_entries=mysql_numrows($result);
if($_REQUEST["from_index"])
{
$index_number = $_REQUEST["from_index"];
if($index_number > $db_entries || $index_number < 0)
{
$index_number = $db_entries;
}
}
else
{
$index_number = 1;
}
for($i = $index_number; $i <= $db_entries ; $i++)
{
echo mysql_result($result,$i - 1,"id") . " " . mysql_result($result,$i - 1,"timestamp") . " " . mysql_result($result,$i - 1,"user_id") . " " . mysql_result($result,$i - 1,"message") . "<br />";
}
}
}
mysql_close();
?>