Please review my code, as my site has been sabatoged
Posted: Tue Sep 19, 2006 12:44 am
feyd | Please use
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
This is my form processer for one of my registration forms for my model site. I have been hacked/sabataged or whatever people want to call it. And I believe this page is one of two pages whic might be causing the problem. This code is supposed to be called when the form is processed instead another page is instead. I was wondering how weak and ineffient this code is, and what I could do to improve it.Code: Select all
<?
include("include/dbconnect.php");
$exista=@mysql_query("select * from members where user='$user' or email='$email'");
if (mysql_num_rows($exista) > 0)
{
header("location:subscribe_member.php?name=$name&email=$email&".
"address=$address&city=$city&country=$country&ptype=$ptype&".
"website=$website&experience=$experience&equipment=$equipment&".
"user=$user&pass=$pass&mesaj=".urlencode("Please select another ".
"username. The username or email you selected is allready taken"));
} else
{
mysql_query ("insert into members (name, email, address, city, country, user, pass, date_of_subscription, photo_type,
experience, equipment, status, subscription_expires_on, last_ip, website) values ('$name','$email', '$address', '$city', '$country', '$user', '$pass', CURRENT_DATE, '$ptype', '$experience', '$equipment', 'new', CURRENT_DATE, '$REMOTE_ADDR', '$website')");
}
include("header.php");
?>
<form name="member_join" action="subscribe_member2.php" method="post">
<table width="244" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="3"><img src="gfx/head_register.gif" width="492" height="48"></td>
</tr>
<tr>
<td width="1" background="gfx/thead_unten.gif"><img src="gfx/thead_unten.gif" width="1" height="1"></td>
<td width="490"><table width="490" border="0" cellspacing="5" cellpadding="0">
<tr>
<td class="BOD"><strong>
Thank you !.<br>
We have recived your data and saved it into our database. <br>
You will be informed if your subscription will be accepted when our operator will review your information.
Have patience, do not subscribe several times, you may end up beeing banned.
</strong><br>
<br>
<br>
<br>
<br>
</td>
</tr>
</table></td>
<td width="1" background="gfx/thead_unten.gif"><img src="gfx/thead_unten.gif" width="1" height="1"></td>
</tr>
<tr background="gfx/thead_unten.gif">
<td colspan="3"><img src="gfx/thead_unten.gif" width="492" height="1"></td>
</tr>
</table>
</form>
<?include("footer.php");?>feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]