ryantroop

k.. so first off, you are connecting to your database twice, for no reason > mysql_connect('localhost','root','root');mysql_select_db('project');$dbname="project"require('fpdf.php');//Connect to your databasemysql_connect("$host", "$username", "$password")or die("cannot connect");mysql_select_db("$db_name")or die("cannot select DB"); all that could be simplified... $usr = 'usrname'; $pw = 'pw'; $host = 'localhost'; $dbname = "project"; $db = mysql_connect($host, $usr, $pw); mysql_select_db($dbname, $db) …

Do you mean as an IP address? Need a little more specifics than that... dicts require an identifier (usuall a string), and the object(s) that the identifier refers to... so... ip_addys = dict() ip_addys['first_ip'] = 12.0.0.0 should probably work... There are other ways to directly insert into a dict as …

You could probably look into the unittest module, and make tests based on the various injection types you are trying to test against. The user would input their database/table and username/password (or, check for their proper setup of a database/table user privelege by spoofing an anonymous query), and use various …

for($i=0;$i<$countCheck;$i++) 103. { 104. $del_id = $checkbox[$i]; 105. $sql = "delete FROM table WHERE id = $del_id"; 106. $result = mysql_query($sql, $con); 107. } You need to put single quotes around $del_id on line 105. Change it to $sql= "delete FROM table WHERE id = '$del_id'"; However, I would seriously …

To start... if that is a direct copy, you shouldnt have spaces after the $ so.. change function AppNotify ($Uid,$Message,$Data) { return; } function AppNotifyUnfriend($Uid,$Message,$Data) { return; } and see if that makes any changes... otherwise, personally I would need more info than that to help... something is missing.

Adding/improving on what is above... Learn SQL and understand what an SQL injection attack is.... if you know the language, you will understand what you don't want users putting into your SQL table, and what they will be getting out of it. Once you know all of that, you can …

If you open a file using "w" mode it truncates the file (thus making it 0 in length) so your code wont even execute. Try opening the file in "a" or "a+" mode. (a is writing, a+ is reading and writing)

I know it sounds silly.. but it's happened to me before that I didn't put a semi-colon at the end of my sql query, and it failed since SQL was waiting for a new command... Try: $queryget = mysql_query("SELECT * FROM image WHERE user_id = '$user_id_s';"); If that doesnt work, …