PDA

View Full Version : form handling


sabret00the
29 Apr 2004, 09:34
i thought i'd make my form a little more secure with
if (isset($source)) {
if ($source == '$PHP_SELF?projectid=$projectid') {

at the top of the handler, however the else of both query's shows you an error message

and since i'm considentantly getting this error message everytime i try and do something through the form, i'm wondering what i'm doing wrong?

Xenon
29 Apr 2004, 14:23
if you use single quotes, then variables are not parsed, so you should use $source == $PHP_SELF . '?projectid=' . $projectid

sabret00the
29 Apr 2004, 14:39
thanks xenon, however still can't get it to work, could you please take a look at this and tell me i'm just coding this badly or not

$projectid = intval($_POST['projectid']);
if (isset($rate_source)) {
if ($rate_source == $PHP_SELF . '?projectid=' . $projectid) {
if ('project_rate' && $rate && $projectid != '' && $bbuserinfo[userid] > 0) {
$projectid = intval($_POST['projectid']);
$verify = $DB_site->query_first("
SELECT userid
FROM project_rate
WHERE projectid = $projectid AND userid = $bbuserinfo[userid]
");
if ($verify) {
eval(print_standard_error('error_project_novotetwice'));
} else {
$DB_site->query("INSERT INTO project_rate SET
projectid = '$projectid',
userid = '$bbuserinfo[userid]',
rate = '$rate',
timestamp = '".time ()."'");

header("Location: $PHP_SELF?s="); //takes you back to main project page
}
} else {
eval(print_standard_error('error_project_voteerror'));
}
} else {
eval(print_standard_error('error_project_shouldnotbehere'));
}
} else {
eval(print_standard_error('error_project_shouldnotbehere'));
}

Xenon
29 Apr 2004, 14:53
well, you should start to use the vb3 coding rules, as it would make the code better readable.

but apart from that, i don't see, whats wrong right now..

btw, the second ($projectid = intval($_POST['projectid']);) is useless ;)