[thelist] PHP_SELF / Contact Form

DAVOUD TOHIDY dtohidy at hotmail.com
Thu Jul 29 15:11:19 CDT 2010




> Date: Thu, 29 Jul 2010 21:39:37 +0200
> From: jens.brueckmann at gmail.com
> To: thelist at lists.evolt.org
> Subject: Re: [thelist] PHP_SELF / Contact Form
> 
> > I did that but it just outputs the content of  contact.php file without processing the form.
> 
> Davoud, that is no wonder as the method you specify in your
> method-attribute is "get" while your processing script is waiting for
> POST-variables.
> Either change your script variables to $_GET['XXX'] or your method to "post"

Using action="<?php 'mypages/contact.php' ?>" method="post" >

I get this:
Warning:  mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user '***'@'localhost' (using password: NO) 
in /home/***/***/***/mypages/contact.php on line 27

and html source code it says action=" "

I have not set up any users and that I do not connect to the database within contact.php file
however i check for the sql injections like:

if(isset($_POST['btnshoot'])) { 
$name = mysql_real_escape_string(htmlentities(strip_tags(stripslashes(trim($_POST['name'])))));// etc

using action="<?php $_GET['mypages/contact.php'] ?>" method="get"  i get:

Not Found
The requested URL /***/<br /><b>Notice</b>:  
Undefined index:  mypages/contact.php in
<b>/home/***/***/***/mypages/contact.php</b> on 
line <b>211</b><br /> was not found on this server.
 		 	   		  


More information about the thelist mailing list