MyBB Community Forums

i was trying to make a script to generate a bunch of links

<?php


if($_POST['gen'] == "gen")
	{ 
		$_POST['filename'] = $name;
		$_POST['url'] = $url;
		$_POST['imax'] = $imax;
		$_POST['ext'] = $ext;
		$_POST['pre'] = $pre;
		$i = 0;
		while($i < $imax )
			{
				if($i > 9 && ($pre == "0" ||$pre == "00"))
					{	
						if($pre == "00" && $i > 99)
							{
								$pre = "0";
							}
						else
							{
								$pre = "";
							}	
					}
				echo $url.$pre.$name.$i.$ext;
				echo "<br/>";
				$i++;
			}
	}
else
	{
		print '
			<html>
				<head>
					<title>Generate Links</title>
				</head>
				<body><form action="gen.php" method="POST" />
					<table border="0">
						<tr>
							<td>Input Name:</td><td style="padding-left: 50px;"><input type="text" name="filename" /></td>
						</tr>
						<tr>
							<td>Input Maximum i:</td><td style="padding-left: 50px;"><input type="text" name="imax" /></td>
						</tr>
						<tr>
							<td>Input Maximum Pre:</td><td style="padding-left: 50px;"><input type="text" name="pre" /></td>
						</tr>
						<tr>
							<td>Input Url:</td><td style="padding-left: 50px;"><input type="text" name="url" size="50" /></td>
						</tr>
						<tr>
							<td>Input Extension:</td><td style="padding-left: 50px;"><input type="text" name="ext" /></td>
						</tr>
						<tr>
							<td colspan="2"></td><td style="padding-left: 50px;"><input type="submit" name="submit" value="Go" /></td>
						</tr>
					</table>
					<input type="hidden" name="gen" value="gen" />
					</form>
				</body>
			</html>
				';

	}

?>

so the $imax value becomes a string even

<input type="integer" ....

didn't work

and then it won't echo anything except the $i value

anyone who can spot what i've obviously missed

Use input type="text". An integer type does not exist. Text will return what you want-- write a cast in the PHP to limit it to an integer.

Example:

$value = (!empty($_POST['whatever']) ? (int) $_POST['whatever'] : 0);

And in the HTML:

Value is: <input type="text" name="whatever" value="" />

-Ygg

Aren't these the wrong way round....??

$_POST['filename'] = $name;
$_POST['url'] = $url;
$_POST['imax'] = $imax;
$_POST['ext'] = $ext;
$_POST['pre'] = $pre;

You're trying to assign undefined values to parts of the $_POST array.

$name = $_POST['filename'];
$url = $_POST['url'];
$imax = $_POST['imax'];
$ext = $_POST['ext'];
$pre = $_POST['pre'];

Or, less code:

foreach($_POST as $key => $val)
{
	$$key = $val;
}
// if $_POST['url'] was "http://mybboard.net/" then $url would equal that too

thanks Matt worked like a charm

sorry that was such a "doofussy" mistake

(2010-02-04, 08:25 AM)MattRogowski Wrote: [ -> ]Or, less code:
foreach($_POST as $key => $val)
{
	$$key = $val;
}
// if $_POST['url'] was "http://mybboard.net/" then $url would equal that too

This opens a gaping whole for hackers, as they could set any variable they want. It's basically register_globals

Never thought of that... that was in one of the first PHP books I got :|

(2010-02-04, 08:24 PM)laie_techie Wrote: [ -> ]
(2010-02-04, 08:25 AM)MattRogowski Wrote: [ -> ]Or, less code

This opens a gaping whole for hackers, as they could set any variable they want. It's basically register_globals

Indeed, you at least have to escape everything properly but I would not recommend this method at all...
Use your old code the right way round and everything should be well (look for strip_tags and htmlspecialchars though).

yeah i do just intend on using it for myself only so no need to escape stuff...just a simple script i was toying with

thanks Lennart

Jitendra M

Yggdrasil

Matt

Jitendra M

laie_techie

Matt

Lennart Sauter

Jitendra M