إستفسار بخصوص لغة php

$title

???? ???? ??? ?????? , ?? ??????? ??? ????

كود: تحديد الكل

$_POST['title']

???? ?? ?????? ?? ???? ???? ?? ?????? , ??? ???? ???? ?? ??? ?? ???? sql injection

?????? ?????
???? ????? ????? ????? ?????? ?? ????

??????? ??????? ???? ?? ??? ?????? ??? ?? ??? ?? ???? ???????? ???? ?? ???? ?????? ?? ?? ?????? ??????? ???? ???????? ???? ???? ????? ??? ????? ????? ??? ???????? ????? ??????

??? ????????? ??? ???????? ?????

????? :
??? ??? ??? ???? ?? ???? ????? ???? ??
showforum.php?=6
?????? ?? ???????? ??????

???? ????? ??? selcet ??????? ?????? ????? ?? ????? ?? ??

??? ????? ?????

كود: تحديد الكل

<?php
session_start();
if(!$_SESSION['username']){ 
	echo "<font color=\"#FF0000\"><b>please log in <META HTTP-EQUIV=\"refresh\" CONTENT=\"1; URL=login.php\"></b></font>";
exit;
}  
	include('../config.php');
 	include('../easytemplate.php');
	$con = mysql_connect($hostname,$user,$pass);
	  if(!$con)  
	  {  
	   die('can not connect'.mysql_error());  
	  }  
	mysql_select_db($db_name,$con);
		 
	$post_all = "SELECT post_id,forum_id,title,img,small_data,data 
				FROM post 
				WHERE forum_id='$id'
				ORDER BY post_id DESC" ;
	
	$tmpl = new EasyTemplate('style','cache');
	print $tmpl->display('body/showforum_body.html');
     
	mysql_close($con); 
 ?>

??? ????? ???????

كود: تحديد الكل

<?php

session_start();
if(!$_SESSION['username']){ 
	echo "<font color=\"#FF0000\"><b>please log in <META HTTP-EQUIV=\"refresh\" CONTENT=\"1; URL=login.php\"></b></font>";
exit;
}
  
	 	include('../config.php');
 	include('../easytemplate.php');
	$con = mysql_connect("$hostname","$user","$pass");
	  if(!$con)  
	  {  
	   die('can not connect'.mysql_error());  
	  }  
	mysql_select_db($db_name,$con);

   $query_post = "select * from post where post_id ='$id'";  
   $result_post = mysql_query($query_post);  
    
   while($row = mysql_fetch_object($result_post)) { 
    $title = $row->title;
    $img = $row->img;    
    $data = $row->data;
    $post_id = $row->post_id;
   }  

	$forum_id_name = "SELECT post_id, img, title, data FROM post WHERE post_id='$id'" ;

	$tmpl = new EasyTemplate('style','cache');
	print $tmpl->display('body/showpost_body.html');
     
	mysql_close($con); 
 ?>

?? ?? ???????

????? ??? ?? ????????? ?? id ?? ???????

???? ??

كود: تحديد الكل

$id

???? ??? ????

كود: تحديد الكل

$_GET[id]

?? ??????? ???? ????? ???? ????? ?????????

??? ??? ???? mail()

????? ?????? ?????? ?????? ????? ???? ????? ???? ?? ??????? ?? ??? ???? ????? ?? ????? ?? ????? .. !!

كود: تحديد الكل

<html>
<body>
<?php
function spamcheck($field)
  {
  //filter_var() sanitizes the e-mail
  //address using FILTER_SANITIZE_EMAIL
  $field=filter_var($field, FILTER_SANITIZE_EMAIL);

  //filter_var() validates the e-mail
  //address using FILTER_VALIDATE_EMAIL
  if(filter_var($field, FILTER_VALIDATE_EMAIL))
    {
    return TRUE;
    }
  else
    {
    return FALSE;
    }
  }

if (isset($_REQUEST['email']))
  {//if "email" is filled out, proceed

  //check if the email address is invalid
  $mailcheck = spamcheck($_REQUEST['email']);
  if ($mailcheck==FALSE)
    {
    echo "Invalid input";
    }
  else
    {//send email
    $email = $_REQUEST['email'] ;
    $subject = $_REQUEST['subject'] ;
    $message = $_REQUEST['message'] ;
    mail("m_d55@hotmail.com", "Subject: $subject",
    $message, "From: $email" );
    echo "Thank you for using our mail form";
    }
  }
else
  {//if "email" is not filled out, display the form
  echo "<form method='post' action='aa.php'>
  Email: <input name='email' type='text' /><br />
  Subject: <input name='subject' type='text' /><br />
  Message:<br />
  <textarea name='message' rows='15' cols='40'>
  </textarea><br />
  <input type='submit' />
  </form>";
  }
?>

</body>
</html>

?? ?????? كتب:???? ?? ?????? ?? ???? ???? ?? ?????? , ??? ???? ???? ?? ??? ?? ???? sql injection

كود: تحديد الكل

$query_post = "select * from post where post_id ='$id'";

?? ???? ???? !

????? ?? ?? ????? ?? ???? ??? ????? !!!!

?????? ?????

???? ????? ???? ?????? ?? ??????

????? ??? ?? ??? ???? ?? ?????? ??? ?? ???? ??????

???????? ??????

'".intval($_GET[id])."'

??? ???? ???? ???? ???? ?? ??? ??? ??? ???? ?? ??? ??? ??? ????? ?????? ??? ??????? ?? ??? ???????
http://www.moffed.com/community/viewtop ... =31&t=3474

إستفسار بخصوص لغة php

??????? ????? ??? php

??????? ????? ??? php

??????? ????? ??? php

??????? ????? ??? php

??????? ????? ??? php

??????? ????? ??? php

??????? ????? ??? php

الموجودون الآن