Search the Community

Hi Larry, I recently came across an attempted hack via the index.php module (pages 57...). I checked the logs and they added additional stuff to the $_GET['p'] data. In case it is of interest, I think the code I have added should avoid that in the future: if (isset($_GET['p'])) { $p = $_GET['p']; // if there's any characters in there that shouldn't be, exit if (!preg_match("/^[a-z\_]/", $p)) { exit ("Invalid attempt to access this module"); } } else $p = NULL; Can you suggest a better way? Thanks, and Cheers

I'm building a one page website which uses php, mysql and jquery to provide various functionality including form processing. After the form is processed I would like a simple message to be displayed which can then be hidden by clicking a button. What would be the best way to achieve this. I was thinking of displaying the message in a div which could toggle between display:none and display:block. The php file which processes the form and inserts the data to the d/b could redirect to the same page with a hidden field which could be checked and if set could use javascript to set the message div to display:block. My questions are: 1. is this a good way to achieve this or would you suggest an alternative approach? 2. if I used the above approach, how do I get the javascript to check if the hidden field is set in the $_GET variable? I did a little seach and saw something about using decodeURIcomponent. Before I start looking into thIs more, is decodeURIcomponent a good method, are there others? and any tips on using decodeURIcomponent? Thanks for any suggestions.