Hi,
I have a guestbook where someone have posted html code. Luckily it doesn't affect me because my code replace < and > with < and >.
Now I wonder, what did they try to do? Any idéas?
//Actual code elided to slow down script kiddies -- Weedpacket
it looks like they tried to make it so they had an upload form on there so they could upload files and also a textbox where they can enter commands that your server would execute. also next time enclose your code inside [PH P] tags, makes it easier to read. go thing you used the htmlspecialchars or they could have gained ftp access or worse if you have high privelages.
wowzers!
Shows why you need form validation!
i think it's actually a security testing script, but is, in this case, being misused!
t'internet's a great place to learn, but detrimental to it's own good
perhaps you should use this function to eliminate every HTML and PHP Tag from a string: php.net manual
cu chris
