<? if($pass=="NotCool") { $auth =1; } ?>
This is my secret page !
<? if($auth) { echo "My secrets .. shhhh !"; }
else { ?>
in order to read My secrets you must enter password : <br>
<FORM METHOD="POST" ACTION="<?= $PHP_SELF ?>">
enter password:<INPUT TYPE="PASSWORD" NAME="pass"><br>
<INPUT TYPE="SUBMIT">
</FORM>
<? } ?>
2.include($libdir . "/myscript.php");
3.use is_uploaded_file() to verify upload
4.check all variable you get from get/post/cookie.
if you use one of them in a mysql query
- use :
$name1 = str_replace("'","''",$name1);
If you know you have to get a number
use is_numeric() :
if (!is_numeric($somenum)) { die("go away lammer !");}
5.block warnings and error messages -
change php.ini or use error_reporting(0)