mySQL Injection GET
stripslashes doesn't cut it.
use mysql_real_escape_string instead.
Thanks a lot
fixed in SVN now. (NB, note that I havn't bothered securing the admin-panel, it going for a complete rewrite anyway).
> I quickly realized that the only good (open source) imageboard out there is written in Perl
This is a problem because it is... too fast? Too secure?
it's a problem because a lot of people don't know Perl very well, because it's not default on (more or less) every webhost out there, and it can be buggy to setup since you only get a error500 when something is wrong.
over all my point is. PHP may, in many ways, be a horrible language - but it has one very big advantage: "it's without doubt the most used language out there for webscripting".
Anyway - why i wrote this in PHP doesn't really matter since it's my decision, and it's not going to change :) Now I just try to get the best out of it.
Worst thing that could happen
PHP: mySQL injection'; DROP TABLE foo
'
Perl: ../../etc/passwd%00