i have done one project on school management system as my acadamic project...its very interesting ..maintaining the all teachers information,applying online leave s,browsing their history of service,applying online transfer etc....
Provide small code that runs on online and show output immediately and provide them to edit that code...just like in w3schools.... and also showing input and output with simple examples is the best way to show them what is going there.....
<?php
session_start();
$my="blue";
session_unregister("my");
session_register("my");
$_SESSION['my']=$my;
echo "<a href='show_session_var.php'>Click here to go to next page</a>";
?>
set your flag field according to your requirement, means when you clicked on the delete make your flag to 1,then the message is under trash... Explanation: when user send one message ,then insert it into messages table with flag=0,then when in inbox ,write your query with where clause is where flag=0...and when user deletes that,make your flag to be 1,then it is under trash.... try this and notify if any error comes...
That will just redirect the page once the button is clicked. To post the form data to different scripts depending upon the button clicked, you need to make use of javascript.
ok naveen... i have understand the thread in that way..
check these: References [1] Jesse Burns. Cross site reference forgery - an introduction to a common web application weakness. Whitepaper, https://www.isecpartners.com/documents/XSRF Paper.pdf, 2005. [2] David Endler. The evolution of cross-site scripting attacks. Whitepaper, iDefense Inc., http:// www.cgisecurity.com/lib/XSS.pdf, May 2002. [3] Jeremiah Grossman. Javascript malware, port scanning, and beyond. Posting to the websecurity mailinglist, http://www.webappsec.org/lists/websecurity/archive/2006-07/ msg00097.html, July 2006. [4] Jeremiah Grossman and TC Niedzialkowski. Hacking intranet websites from the outside. Talk at Black Hat USA 2006, http://www.blackhat.com/presentations/bh-usa-06/ BH-US-06-Grossman.pdf, August 2006.
do this first as first aid: • Do not use the firewall for authentication: All http services in the intranet should employ authentication mechanisms on their own. • Change all default passwords on home appliances: Authentication is useless if the password is known. • Disable JavaScript: Enable JavaScript only for trusted pages that really require JavaScript to function. This does not provide protection for the case that one of this pages was victim of an XSS [2] attack, but it reduces the attack surface significantly.
your thinking is right... i think its all because of one virus called JavaScript malware..... scan your all web pages with anti virus scanner and find what is the exact virus..... find the source of it...
why are you placing the same post again and again... do your application in different ways according to the posts mentioned above...and notify the errors... dont place same post again....
if a admin login go to uregister.php page if users login go to userlink.php but following code every one go to the uregister.php page only so i nead above the following condition clear my doubt..
if(isset($_REQUEST))
{ if($_SERVER=="POST"){
$qer="select * from login where username='".$_POST."' and password='".$_POST."'";
