I do validate. I really do.
Level 13
<?php
if (isset($_GET['name']) && isset($_GET['email'])) {
$user = mysql_real_escape_string($_GET['name']);
$email = mysql_real_escape_string($_GET['email']);
$result= mysql_fetch_assoc(mysql_query("SELECT `email` FROM `members` WHERE name = '$user'"));
$reply = false;
if ($email == $result['email'])
{
$reply = true;
}
} else {
$reply = false;
}
echo ($reply) ? 1 : 0;
?>
The script's filename is vrfy.php Make the script reply 1.
Use the relative path. You don't know any users or emails.
___________________
|___________________|check
- Since the isset() function only determines if a variable is set and is not NULL, it does not check the value of the variable. Here below is an example.
< ?php
$var = '';
// This will evaluate to TRUE so the text will be printed.
if (isset($var)) {
echo "This var is set so I will print.";
}
? > - Input 'vrfy.php?name=&email=' and check.
- It's done.