1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Does anyone know the echo code?

Discussion in 'PHP & Perl' started by StinkyPeat, Jul 26, 2010.

  1. StinkyPeat

    StinkyPeat Registered Member

    Joined:
    May 19, 2010
    Messages:
    95
    Likes Received:
    45
    Hi There

    I used to own a warez website were people would click a link and using an echo code the download name would appear on the next site

    kinda like this


    download.php?id=sex and the city 2


    and then when they clicked to the next page the name would still be there

    anyone know this code? it was tiny

    thanks
     
  2. voyevoda

    voyevoda Regular Member Premium Member

    Joined:
    Mar 21, 2010
    Messages:
    217
    Likes Received:
    97
    Location:
    Eastern Front
    Code:
    <?= $_GET['id'] ?>
    You probably want to escape the data coming in from the querystring, though, or I could link you to

    Code:
    whatever.com/download.php?id=%3Cscript%3Ealert(%22lol%20malicious%20code%22)%3B%3C%2Fscript%3E
    and run arbitrary Javascript in your browser. :)
     
    • Thanks Thanks x 2
  3. aReJay

    aReJay Power Member

    Joined:
    Apr 29, 2009
    Messages:
    736
    Likes Received:
    237
    Location:
    Down under
    if you have an active MySQL Connection

    PHP:
    <?php

    $id 
    mysql_real_escape_string($_GET['id']);
    echo 
    $id;

    ?>
     
    • Thanks Thanks x 1
  4. StinkyPeat

    StinkyPeat Registered Member

    Joined:
    May 19, 2010
    Messages:
    95
    Likes Received:
    45
    Many Thanks voyevoda. Thats exactly what I was looking for :D