To at least add Some defense against hackers, you also want to change line 116 in "genCode.php" from
$query_str .= "'\" . \$_POST . \"'";
to
$query_str .= "'\" . mysql_real_escape_string(\$_POST) . \"'";
There is seriously zero security in these forms… No wonder people had reported getting hacked :-/
They're also written seemingly without any knowledge of modern (i.e, past 15 years) coding practices. While I applaud the effort on making such a useful tool, following OOP (and good PHP coding practices) would have made this much much much much easier…
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2012-04-10
Also, this code seems abandoned… If it really is, if there is interest, I'll move this over to a github and recode/maintain it :-)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Alright nevermind, all works now, I just forgot to add server specs to connect to the db. Works like a charm!
Now all we need is someone to update the generator for it to really work well. If you want to hook up with this project and work together please do say so. I have a CRM extension I would like to add to it. Hit me up!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
https://gist.github.com/2353326
To at least add Some defense against hackers, you also want to change line 116 in "genCode.php" from
$query_str .= "'\" . \$_POST . \"'";
to
$query_str .= "'\" . mysql_real_escape_string(\$_POST) . \"'";
There is seriously zero security in these forms… No wonder people had reported getting hacked :-/
They're also written seemingly without any knowledge of modern (i.e, past 15 years) coding practices. While I applaud the effort on making such a useful tool, following OOP (and good PHP coding practices) would have made this much much much much easier…
Also, this code seems abandoned… If it really is, if there is interest, I'll move this over to a github and recode/maintain it :-)
oh, and also in the root directory, create a folder 'tmp', and inside that create a folder 'persistent'. That should be it :-)
You can download it from his repo, here: http://phpformgen.cvs.sourceforge.net/viewvc/phpformgen/v3/?view=tar
I am getting the following error:
Program malfunction, please start over. Query string: form_id=
Also you dont tell us which genCode.php should be updated with the code you mention. There are several genCode.php files in your download.
Also correct me if I am wrong, but isnt someone working on this here: http://phpformgen.git.sourceforge.net/git/gitweb.cgi?p=phpformgen/phpformgen;a=summary
Alright nevermind, all works now, I just forgot to add server specs to connect to the db. Works like a charm!
Now all we need is someone to update the generator for it to really work well. If you want to hook up with this project and work together please do say so. I have a CRM extension I would like to add to it. Hit me up!