PHP What is wrong here ?

Okay I'm new to PHP only started this morning so would anyone like to help me figure out what's wrong with the following code. I know it's probably the really easy php stuff but like I said I only started learning it this morrning.

$rfile=fopen("number.txt", "w+");
$fileidnum=fread($rfile, filesize("number.txt"));
$newfileidnum=$fileidnum+1;
fputs($rfile, $newfileidnum);
fclose($rfile);
$filecontents=$_GET["message"];
$filename=$fileidnum;
$file=fopen($filename, "a+");
fputs($file, $filecontents);
fclose($file);
echo "To let someone view your message, give them this url: http://darkpanther.freehostia.com/php/message.php <br>"

?>```

Btw if your wondering why it's DarkPanthers site it's 'cause I am DarkPanther I'm using Reapers account because he left it logged on and I didn't realise :P

It'd help if we knew what it was supposed to do and what it does instead…

It's supposed to read a number from a file then write into that file a new number. It then uses the old number as a filename fora file to open in which it writes a message (entered on a HTML page)

It just brings errors lol

DarkPanther

Yeah :P I made it GET on purpose so I can add a message quickly without going to the .html page lol

I've fixed it now anywhu lol Well… I didn't fix it I just did it a different way :P

http://darkpanther.freehostia.com/php/message/form.html

maybee you should do some more checks so you can't do XSS ;)

Yeah :P it's my first script so it's completely vaunerable :P

If anyone is trying to learn guestbook hacking or something… feel free to use this :P

ok, here's two things you need to do

when you set the variables, do this

$variable = strip_tags(stripslashes($_GET['value']));

why?

well first off, you allowed html on the page, so my open <textarea> tag just ruined all the fun, so strip_tags will strip html

second, notice the slashes everywhere after a '

stripslashes will get rid of those too