Guest Anonymous Posted September 26, 2008 Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. I think this topic should be rename "8 Lines to secure your site from 'some' known sql injections.". Yes, it works, but only for certain areas. Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted September 26, 2008 Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. easier to protect all the scripts than just add it in header Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 26, 2008 Author Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. Nyna the topic says: 8 Lines to secure your site from "known" sql inections. Known injections: # Markets # Forum Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted September 26, 2008 Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. define known Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 26, 2008 Author Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. Known: What majority of the people know. :lol: Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted September 26, 2008 Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. Nyna the topic says: 8 Lines to secure your site from "known" sql inections. Known injections: # Markets # Forum There are plenty of other "known" injections. Quote Link to comment Share on other sites More sharing options...
Tezza` Posted September 26, 2008 Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. Im sure there is an items injection also. Quote Link to comment Share on other sites More sharing options...
Karlos Posted September 26, 2008 Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. There Is :wink: Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 26, 2008 Author Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. The item injection is in v1, that is the quantity mod. Quote Link to comment Share on other sites More sharing options...
Karlos Posted September 26, 2008 Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. mike told me one for v2 but i cant remember it Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted September 26, 2008 Share Posted September 26, 2008 Re: 8 Lines to secure your site from known sql injections. i have a file with all the sql injections in i know for security reasons and to help people protect against them lol but yeah wait ill get it 01.e1010 its v1 i believe since i've tested it over a million times on v2 Quote Link to comment Share on other sites More sharing options...
flipster Posted September 28, 2008 Share Posted September 28, 2008 Re: 8 Lines to secure your site from known sql injections. Below is the code i use to secure all my sites against sql injections Edit: Thanks for the observation killah usage: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. what line do you add this under Quote Link to comment Share on other sites More sharing options...
Karlos Posted September 28, 2008 Share Posted September 28, 2008 Re: 8 Lines to secure your site from known sql injections. <?php Quote Link to comment Share on other sites More sharing options...
Dave Posted September 28, 2008 Share Posted September 28, 2008 Re: 8 Lines to secure your site from known sql injections. <?php What xD? Quote Link to comment Share on other sites More sharing options...
Karlos Posted September 28, 2008 Share Posted September 28, 2008 Re: 8 Lines to secure your site from known sql injections. i always put em there and it works for me :wink: Quote Link to comment Share on other sites More sharing options...
Tylor Posted September 28, 2008 Share Posted September 28, 2008 Re: 8 Lines to secure your site from known sql injections. ive een told that this is nto even a real security script its a lie Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted September 28, 2008 Share Posted September 28, 2008 Re: 8 Lines to secure your site from known sql injections. ive een told that this is nto even a real security script its a lie It secures some problems but i guess since you had to be told it doesn't work and its a lie that makes you right... lol SARCASM Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted September 28, 2008 Share Posted September 28, 2008 Re: 8 Lines to secure your site from known sql injections. ive een told that this is nto even a real security script its a lie I can only assume this was in reference to a discussion on IRC which I post as matter of curiosity... (This was from a public discussion on the #ce channel) You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. As I've pointed out - these lines DO protect SOME areas, but there are plenty of other known points of, shall we say, "interest" to anybody feeling a little frisky in relation to "playing" with other peoples sites. Realizing that your code may be susceptible is the first step. Doing some basic research into the subject with your friendly Google is the second. Learning the relevant skills necessary to block these attacks is the next. And no, they are not complex - there is plenty of discussion material here and elsewhere specifically aimed at both the DBS/MCcodes platform(s) and other environments. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 29, 2008 Author Share Posted September 29, 2008 Re: 8 Lines to secure your site from known sql injections. Nyna & Other's, the problem here is people post there blabaring bullshit before they read. I did state on the second page it secures the forum, and the market's. DID I EVEN SAY THIS WILL SECURE YOUR ENTIRE WEBSITE?! Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted September 29, 2008 Share Posted September 29, 2008 Re: 8 Lines to secure your site from known sql injections. wouldn't it be easier to make a function to secure all sql queries Quote Link to comment Share on other sites More sharing options...
Tezza` Posted September 29, 2008 Share Posted September 29, 2008 Re: 8 Lines to secure your site from known sql injections. Nyna & Other's, the problem here is people post there blabaring bullshit before they read. I did state on the second page it secures the forum, and the market's. DID I EVEN SAY THIS WILL SECURE YOUR ENTIRE WEBSITE?! In IRC, we did not say i secures your whole site, it was tylor who came back and was like "secured my site from sql injections now" Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted September 30, 2008 Share Posted September 30, 2008 Re: 8 Lines to secure your site from known sql injections. wouldn't it be easier to make a function to secure all sql queries In globals.php You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Use as shown (Preferences - Name Change given as example) You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. or You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Above switch($_GET['action']) You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Secures $_POST if used properly (alphanumeric) You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted September 30, 2008 Share Posted September 30, 2008 Re: 8 Lines to secure your site from known sql injections. wouldn't something like: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. in header work (you would need something to check see if its alphabetical or numeric) EDITED! i did a little research im not sure if this would work but ill give it a go lol You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Don't use this until someone with more experience posts if im right or wrong lol More CTYPE: ctype_alnum ctype_alpha ctype_cntrl ctype_digit ctype_space ctype_xdigit EDITED ONCE AGAIN Due to unknown reasons this code has been said to not work i recommend not using it till more research on this is made. by this code im talking about the code in this reply alone i am not commenting on other peoples. Thanks for reading Quote Link to comment Share on other sites More sharing options...
Floydian Posted September 30, 2008 Share Posted September 30, 2008 Re: 8 Lines to secure your site from known sql injections. Catch alls that filter through the entire get and post are just ridiculous... I have an even better idea, don't allow users to submit user input. Don't ever update or insert, or delete anything in the database. That should secure just about any site. Don't believe me? lol Even better, take out this line: mysql_connect($host, $user, $pass); I guarantee you will never suffer a mysql injection again! -------------------------------------------------------------------- Obviously I jest, but a point is illustrated here. Whilst those things will work, you give up certain functionality. Cycling through the entire get and post arrays and escaping all text is just way to overreaching. What if you want to have an email script? You'd be sending out email with slashes all over it... That's really smart! What if you buy a mod from someone that actually took the time to secure their script the RIGHT WAY?? If you escape all get and post strings, their script will escape them again (unescaping them basically) and you're screwed. You'd be in luck with my scripts because I almost exclusively use the REQUEST array which I never see being escaped in these catch alls... Those aren't the only reasons that those catch all's shouldn't be done, but maybe the biggest one is it shows two things. One of them is okay, and to be expected. The other, I think, people would want to avoid. It shows: inexperience. Nothing wrong with that. We've all been inexperienced programmers. It also shows: LAZINESS!! More specifically, being too lazy to do things properly. That's IMHO. Feel free to be lazy and stuck on noob, I won't complain. ;) Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 30, 2008 Author Share Posted September 30, 2008 Re: 8 Lines to secure your site from known sql injections. Zero, why you posting code that is not your's? :| Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.