Jump to content
MakeWebGames

8 Lines to secure your site from known sql injections.

Haunted Dawg

By Haunted Dawg
in Free Modifications

 Share

Recommended Posts

Zero-Affect Newbie

Zero-Affect

Posted
Posted

Re: 8 Lines to secure your site from known sql injections.

 

Zero, why you posting code that is not your's? :|

the above has been sorted out

the idea may have came from code implemented by kyle without my knowledge but he never coded the actual script

in reply to floydian can you give me more insight into why this script is so ridiculous please?

Link to comment
Share on other sites
  • Replies 164
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Floydian Newbie

Floydian

Posted
Posted

Re: 8 Lines to secure your site from known sql injections.

Perhaps you didn't read my entire post then. I did give reasons why it's not a good idea.

I could give more. Mccodes requires magic quotes which is inserting slashes into the get and post already. Add more slashes to it with your method and you get double slashes. Perhaps you've taken out the code on mccodes version two that makes it require magic quotes, and also turned magic quotes off. The other reasons I gave are still valid.

Link to comment
Share on other sites
Haunted Dawg Newbie

Haunted Dawg

Posted
  • Author
Posted

Re: 8 Lines to secure your site from known sql injections.

A little code i just made, you may try use it and test it, add on to it im not sure if it work's as i have not tested it.

Add this code in header.php under the function userdata():

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

Link to comment
Share on other sites
Guest Anonymous

Guest Anonymous

Posted
Posted

Re: 8 Lines to secure your site from known sql injections.

Although it exhibits exactly the same flaws have been discussed before. Not only does it not secure your site, it lulls you into a false sense of security.

Let me do a Floydian...

THIS DOES NOT PROTECT YOUR SITE AGAINST SQL INJECTION

Got it yet? No?

THERE IS NO EASY SOLUTION

If there was an easy solution, don't you think that all sites would be using it - not just simple mccodes based games, but all commercial sites?

Link to comment
Share on other sites
Zero-Affect Newbie

Zero-Affect

Posted
Posted

Re: 8 Lines to secure your site from known sql injections.

 

Although it exhibits exactly the same flaws have been discussed before. Not only does it not secure your site, it lulls you into a false sense of security.

Let me do a Floydian...

THIS DOES NOT PROTECT YOUR SITE AGAINST SQL INJECTION

Got it yet? No?

THERE IS NO EASY SOLUTION

If there was an easy solution, don't you think that all sites would be using it - not just simple mccodes based games, but all commercial sites?

I agree with Nyna now that i did some research and had a short conversation about it with Nyna & Floydian :-P

Link to comment
Share on other sites
Haunted Dawg Newbie

Haunted Dawg

Posted
  • Author
Posted

Re: 8 Lines to secure your site from known sql injections.

Ok nyna, i dont pretend to offer my service's for free, but i do charge a small fee to secure mainly all file's. I have been putting my time into making code efficient & recoded.

I charge $50 to secure all the file's. BUT! i replace mainly the file's i have coded wich could be sql exploited. That's mainly all the file's in mccode's, if there is edit's on the php file's, i recode the file to fit your website. So, people can bitch about what ever they want, but i WONT! offer my secure file's for free for sure.

Link to comment
Share on other sites
  • 2 weeks later...
avguste Newbie

avguste

Posted
Posted

Re: 8 Lines to secure your site from known sql injections.

Where exactly?

Are you putting this right under function userdata?

 

A little code i just made, you may try use it and test it, add on to it im not sure if it work's as i have not tested it.

Add this code in header.php under the function userdata():

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Link to comment
Share on other sites
avguste Newbie

avguste

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

Same question as above.where exactly in header.php?

 

Yes 8 lines!!!

Easy add this to header.php

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Ok so if you find more sql injections just update the 3 at the top and change the array.

Link to comment
Share on other sites
  • 2 months later...
ChrisJonesCJ Newbie

ChrisJonesCJ

Posted
Posted

Re: 8 Lines to secure your site from known sql injections.

 

Although it exhibits exactly the same flaws have been discussed before. Not only does it not secure your site, it lulls you into a false sense of security.

Let me do a Floydian...

THIS DOES NOT PROTECT YOUR SITE AGAINST SQL INJECTION

Got it yet? No?

THERE IS NO EASY SOLUTION

If there was an easy solution, don't you think that all sites would be using it - not just simple mccodes based games, but all commercial sites?

 

Naya you seem like a really smart person (or try to) but all I have seen you do is tell people they are stupid and or not good anough and tell them to go and learn to code.

Most people posting for help or reading guides like killa's are still learning.

Why dont you contruct somthing to help. SOME is better than NONE and saying SOME is not good anough doesnt really help does it.

Why dont you make use of you're skills and try and help the community rather than tell everyone how rubish they are ?

I see you say how easy it is to code things when people are asking how to do somthing. Rather than tell them it's easy why dont you just post the solution if it as easy as you claim.

I am not trying to offend but I have no idea how you got into your position on these forums. I wouldent hire an amazing coder if they dident code as it would be pointless.

I just feel like you are almost waisted skill on these forums. Telling someone to learn to code is pointless without giving them the first step or advice on how or where to learn.

Link to comment
Share on other sites
Eternal Newbie

Eternal

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

LOL

 

I actually feel the same way.

I was stuck on something and asked for a little help on the irc channel for this.

And all i got back is "TRY IT"

i know she isn't here to help us but as such quality she Says she is one would think to go to her for a little advice.

I think yes she is wasting her talent but, I wouldn't wana help everyone when i got things to do..

And yes the "learn it " comment is a good answer but if someone not knows whats going wrong how can they learn it?

There is thousands of possible PHP functions out there that can control things.

Even a hint would be good.....

 

But i took her advice and never asked anyone of her Status ever again....

Link to comment
Share on other sites
POG1 Newbie

POG1

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

to secure the data it would be wise to create a set of functions that you can call to instead of declaring variables in the header.

With the code provided even if there is no viewforum it will be "secured", is there any point?

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Also, if the get variables changed here are not a number then an error will be produced and you don't want a mysql error on screen ;)

Or something along the lines of this will help:

$id = (isset($_GET['id']) AND ctype_digit($_GET['id']))?settype($_GET['id'],'integer'):FALSE;

if(!$id){echo 'error';die;}

Link to comment
Share on other sites
Haunted Dawg Newbie

Haunted Dawg

Posted
  • Author
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

 

yeah like some people said just fix the exploits your self in what ever file is exploit!

So you telling me. You are going to go secure forums.php & all the market's. But what happen's when some one new figure's out an exploit? Each time you going to need to patch it up. Patch it all up once and for all and ur done.

Link to comment
Share on other sites
Delete-please Newbie

Delete-please

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

 

yeah like some people said just fix the exploits your self in what ever file is exploit!

So you telling me. You are going to go secure forums.php & all the market's. But what happen's when some one new figure's out an exploit? Each time you going to need to patch it up. Patch it all up once and for all and ur done.

thought you quit

Link to comment
Share on other sites
BlueDevil23 Newbie

BlueDevil23

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

 

yeah like some people said just fix the exploits your self in what ever file is exploit!

So you telling me. You are going to go secure forums.php & all the market's. But what happen's when some one new figure's out an exploit? Each time you going to need to patch it up. Patch it all up once and for all and ur done.

thought you quit

Lol, shame on you for believing him.

Link to comment
Share on other sites
codestryke Newbie

codestryke

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

Securing a site takes two things, checking input and storing into the database in a safe manner. You have to do both, period, so that kind of kills an all-in-one function. Oh and display it in a safe manner lets not forget that.

I'm don't have a McCodes site but I've seen enough code here to give a good example.. The bank, you could secure the input but when you store it into the database is it what you want? If you don't check the input of a negative, mySQL is going to store it as a negative and thus will break the bank, so to speak.

There is no magic bullet to cure McCodes of it's security flaws, period. It would take a great deal of effort to do so with pure code (yes Nyna I have a feeling I know what your using on your "test server"). I presented a way to store the data securely but it would require the coder (and I use that term loosely) to check for valid input.

Instead of trying to re-work McCodes, or even trying to secure it, why not create an original game with some original thought? You think any of your versions of McCode will succeed when there are thousands already available and probably 10-20 of them being put online daily? It's done, it's crap and McCodes has been played out, try some originality for a change. I know this isn't going to happen because you can go to rapidshare or any other warez site and download v2.0 of McCodes and invest nothing.

You all fight and find flaws and do whatever you do just to grap what 100 player signups? Please....

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...