POG1 Posted January 16, 2009 Share Posted January 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. i am no pro at this but why not use some sort of a logging system to do this.. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. you dont wona do that Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted January 16, 2009 Share Posted January 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. i am no pro at this but why not use some sort of a logging system to do this.. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. you dont wona do that give a explanation instead of a command... "you dont wona do that" some people will do it just for that Quote Link to comment Share on other sites More sharing options...
Eternal Posted January 16, 2009 Share Posted January 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. i am no pro at this but why not use some sort of a logging system to do this.. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. you dont wona do that Wana explain to me why then? Quote Link to comment Share on other sites More sharing options...
POG1 Posted January 16, 2009 Share Posted January 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. 1. slow funftion 2. bbcode uses some chars in that string which would mean you would need something different for any bbcode string.. Quote Link to comment Share on other sites More sharing options...
Eternal Posted January 17, 2009 Share Posted January 17, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. 1. slow funftion 2. bbcode uses some chars in that string which would mean you would need something different for any bbcode string.. Ok after i read this post i went and tested this against other ones i came across.. My site never slowed down at any pace.. bbcode Never had a problem with this .. i don't know where you get this from if it is an assumption or you have tried it first hand? But it seems to work with url manipulation towards sql injections... I know it won't stop anything But against the ones that drop tables it will... Quote Link to comment Share on other sites More sharing options...
POG1 Posted January 17, 2009 Share Posted January 17, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. bbcode Never had a problem with this .. BB code uses square brackets "[ ]" and if you look at the eregi string.. eregi("[\'|'/'\''<'>'*'~'`']",$ids_checkpost) it checks for them. Quote Link to comment Share on other sites More sharing options...
Eternal Posted January 18, 2009 Share Posted January 18, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. notice this script is for url injections??? But with some tinkering about i am sure you could clean each post and get variable.. And yes that will screw the bbcode around. Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted January 22, 2009 Share Posted January 22, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. [me=Nyna]sighs[/me] Exactly how is this going to protect you? Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted January 22, 2009 Share Posted January 22, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. exactly what i was thinking... it's ludicrous to believe you will protect multiple php files from a single filter.. Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted January 22, 2009 Share Posted January 22, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. exactly what i was thinking... it's ludicrous to believe you will protect multiple php files from a single filter.. Unless of course you understand what you are filtering. ;) Quote Link to comment Share on other sites More sharing options...
POG1 Posted January 22, 2009 Share Posted January 22, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. filtering for gold? Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted January 23, 2009 Share Posted January 23, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. exactly what i was thinking... it's ludicrous to believe you will protect multiple php files from a single filter.. Unless of course you understand what you are filtering. ;) lol go ahead and expand our concept of filtering for the right things then... oh i forgot you don't show examples very often is it not on google? Quote Link to comment Share on other sites More sharing options...
bling Posted January 23, 2009 Share Posted January 23, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. this will help some add this to your globals You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. you can use the filtering the Query // if you are using form data, use the function like this: if (isset($_POST['itemID'])) $itemID = cleanQuery($_POST['itemID']); // you can also filter the data as part of your query: SELECT * FROM items WHERE itemID = '". cleanQuery($itemID)."' " i know not all of you will get how this works or some thing like You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
bling Posted January 23, 2009 Share Posted January 23, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. Nyna do you think what i have posted can help ? Quote Link to comment Share on other sites More sharing options...
Cronus Posted January 24, 2009 Share Posted January 24, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. I'm thinking that after a while, after you have so many variables listed on the query, it might slow down page loading for members. A while query loading numerous things tends to hinder page load times. So, I have created this next line of code, which while very simple, may help those of you securing large amounts of $_GET's and $_POST's, also note, what killah has listed is only for $_GET's, $_POST's need their own line too. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Obviously in the instance I just posted, you wouldn't need it. But for future reference it may help. All you need to do is add the variables to the if statement when you add them to the array, simple. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted January 24, 2009 Author Share Posted January 24, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
Josh23 Posted February 7, 2009 Share Posted February 7, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. Can someone tell me what i should put to secure my site ? because in this thread their is lots and people are saying they wont work .. :S Quote Link to comment Share on other sites More sharing options...
codestryke Posted February 9, 2009 Share Posted February 9, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. Can someone tell me what i should put to secure my site ? because in this thread their is lots and people are saying they wont work .. :S Make a popular site thats even worth hacking and let them come to hack it. Learn from them or learn how to find how they did it. Nothing here is 100% and it's all a learning experience ;) Quote Link to comment Share on other sites More sharing options...
mj12 Posted February 16, 2009 Share Posted February 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. I think it needs to be said again, there is no one way to prevent attacks. I posted a function earlier, but thats just one part of the whole security issue. Here's what i do: 1. If you expect it to be a number make sure it is by using functions such as 'abs' 2. Treat all user input as unsafe, whether from forms or in the url string. 3. Use regular expressions to check inputs from users 4. Secure queries by 'sprintf' and 'mysql_real_escape_string' 5. Read as much as you can about securing websites and adapt the information accordingly Quote Link to comment Share on other sites More sharing options...
mentaljason Posted February 16, 2009 Share Posted February 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. Will some one send me the strings for the forum and markets, i need to check if im secure. thanks. (PM me) Quote Link to comment Share on other sites More sharing options...
mentaljason Posted February 16, 2009 Share Posted February 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. Learn this code, if 1=a and z=26 then what does 2-21-12-12--19-8-9-20 (dashes indicate an end to that letter and double dash represents a space.) Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted February 16, 2009 Author Share Posted February 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. UH? Quote Link to comment Share on other sites More sharing options...
SpEcKs Posted February 16, 2009 Share Posted February 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. haha Haunted Dawg Quote Link to comment Share on other sites More sharing options...
Magictallguy Posted February 16, 2009 Share Posted February 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. Learn this code, if 1=a and z=26 then what does 2-21-12-12--19-8-9-20 (dashes indicate an end to that letter and double dash represents a space.) 2-21-12-12--19-8-9-20 bull shit Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted February 16, 2009 Author Share Posted February 16, 2009 Re: [mccode] 8 Lines to secure your site from known sql injections. Please explain and i might be able to tell you what it does? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.