Jump to content
MakeWebGames

8 Lines to secure your site from known sql injections.

Haunted Dawg

By Haunted Dawg
in Free Modifications

 Share

Recommended Posts

  • Replies 164
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Zero-Affect Newbie

Zero-Affect

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

 

i am no pro at this but why not use some sort of a logging system to do this..

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

you dont wona do that

give a explanation instead of a command...

"you dont wona do that"

some people will do it just for that

Link to comment
Share on other sites
Eternal Newbie

Eternal

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

 

1. slow funftion

2. bbcode uses some chars in that string which would mean you would need something different for any bbcode string..

 

Ok after i read this post i went and tested this against other ones i came across..

My site never slowed down at any pace..

bbcode Never had a problem with this ..

i don't know where you get this from

if it is an assumption or you have tried it first hand?

But it seems to work with url manipulation towards sql injections...

I know it won't stop anything

But against the ones that drop tables it will...

Link to comment
Share on other sites
POG1 Newbie

POG1

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

 

bbcode Never had a problem with this ..

BB code uses square brackets "[ ]" and if you look at the eregi string..

eregi("[\'|'/'\''<'>'*'~'`']",$ids_checkpost)

it checks for them.

Link to comment
Share on other sites
Guest Anonymous

Guest Anonymous

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

 

exactly what i was thinking... it's ludicrous to believe you will protect multiple php files from a single filter..

Unless of course you understand what you are filtering. ;)

Link to comment
Share on other sites
Zero-Affect Newbie

Zero-Affect

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

 

exactly what i was thinking... it's ludicrous to believe you will protect multiple php files from a single filter..

Unless of course you understand what you are filtering. ;)

lol go ahead and expand our concept of filtering for the right things then...

oh i forgot you don't show examples very often

is it not on google?

Link to comment
Share on other sites
bling Newbie

bling

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

this will help some add this to your globals

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

you can use the filtering the Query

// if you are using form data, use the function like this:

if (isset($_POST['itemID'])) $itemID = cleanQuery($_POST['itemID']);

// you can also filter the data as part of your query:

SELECT * FROM items WHERE itemID = '". cleanQuery($itemID)."' "

i know not all of you will get how this works

or some thing like

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

Link to comment
Share on other sites
Cronus Newbie

Cronus

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

I'm thinking that after a while, after you have so many variables listed on the query, it might slow down page loading for members. A while query loading numerous things tends to hinder page load times. So, I have created this next line of code, which while very simple, may help those of you securing large amounts of $_GET's and $_POST's, also note, what killah has listed is only for $_GET's, $_POST's need their own line too.

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Obviously in the instance I just posted, you wouldn't need it. But for future reference it may help. All you need to do is add the variables to the if statement when you add them to the array, simple.

Link to comment
Share on other sites
  • 2 weeks later...
codestryke Newbie

codestryke

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

 

Can someone tell me what i should put to secure my site ?

because in this thread their is lots and people are saying they wont work .. :S

Make a popular site thats even worth hacking and let them come to hack it. Learn from them or learn how to find how they did it. Nothing here is 100% and it's all a learning experience ;)

Link to comment
Share on other sites
mj12 Newbie

mj12

Posted
Posted

Re: [mccode] 8 Lines to secure your site from known sql injections.

I think it needs to be said again, there is no one way to prevent attacks. I posted a function earlier, but thats just one part of the whole security issue.

Here's what i do:

1. If you expect it to be a number make sure it is by using functions such as 'abs'

2. Treat all user input as unsafe, whether from forms or in the url string.

3. Use regular expressions to check inputs from users

4. Secure queries by 'sprintf' and 'mysql_real_escape_string'

5. Read as much as you can about securing websites and adapt the information accordingly

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...