EineyEntertainment Posted March 7, 2009 Posted March 7, 2009 First, before I get a series of Angry posts...I would like to go on record by saying that I am not a decent coder, but a scientist. I have read many arguments on this site about preventing injections. By visiting this site http://www.securiteam.com/securityreviews/5DP0N1P76E.html I discovered a way to view my source code in Inventory to find the specific item. Now expert coders / Hackers can easily get into your SQl, recreate the item into their own inventroy...mainly because you hand them the information you need to do so on a silver platter. What I'm considering is creating a SQL value for donation items usage, and give the SQL a jibberish name like "dhfsasdgf", and on the verification page, the one that ships the user the item depending on the pack they pick, and if the payment is verified, I'm going to have the site inject an allowed usage into that players DB. Since that sites source code isn't available, a person will not be able to see that the value is being imput. Now if a player decides that they wish to trade a DP for in game money, all trades have to be done through a donation trade page, that will transfer the SQL over via a filter site. In a since, the DP will not be usable unless you have a value, in which your dp update page (source secure) will check that value and redirect to either a success page or a failure page. If it fails, a report will be generated to the admin. sounds like alot, but I think with a few modifications, it can be done. I'm going to give this a serious try if you guys think it'll be worth the effort, if not...I'll just head back to the drawing board. I will be placing the code here for trial and error when I finish in the next week or so. (Still have a tun of updates to do to my current script before we go live) Quote
Eternal Posted March 9, 2009 Posted March 9, 2009 Re: [any V] Possible mod for prevention of SQL injections on DP's (item version) Many have gone through this to increase the security on your querys and coding use the correct forms like mysql_escape(trim($code)) also what other means i have noticed is sprintf(?%,$code) so as in sql injections you can run a pretty tight script using the correct methods of coding it.. That site is for websites that have failed to restrict the input's on their forms and querys... <?>Eternal Quote
POG1 Posted March 9, 2009 Posted March 9, 2009 Re: [any V] Possible mod for prevention of SQL injections on DP's (item version) You will need to actions based on the values of the data. For example you will be using numbers, so accept only numbers ;) You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. You will probably find many tutorials that show many different ways of doing so. Quote
John99 Posted March 9, 2009 Posted March 9, 2009 Re: [any V] Possible mod for prevention of SQL injections on DP's (item version) Link to Php.net / ctype_digit Quote
a_bertrand Posted March 10, 2009 Posted March 10, 2009 Re: [any V] Possible mod for prevention of SQL injections on DP's (item version) an easy way to convert your input in a number IN ANY CASE (which means if it fails you will get a 0 number not an odd string or empty): You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. which can be directly placed into an sql too: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. For strings use the mysql_escape or mysql_real_escape_string Quote
Strats Posted April 17, 2009 Posted April 17, 2009 Re: [any V] Possible mod for prevention of SQL injections on DP's (item version) Does anyone have a good filter to stop people putting Sql injections in to a game? I had someone join up and get loads of will potions and give me lots of dp's too lol But they never explained how to stop it :cry: Quote
eido Posted April 18, 2009 Posted April 18, 2009 Re: [any V] Possible mod for prevention of SQL injections on DP's (item version) Strats its your starter kit that is causing alot of problems on your game all u need to do is refresh the starter kit and u get a will so members could just keep refreshing it if they wanted alot of will potions. Quote
Strats Posted April 18, 2009 Posted April 18, 2009 Re: [any V] Possible mod for prevention of SQL injections on DP's (item version) Hmmm I will let the person who made it know. But then how did someone give me loads of them? lol I have taken it off now Quote
DELETE ME NOW! Posted April 18, 2009 Posted April 18, 2009 Re: [any V] Possible mod for prevention of SQL injections on DP's (item version) All you got to do is to check if they have the item(dp) once pages loads if they dont have the page then cancel it opening the dp if they dont have it? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.