jon182 Posted March 23, 2009 Posted March 23, 2009 if i add function sql_quote( $value ) { if( get_magic_quotes_gpc() ) { $value = stripslashes( $value ); } //check if this function exists if( function_exists( "mysql_real_escape_string" ) ) { $value = mysql_real_escape_string( $value ); } //for PHP version < 4.3.0 use addslashes else { $value = addslashes( $value ); } return $value; } into every page on my public_html will it secure my website? Quote
Vali Posted March 23, 2009 Posted March 23, 2009 Re: will this secure my website? Use this: <?php /** * Function will return the requested value, or NULL * * @param string $val * @return string */ function validateInput($val) { $response = NULL; if (isset ( $_POST [$val] )) { if (is_array ( $_POST [$val] )) { $response = $_POST [$val]; } else if (trim ( $_POST [$val] ) != "") { $response = trim ( $_POST [$val] ); } } else if (isset ( $_GET [$val] )) { if (is_array ( $_GET [$val] )) { $response = $_GET [$val]; } else if (trim ( $_GET [$val] ) != "") { $response = trim ( $_GET [$val] ); } } if (get_magic_quotes_gpc () == 1) { return ($response); } else { return (addslashes ( $response )); } } ?> Quote
jon182 Posted March 23, 2009 Author Posted March 23, 2009 Re: will this secure my website? add it to every page?? this will secure my site for sure? can i add it anywhere or do i have to put it into certain locations. also should i delete the things i added. (the code posted above) THANK YOU. Quote
kingarmy Posted March 23, 2009 Posted March 23, 2009 Re: will this secure my website? Whatever you do, there'll always be a way to hack, abuse or exploit your site. Quote
jon182 Posted March 23, 2009 Author Posted March 23, 2009 Re: will this secure my website? i mean for the most part. also should i add it to gif docs too?? and txt docs?? Quote
Vali Posted March 23, 2009 Posted March 23, 2009 Re: will this secure my website? you MUST validate ALL user input. So, if it comes from the browser, you validate it, and escape it. Quote
POG1 Posted March 23, 2009 Posted March 23, 2009 Re: will this secure my website? That function isn't very useful vali. This is what i use to secure my input variables. You will need to validate properly and you will need to make all your input strings 'safe' :) function codeClean($var) { return mysql_real_escape_string(htmlentities(trim((get_magic_quotes_gpc())?stripslashes($var):$var))); } Quote
jon182 Posted March 23, 2009 Author Posted March 23, 2009 Re: will this secure my website? my host provider said i'm secure from mysql injections. by mod_security. Could someone sign up as "injectiontest" and try to inject and steal money and crystals??? (try to steal like a 1,000,000 to see if it works) Quote
DELETE ME NOW! Posted March 23, 2009 Posted March 23, 2009 Re: will this secure my website? my host provider said i'm secure from mysql injections. by mod_security. Could someone sign up as "injectiontest" and try to inject and steal money and crystals??? (try to steal like a 1,000,000 to see if it works) ROFL!!!!!, you think that is going to stop Sql Injection? Quote
AlabamaHit Posted March 23, 2009 Posted March 23, 2009 Re: will this secure my website? If your that scared you need to pay someone that knows what they are doing. OR take the game offline cause your not fit to run one yet. You need to learn security FIRST. If you searched these forums you should be safe from most cuase 97% of the "SQL Injectgins" are done by kids that are script kiddies. So its just eh same ones.... Forums crystal market. Quote
DELETE ME NOW! Posted March 23, 2009 Posted March 23, 2009 Re: will this secure my website? If your that scared you need to pay someone that knows what they are doing. OR take the game offline cause your not fit to run one yet. You need to learn security FIRST. If you searched these forums you should be safe from most cuase 97% of the "SQL Injectgins" are done by kids that are script kiddies. So its just eh same ones.... Forums crystal market. I agree Quote
Lithium Posted March 23, 2009 Posted March 23, 2009 Re: will this secure my website? ...take the game offline... without wanting to be mean... this would be the best way to secure it! Quote
DELETE ME NOW! Posted March 27, 2009 Posted March 27, 2009 Re: will this secure my website? function sql_quote( $value ) { if( get_magic_quotes_gpc() ) { $value = stripslashes( $value ); } //check if this function exists if( function_exists( "mysql_real_escape_string" ) ) { $value = mysql_real_escape_string( $value ); } //for PHP version < 4.3.0 use addslashes else { $value = addslashes( $value ); } return $value; } You got that from a site lol, Here Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.