Jordan Palmer Posted June 21, 2010 Posted June 21, 2010 Hi ya'll. A few months back I tried this and failed to secure it, I never actually released a secured version from then on as back then I struggled when it came to security, I have improved in the security | Optimization departments, I've been rather bored and not released anything for a good month + now so I thought I'd secure/update this particular file as it's not really mentioned much and plays a pretty important role in the game. Simply replace this with you're current imadd.php You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. You're done. - It was early when I coded this, I haven't really slept so they may be a few spelling mistake's, but yeah, it's pretty good I hope :) This has been tested fully. Quote
Danny696 Posted June 21, 2010 Posted June 21, 2010 $_GET['price'] -- i see nothing, security wise. Quote
NarutoPRG.com Posted June 21, 2010 Posted June 21, 2010 Well done! Well done Jordan! Looking good mate. Hey, we all make some spelling mistakes some times(Not that I can see any). :D But what I understand from SQL is that ( * ) selects all the Db row/query, something like that. But your first mysql_query(). Your selecting all the database twice. [mysql]$q=$db->query("SELECT iv.*,i.* FROM inventory iv LEFT JOIN items i ON iv.inv_itemid=i.itmid WHERE inv_id=".abs(intval($_GET['ID']))." and inv_userid=$userid");[/mysql] I'm not sure if this is a different way of selecting some, if so my bad. :) Quote
Zero-Affect Posted June 21, 2010 Posted June 21, 2010 $_GET['price'] -- i see nothing, security wise. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Jordan i do like how you do it but maybe for the inexperienced people do it at the top of the file... Quote
NarutoPRG.com Posted June 21, 2010 Posted June 21, 2010 @ Danny: I looked up Abs a month or so ago, and if I can remember ( .abs(intval) ) Makes sure the number is correct not false. I'm not exacly sure about the whole Abs securing thing. But please do correct me if wrong Danny. :) Sorry for double post. Quote
Jordan Palmer Posted June 21, 2010 Author Posted June 21, 2010 @Rasheed: Look at the queries, they're totally different ;) @Danny: Specsavers can always help :P @Crimgame: Thank you, yeah, I guess we all have our preferences :) Quote
Danny696 Posted June 21, 2010 Posted June 21, 2010 @jordan, last time i went, 20:20 vision, cya..... And i didnt see it because i had to scroll to see it, and im lazy :) Quote
Equinox Posted June 21, 2010 Posted June 21, 2010 Looking good, you could probably look up mysql indexation and how to perform a query efficiently. Just a few minor pickets I have but I won't bother going into them as they're minor and people have different preferences Quote
Jordan Palmer Posted June 21, 2010 Author Posted June 21, 2010 Thanks CC, Yeah it'll be something I'll look up pretty soon actually as I wish to get the best speed I can for all modifactions/sites I do :) Quote
SHAD Posted June 21, 2010 Posted June 21, 2010 Nice work Jordan mate. I am always learning from the secured and non secured file when i compare. :thumbup: Quote
Jordan Palmer Posted June 21, 2010 Author Posted June 21, 2010 @Rasheed; Npz mate @Shad; If you ever need help I could help :) Thank you too all comments. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.