Kieran-R Posted November 19, 2010 Posted November 19, 2010 Hey. Im trying to learn security, and i've tried to secure the player report on my own. here it is: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Im sure that is secure, but if you think otherwise, please tell me where I went wrong! Thanks Quote
Equinox Posted November 19, 2010 Posted November 19, 2010 Well, you're using sprintf() on a query but not formatting it for a start. You're using mysql_real_escape_string() on a number also, here's how I'd do it....sort of: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote
Danny696 Posted November 19, 2010 Posted November 19, 2010 Why check if its a string equniox? Its a number oO Quote
Kieran-R Posted November 19, 2010 Author Posted November 19, 2010 thanks Equinox for the tip! But is the code I posted secure? Because I have done something similar to a few other files on my game. Quote
Kieran-R Posted November 20, 2010 Author Posted November 20, 2010 Original post has been updated... Quote
Kieran-R Posted November 20, 2010 Author Posted November 20, 2010 If someone could tell me if the updated post is secured, then that would be great! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.