Isomerizer Posted July 31, 2007 Share Posted July 31, 2007 Ok, well i didnt know if i should even bother posting this, as its very simple and i didnt see it on here and i had to make it myself. But can be a great add on, especially for the begginer coders. Its a simple add on that will allow users to have there own personal notes on index.php Create a new file called personalnotes.php with: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Open index.php & add where ever you want the note box to be... You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. SQL: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
Matty Posted July 31, 2007 Share Posted July 31, 2007 Re: [v1] [Free] Personal Notes [simple] Its been posted before, as a user notebook. Although its a good mod, and I like the clearing bit. BUT... Its unbelievably insecure!! You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Your adding what the user submits straight to the database. No checking or anything! So I could SQL inject your code right there. I hope your not using this in your game! EDIT - Shouldnt this be... You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. This You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted July 31, 2007 Author Share Posted July 31, 2007 Re: [v1] [Free] Personal Notes [simple] Ok... String replace added, That will secure it right? Quote Link to comment Share on other sites More sharing options...
Matty Posted July 31, 2007 Share Posted July 31, 2007 Re: [v1] [Free] Personal Notes [simple] Err, I think there is a function in MCcodes that escapes the data anyways, although I'm not sure. I like to escape my data even if it there. Just too be sure ;) You could use. mysql_real_escape_string(); Although if you have a function that addslashes on POST and GET data you may want to stripslahes (stripslashes();) before using it so that your not escaping the data twice. It depends on the code, but you defo need some security in there. EDIT - Just saw your 'fix' You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. You don't know what SQL injection is do you. No offense but read up on security before you start posting mods. Id hate to think how insecure your game is, if your work is like this. Still I like the concept and idea, just not the lack of security! bar that its great. Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted August 1, 2007 Author Share Posted August 1, 2007 Re: [v1] [Free] Personal Notes [simple] Ok, updated it again, looked up mysql_real_escape_string and it showed me aload of php security code / tips. I dont know if ive used the functions correctly, But it works, Not sure if its preventing sql injections, Can ya tell me if ive done it wrong? And i'll correct. :-) Quote Link to comment Share on other sites More sharing options...
Matty Posted August 1, 2007 Share Posted August 1, 2007 Re: [v1] [Free] Personal Notes [simple] You could just do... You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Also why have you change this You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. to this You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Its not doing anything. Read what SQL injection is. Not sure if its preventing sql injections Then find out! Its for you benifit so that you can check your game for it, wasnt your game getting hacked a while back? http://wikipedia.com Quote Link to comment Share on other sites More sharing options...
Isomerizer Posted August 1, 2007 Author Share Posted August 1, 2007 Re: [v1] [Free] Personal Notes [simple] Ok, i read up on them, still dont understand them to well, I allways thought they were used when people used $_GET, didnt know they could be used on $_POST. From now on i'll try using the mysql_real_escape_string on variables used in a mysql query. Quote Link to comment Share on other sites More sharing options...
Guest Sniko` Posted August 7, 2007 Share Posted August 7, 2007 Re: [v1] [Free] Personal Notes [simple] It Worked Great thanks :-D :-D 8-) 8-) :-D :-D Quote Link to comment Share on other sites More sharing options...
3XTR3M3 Posted August 7, 2007 Share Posted August 7, 2007 Re: [v1] [Free] Personal Notes [simple] yep great mod keep them coming lol Quote Link to comment Share on other sites More sharing options...
SoulOfDeath Posted August 29, 2007 Share Posted August 29, 2007 Re: [v1] [Free] Personal Notes [simple] +1 :-D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.