Jump to content
MakeWebGames

[v1] [Free] Personal Notes [Simple]


Isomerizer

Recommended Posts

Ok, well i didnt know if i should even bother posting this, as its very simple and i didnt see it on here and i had to make it myself.

But can be a great add on, especially for the begginer coders.

Its a simple add on that will allow users to have there own personal notes on index.php

Create a new file called personalnotes.php with:

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Open index.php & add where ever you want the note box to be...

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

SQL:

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

Link to comment
Share on other sites

Re: [v1] [Free] Personal Notes [simple]

Its been posted before, as a user notebook. Although its a good mod, and I like the clearing bit.

BUT...

Its unbelievably insecure!!

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Your adding what the user submits straight to the database. No checking or anything! So I could SQL inject your code right there.

I hope your not using this in your game!

 

EDIT - Shouldnt this be...

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

This

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

Link to comment
Share on other sites

Re: [v1] [Free] Personal Notes [simple]

Err, I think there is a function in MCcodes that escapes the data anyways, although I'm not sure. I like to escape my data even if it there. Just too be sure ;)

You could use.

mysql_real_escape_string();

Although if you have a function that addslashes on POST and GET data you may want to stripslahes (stripslashes();) before using it so that your not escaping the data twice. It depends on the code, but you defo need some security in there.

 

EDIT - Just saw your 'fix'

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

You don't know what SQL injection is do you. No offense but read up on security before you start posting mods. Id hate to think how insecure your game is, if your work is like this.

Still I like the concept and idea, just not the lack of security! bar that its great.

Link to comment
Share on other sites

Re: [v1] [Free] Personal Notes [simple]

Ok, updated it again, looked up mysql_real_escape_string and it showed me aload of php security code / tips.

I dont know if ive used the functions correctly, But it works, Not sure if its preventing sql injections, Can ya tell me if ive done it wrong? And i'll correct. :-)

Link to comment
Share on other sites

Re: [v1] [Free] Personal Notes [simple]

You could just do...

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Also why have you change this

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

to this

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Its not doing anything. Read what SQL injection is.

 

Not sure if its preventing sql injections

Then find out! Its for you benifit so that you can check your game for it, wasnt your game getting hacked a while back?

http://wikipedia.com

Link to comment
Share on other sites

Re: [v1] [Free] Personal Notes [simple]

Ok, i read up on them, still dont understand them to well, I allways thought they were used when people used $_GET, didnt know they could be used on $_POST.

From now on i'll try using the mysql_real_escape_string on variables used in a mysql query.

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...