Jump to content
MakeWebGames

Fake Sql Injection Protection


Z?v??
 Share

Recommended Posts

Ok. So this Twysted guy says he knows to do sql injection protection. So I paid him some good money to add it to my game. He put a small bit of code in my global_func.php that looked like this...

 

/*+++++++++++++++++++++++++++++++++++++*/
/*             Mod by Twysted                                */
/*            SQL Protection Start                                      */
/*+++++++++++++++++++++++++++++++++++++*/
//check if incomingData is not empty and of the expected length
/*function checkIncomingData($idata, $minsize, $maxsize) 
{
if ( 
  strlen($idata)<$minsize
  or  
  strlen($idata)>$maxsize 
  ) 
{
return false;
}
  else
{
  return true;
  }
}
//make sure that nothing bad can be entered by the user (-->sql injection attack)
function cleanIncomingData($idata) 
{
$cleaned = trim($idata); 
$cleaned = mysql_real_escape_string($cleaned);
return $cleaned;
}*/
/*+++++++++++++++++++++++++++++++++++++*/
/*             Mod by Twysted                                */
/*            SQL Protection  Ended                                  */
/*+++++++++++++++++++++++++++++++++++++*/

 

If you look, it's all in /* */ which means it wont execute. He said that just makes it where it wont execute until it's needed. Then he said that will work fine in php 5. Then he said it's commented because it's not being used right now. He said he'll uncomment it when I need it. What do you guys have to say about this?

Link to comment
Share on other sites

Re: Fake Sql Injection Protection

On top of that...he sold me a background image which he got off coolarchive.com and when I asked him about it, he said they stole it from him. And don't let me forget the $5 forums addon he made that doesn't work at all.

Link to comment
Share on other sites

Re: Fake Sql Injection Protection

He got all pissy last time I mentioned that game engine he tried to sell as his own. Swore he could send me the legal documents proving it was his. :)

Everything on a line after // is ignored

Anything between /* And */ is ignored

Link to comment
Share on other sites

Re: Fake Sql Injection Protection

Ya, he tried saying that would have worked if I had php5.

 

And heres the chat convo in case he tries lying about something...

 

*-- | Zav?? | --* says (2:01 PM):

Hey bro

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:01 PM):

hi

*-- | Zav?? | --* says (2:02 PM):

did you make that diamond plate background that on my game....that i paid $5 for?

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:02 PM):

yes

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:02 PM):

why?

*-- | Zav?? | --* says (2:02 PM):

http://www.coolarchive.com/textures.php?p=diamond_plate

*-- | Zav?? | --* says (2:02 PM):

exact same one is on there

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:05 PM):

:o

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:05 PM):

looks like someone been collecting

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:06 PM):

they have 4 of my diamond plate

*-- | Zav?? | --* says (2:08 PM):

i doubt they would steal

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:09 PM):

and i doubt anyone can make the exact seamless tiles as i have made

*-- | Zav?? | --* says (2:09 PM):

and that sql injection i paid for did absolutely nothing

*-- | Zav?? | --* says (2:10 PM):

it was just taking up space because it was in /* */

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:11 PM):

/* */ makes coding a comment

*-- | Zav?? | --* says (2:11 PM):

ya, and your whole sql protection was a comment

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:11 PM):

or stops it from executing until needed

*-- | Zav?? | --* says (2:12 PM):

no, it just makes it to where it wont bother the file

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:12 PM):

that sql injection fix is for php 5.1.5 +

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:12 PM):

doesn't work on php 4

*-- | Zav?? | --* says (2:13 PM):

ive got the latest php

*-- | Zav?? | --* says (2:13 PM):

and thing between /* */ wouldnt work on any php

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:13 PM):

not when i put that in you didn't

*-- | Zav?? | --* says (2:13 PM):

if it's in /* */ then it wont work for any php

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:14 PM):

cause php 5 you can't use magic quotes and register globals being off

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:14 PM):

dude it was put that way until you had php 5 stable

*-- | Zav?? | --* says (2:15 PM):

shall we ask on CE and see what they have to say?

*-- | Zav?? | --* says (2:15 PM):

if it's in /* then it wont work on any version of php

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:16 PM):

you know your starting to piss me off quit being stupid

*-- | Zav?? | --* says (2:16 PM):

well i hate getting ripped off

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:17 PM):

i didn't say /* would execute the code so quit bringing it up

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:11 PM):

or stops it from executing until needed

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:18 PM):

i said it was commented out cause at the time you didn't have the right verion of php

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:18 PM):

you already had a function to stop most sql injections

*-- | Zav?? | --* says (2:18 PM):

no i didnt

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:18 PM):

made for php 4

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:19 PM):

yes you did it's already in v2 coding

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:19 PM):

it just doesn't work on php 5

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:20 PM):

i know what i said you don't need to copy and paste instead you need to think about what i said

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:20 PM):

what do you do if you have extra coding to something that you don't need right now?

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:20 PM):

i comment it out

Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:21 PM):

so when i need it i can uncomment it

Link to comment
Share on other sites

Re: Fake Sql Injection Protection

The commenting out code thing isn't that unusual, I sometimes do it when i have something, and maybe add something extra, but dont want to lose the old code

Although the copying is a bit obvious, and that'd work in php4 since there's nothing php5 specific in the code (strlen, trim, mysql_real_escape_string are all php4 functions)

Link to comment
Share on other sites

  • 6 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...