Z?v?? Posted August 6, 2007 Share Posted August 6, 2007 Ok. So this Twysted guy says he knows to do sql injection protection. So I paid him some good money to add it to my game. He put a small bit of code in my global_func.php that looked like this... /*+++++++++++++++++++++++++++++++++++++*/ /* Mod by Twysted */ /* SQL Protection Start */ /*+++++++++++++++++++++++++++++++++++++*/ //check if incomingData is not empty and of the expected length /*function checkIncomingData($idata, $minsize, $maxsize) { if ( strlen($idata)<$minsize or strlen($idata)>$maxsize ) { return false; } else { return true; } } //make sure that nothing bad can be entered by the user (-->sql injection attack) function cleanIncomingData($idata) { $cleaned = trim($idata); $cleaned = mysql_real_escape_string($cleaned); return $cleaned; }*/ /*+++++++++++++++++++++++++++++++++++++*/ /* Mod by Twysted */ /* SQL Protection Ended */ /*+++++++++++++++++++++++++++++++++++++*/ If you look, it's all in /* */ which means it wont execute. He said that just makes it where it wont execute until it's needed. Then he said that will work fine in php 5. Then he said it's commented because it's not being used right now. He said he'll uncomment it when I need it. What do you guys have to say about this? Quote Link to comment Share on other sites More sharing options...
Decepti0n Posted August 6, 2007 Share Posted August 6, 2007 Re: Fake Sql Injection Protection I thought everyone knew that almost everything he posts on here and triton is copied :D Quote Link to comment Share on other sites More sharing options...
Z?v?? Posted August 6, 2007 Author Share Posted August 6, 2007 Re: Fake Sql Injection Protection On top of that...he sold me a background image which he got off coolarchive.com and when I asked him about it, he said they stole it from him. And don't let me forget the $5 forums addon he made that doesn't work at all. Quote Link to comment Share on other sites More sharing options...
UCC Posted August 6, 2007 Share Posted August 6, 2007 Re: Fake Sql Injection Protection He got all pissy last time I mentioned that game engine he tried to sell as his own. Swore he could send me the legal documents proving it was his. :) Everything on a line after // is ignored Anything between /* And */ is ignored Quote Link to comment Share on other sites More sharing options...
Z?v?? Posted August 7, 2007 Author Share Posted August 7, 2007 Re: Fake Sql Injection Protection Ya, he tried saying that would have worked if I had php5. And heres the chat convo in case he tries lying about something... *-- | Zav?? | --* says (2:01 PM): Hey bro Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:01 PM): hi *-- | Zav?? | --* says (2:02 PM): did you make that diamond plate background that on my game....that i paid $5 for? Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:02 PM): yes Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:02 PM): why? *-- | Zav?? | --* says (2:02 PM): http://www.coolarchive.com/textures.php?p=diamond_plate *-- | Zav?? | --* says (2:02 PM): exact same one is on there Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:05 PM): :o Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:05 PM): looks like someone been collecting Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:06 PM): they have 4 of my diamond plate *-- | Zav?? | --* says (2:08 PM): i doubt they would steal Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:09 PM): and i doubt anyone can make the exact seamless tiles as i have made *-- | Zav?? | --* says (2:09 PM): and that sql injection i paid for did absolutely nothing *-- | Zav?? | --* says (2:10 PM): it was just taking up space because it was in /* */ Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:11 PM): /* */ makes coding a comment *-- | Zav?? | --* says (2:11 PM): ya, and your whole sql protection was a comment Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:11 PM): or stops it from executing until needed *-- | Zav?? | --* says (2:12 PM): no, it just makes it to where it wont bother the file Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:12 PM): that sql injection fix is for php 5.1.5 + Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:12 PM): doesn't work on php 4 *-- | Zav?? | --* says (2:13 PM): ive got the latest php *-- | Zav?? | --* says (2:13 PM): and thing between /* */ wouldnt work on any php Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:13 PM): not when i put that in you didn't *-- | Zav?? | --* says (2:13 PM): if it's in /* */ then it wont work for any php Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:14 PM): cause php 5 you can't use magic quotes and register globals being off Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:14 PM): dude it was put that way until you had php 5 stable *-- | Zav?? | --* says (2:15 PM): shall we ask on CE and see what they have to say? *-- | Zav?? | --* says (2:15 PM): if it's in /* then it wont work on any version of php Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:16 PM): you know your starting to piss me off quit being stupid *-- | Zav?? | --* says (2:16 PM): well i hate getting ripped off Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:17 PM): i didn't say /* would execute the code so quit bringing it up Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:11 PM): or stops it from executing until needed Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:18 PM): i said it was commented out cause at the time you didn't have the right verion of php Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:18 PM): you already had a function to stop most sql injections *-- | Zav?? | --* says (2:18 PM): no i didnt Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:18 PM): made for php 4 Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:19 PM): yes you did it's already in v2 coding Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:19 PM): it just doesn't work on php 5 Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:20 PM): i know what i said you don't need to copy and paste instead you need to think about what i said Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:20 PM): what do you do if you have extra coding to something that you don't need right now? Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:20 PM): i comment it out Twysted - SWO Owner - Insanity Wars Creator/Owner - TMW Programmer - SN Coder says (2:21 PM): so when i need it i can uncomment it Quote Link to comment Share on other sites More sharing options...
Decepti0n Posted August 7, 2007 Share Posted August 7, 2007 Re: Fake Sql Injection Protection The commenting out code thing isn't that unusual, I sometimes do it when i have something, and maybe add something extra, but dont want to lose the old code Although the copying is a bit obvious, and that'd work in php4 since there's nothing php5 specific in the code (strlen, trim, mysql_real_escape_string are all php4 functions) Quote Link to comment Share on other sites More sharing options...
MaKaVeLi Posted February 9, 2008 Share Posted February 9, 2008 Re: Fake Sql Injection Protection I have 3 servers all on php5 and I can tell you for a fact that when something is commented out that it will not execute EVER. That guy that told you that hosed you down pretty bad. :mrgreen: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.