mccode-v2 Credit Exchange mod New!!

[JohnGato]

Good Job HD

 

 

Sorry to say this, but this module is broken beyond recognition.

Some examples

You are displaying cost of 2 credits for xanax, where when you go forward, it says 2 credits, and the sql says 1.

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Displaying bad request twice? Why?

Opening 2 tables without closing them? Without content either? WHY?

I was initially going to re-code it, but then i thought..

Perhaps you should read some books first and then try create modules. Or expect to see me often pointing out your flaws.

[rockwood]

your escape functions are doing properly sanitize and validate ??? and what are you doing for xss ?

as per my view it is very important part of programming and i am not expert in these but little bit aware about these problem

as per my view it is doesn't matter that you handle values by db or hard code so please try to escape your values properly, this is my point.

[jcvenom]

your escape functions are doing properly sanitize and validate ??? and what are you doing for xss ?

as per my view it is very important part of programming and i am not expert in these but little bit aware about these problem

as per my view it is doesn't matter that you handle values by db or hard code so please try to escape your values properly, this is my point.

can you show me what is the problem guy's you need to show me your examples

[rockwood]

can you show me what is the problem guy's you need to show me your examples

please see the Alan and !Angel Post on this page "http://makewebgames.io/showthread.php/43753-Boolean-Given?p=294236#post294236"

epically $_GET value validation by ctype_digit()

[jcvenom]

please see the Alan and !Angel Post on this page "http://makewebgames.io/showthread.php/43753-Boolean-Given?p=294236#post294236"

epically $_GET value validation by ctype_digit()

i just took a look but seriously in my case i don't need to use sprint f or ctype_digit()

[HauntedDawg]

i just took a look but seriously in my case i don't need to use sprint f or ctype_digit()

but you can use ctype_alnum

[rockwood]

if you dont mind why ??? bcz i wanna gain my knowledge so may be it help me ?

- - - Updated - - -

 

but you can use ctype_alnum

am wrong on this point HD ?

[jcvenom]

if you dont mind why ??? bcz i wanna gain my knowledge so may be it help me ?

- - - Updated - - -

 

am wrong on this point HD ?

ctype_alnum checks if all the characters in your desired string are alphanumeric while ctype_digit() checks for numeric characters

[HauntedDawg]

if you dont mind why ??? bcz i wanna gain my knowledge so may be it help me ?

- - - Updated - - -

 

am wrong on this point HD ?

You can check this out: http://www.php.net/manual/en/ref.ctype.php

It will show you all the ctype functions. All of these can be used with great benefit to type checking.

[jcvenom]

You can check this out: http://www.php.net/manual/en/ref.ctype.php

It will show you all the ctype functions. All of these can be used with great benefit to type checking.

HauntedDawg i have to say well done you have proved me wrong with all my respect sorry for acting like a dickhead :) maybe we can be friends?

[rockwood]

my point was only safety nothing else friend ,that was just an example for validating

you can use preg_match too and many more so please make it safe bcz get is non hide thing

[jcvenom]

my point was only safety nothing else friend ,that was just an example for validating

you can use preg_match too and many more so please make it safe bcz get is non hide thing

Cheers! m8

[Dominion]

my point was only safety nothing else friend ,that was just an example for validating

you can use preg_match too and many more so please make it safe bcz get is non hide thing

I'm actually going to challenge you to point out everything wrong (security wise) with this modification. Right now all of your posts are coming across as someone who is just throwing out random functions he thinks are linked to security, but has no idea why.

BTW - please no one else come along and make a list before he answers. I'm trying to make a point to Rockwood...

[rockwood]

I'm actually going to challenge you to point out everything wrong (security wise) with this modification. Right now all of your posts are coming across as someone who is just throwing out random functions he thinks are linked to security, but has no idea why.

BTW - please no one else come along and make a list before he answers. I'm trying to make a point to Rockwood...

Dominion you should check posts chain, i tried to improve his code and he told me escaping is wrong on $_GET variable the question from his side, not from mine and i am trying to explain him about xss attacks

and what is wrong in it ??

[jcvenom]

Dominion you should check posts chain, i tried to improve his code and he told me escaping is wrong on $_GET variable the question from his side, not from mine and i am trying to explain him about xss attacks

and what is wrong in it ??

AS my friend venom said this mod is not vulnerable to XSS attacks

[rockwood]

i am leaving this thread.