WarMad Posted May 6, 2016 Share Posted May 6, 2016 (edited) this is a very simple staff to to list first make a file called todo.php inside it put You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. then run this query You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. then put this link where ever you would like it i recommend in the staff panel You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. and that is it if you guys have and ideas for it let me know i will see what i can do this is the first mod i have done in a long time i havent owned a game in roughly 6 years until now Edited May 14, 2016 by WarMad Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted May 6, 2016 Share Posted May 6, 2016 I would look into possibly securing your inputs first and foremost. name and status can have anything put in for a value and that's not good. Just do some type checking and validate your data. Also I believe it's best practice to include your connection variable for your queries as well Quote Link to comment Share on other sites More sharing options...
WarMad Posted May 6, 2016 Author Share Posted May 6, 2016 ok how do i secure them i am really bad with that i dont want you to do it for me but give an example and i will see what i can do Quote Link to comment Share on other sites More sharing options...
NonStopCoding Posted May 6, 2016 Share Posted May 6, 2016 You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. upon that you would need to do some checks to make sure that the data is correct for example lets say you have name in the database with a varchar of 75 you would use the You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. function you would also need checks in place to make sure (if your going to allow spaces numbers and letters) so users cant put whatever You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. and escape the data on input to the database You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. if you look through some of the files on the game you will see security check preferences page or any staff page Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted May 6, 2016 Share Posted May 6, 2016 and escape the data on input to the database You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. if you look through some of the files on the game you will see security check preferences page or any staff page This is v1 so it would be You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
peterisgb Posted May 6, 2016 Share Posted May 6, 2016 Not bad, i was thinking about something like this last night haha, Heres a recode for v2 You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Not Tested. Quote Link to comment Share on other sites More sharing options...
Zettieee Posted May 6, 2016 Share Posted May 6, 2016 Formatted and fix for mysql_error() You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
KyleMassacre Posted May 6, 2016 Share Posted May 6, 2016 You guys do realized that this is tagged as V1? Quote Link to comment Share on other sites More sharing options...
NonStopCoding Posted May 7, 2016 Share Posted May 7, 2016 This is v1 so it would be You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. haha so it is. Guess i am so used to $db-escape :P Quote Link to comment Share on other sites More sharing options...
WarMad Posted May 9, 2016 Author Share Posted May 9, 2016 sorry it took me so long should be a little more secure now as long as i did it correctly Quote Link to comment Share on other sites More sharing options...
sniko Posted May 9, 2016 Share Posted May 9, 2016 sorry it took me so long should be a little more secure now as long as i did it correctly 1) You won't get the expected behaviour as you're not assigning the return of mysqli_real_escape_string() to a variable - thus you're still vulnerable an SQL injection. 2) Moreover, you're open to XSS attack vectors. 3) Also, don't output a mysql error to the end-user! 4) You're using sprintf() when you aren't utilising it... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.