TesterPro Posted March 12, 2023 Posted March 12, 2023 Hello - does anyone have secure versions of MC Codes for sale? Also looking to buy mods. Contact me. Quote
ags_cs4 Posted March 12, 2023 Posted March 12, 2023 you can get the version of MWG and get someone to check it up for you Quote
TesterPro Posted March 12, 2023 Author Posted March 12, 2023 Yes I have a license from ages ago. I am asking if anyone is selling the secure code. Quote
ags_cs4 Posted March 12, 2023 Posted March 12, 2023 1 hour ago, TesterPro said: Yes I have a license from ages ago. I am asking if anyone is selling the secure code. hmm i dont i saw one but even tho if it is its not 100% secure as the way the sql library is old school so one of the main thing im sure you need to do is rebuild the sql query to use PDO that will add layer to protect from sql injection to some point and on top of that you will need a filter for all your inputs Quote
TesterPro Posted March 12, 2023 Author Posted March 12, 2023 Thanks how much to convert SQL queries to use PDO? And to also filter all the inputs? Quote
Inveteratus Posted March 13, 2023 Posted March 13, 2023 I'd argue with ags_cs4's suggestion that you need to use PDO to provide an extra layer of protection from injection; as it's not fully correct. It is still possible to perform SQL injection attacks against a site using PDO for it's queries even if they are prepared. And the MySqli library can be perfectly safe if used correctly! Sadly Mccodes has shown us how poor queries can and do result in broken games very quickly. The first point about helping make a site more secure; note "more", not "fully"; is to ensure the data you have is sanitised wherever possible to protect against a number of problems. Passing any request variable to SQL is going to be a recipe for disaster. Check your inputs properly; using for example ctype_digit for positive integers, filter_var for pretty much anything else; there's a decent range of FILTER_VALIDATE_xxx constants with support for options for example integer minimum/maximum values, regular expressions for strings etc. Once you have sanitised the input, you can still have strings which would prove dangerous were they passed directly to SQL, so you need to prepare your queries. The basic concept is very simple: // Assuming $location and $username have been filtered correctly, and $pdo is an instance of PDO: $sql = 'SELECT * FROM users WHERE location = :location AND username LIKE :username'; $stmt = $pdo->prepare($sql); $stmt->execute([ 'location' => $location, 'username' => $username, ]); $data = $stmt->fetchAll(); It is a bit of a contrived query; potentially finding a user in a particular location; however it serves to demonstrate how data can safely be passed to SQL. I suggest some research into filtering and using PDO yourself; it's not difficult. Converting mccode's poorly written database classes into PDO is not difficult; with care you can add a function to the basic database class that uses PDO, then it's just a case of slowly converting each and every page to use that method. As a side note; well worth reading (The only proper) PDO tutorial. I still occasionally find myself referring to it from time to time. Quote
TesterPro Posted March 13, 2023 Author Posted March 13, 2023 Thanks - if anyone has a PDO coded MC Code base contact me. Or alternatively give me your quotes to do it. Quote
ags_cs4 Posted March 13, 2023 Posted March 13, 2023 8 hours ago, Inveteratus said: as it's not fully correct. It is still possible to perform SQL injection attacks against a site using PDO for it's queries even if they are prepared I havent said its gonna be a 100% secure hens why i said to some point On 3/12/2023 at 5:55 PM, ags_cs4 said: PDO that will add layer to protect from sql injection to some point You can set the accepted types of sql input on PDO like int or str, And edit the form inputs and add to them your filter function 21 hours ago, TesterPro said: Thanks how much to convert SQL queries to use PDO? And to also filter all the inputs? it depend on who want to take on the task Quote
Dayo Posted March 14, 2023 Posted March 14, 2023 Just a PSA, just because you use PDO dosen't make it secure i.e. <?php $sql = "SELECT name, color, calories FROM fruit WHERE color=" . $_GET["color"] . " ORDER BY name"; foreach ($conn->query($sql) as $row) { print $row['name'] . "\t"; print $row['color'] . "\t"; print $row['calories'] . "\n"; } I saw someone so a finds and replace of mysql_query to $db->query thinking that would "secure their site" Quote
SwiftGameR Posted March 14, 2023 Posted March 14, 2023 If you need mccodes modules hit me up i have a bunch of them on the market but can code custom ones if you have idea in mind. Skills > HTML > CSS > PHP > PDO / MYSQL > JAVASCRIPT / JQUERY Game Engines worked on > Mccodes v1 - v2.05b > GRPG v1 & GRPG V2 > GANGSTERS LEGENDENDS ENGINE > RC ENGINE (Ruthless city) 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.