Jump to content
MakeWebGames

Recommended Posts

Guest Anonymous
Posted

Re: Simple SQL Injection protection

Oh dear...

 

Advice to all -- DO NOT USE THIS -- It is far to simple to bypass. I won't tell you how for obvious reasons, (Killah PM me if you want to know why).

Posted

Re: Simple SQL Injection protection

Might want to fix that, for the copy and pasters here.

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Suppose to be

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Simple things can make people go mad. :-)

Posted

Re: Simple SQL Injection protection

 

Might want to fix that, for the copy and pasters here.

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Suppose to be

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

Simple things can make people go mad. :-)

Funny how you say copy & pasters, please go look at my last post's you'll notice i dont copy & paste.

Posted

Re: Simple SQL Injection protection

No, I wasn't calling you a copy and paster. I was referring to those who say,"Oh, cool, a new code." They copy and paste it without looking over it to see what it does, what it contains, and why it does what it does. So, sorry if you felt I was talking about you when I said copy and pasters.

Guest Anonymous
Posted

Re: Simple SQL Injection protection

Seems I should have suggest that _ReapeR_ get in touch...

Again - DO NOT USE THIS - it has MAJOR vulnerabilities

Posted

Re: Simple SQL Injection protection

Man, so accusatory with these "mods". Anything with 'select' in the url != intrusion attempt. It's not going to be very friendly if you wind up going to a profile, say, user.php?name=selectMan, and being labelled a hacker. But sure

Posted

Re: Simple SQL Injection protection

*makes buzzer sound* Actually, Nyna isn't "always" right (as she will most likely confirm) - but she does have 30+ years of experience behind her and knows what she is doing :)

 

I Cant See Any But Ill Take Naynas Advice as Shes Better Den Us!, And Always Right :-)

Posted

Re: Simple SQL Injection protection

_ReapeR_ next time you try a SQL injection do it on your own game. i don't appreciate you hacking my game.

Posted

Re: Simple SQL Injection protection

This forum is for help...Not accusations (read what I'm saying, I didn't says "false accusations")

Please take it to PM, I don't want to see yet another forum thread going to s*** because 2 people can't get along..

Posted

Re: Simple SQL Injection protection

Is killah's code safe? If not, can you post one that is, if it is possible to make one that's better than the simple market codes...

if(isset($_GET['ID']) AND eregi("[^0-9]", $_GET['ID'])) {

echo "Invalid Request";

and

$_GET['ID'] = abs((int) $_GET['ID']);

Posted

Re: Simple SQL Injection protection

If you add this

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

correctly it should stop the market injections.

For forums:

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

If you add those properly it should stop all url injections. Not sayint it will stop XSS ETC but majority PHP.

It wont stop all post injections either. But that could do the trick on securing your game for time bieng.

Posted

Re: Simple SQL Injection protection

Well, I would take Nyna's advice on this, she has taught me a bit on safety of my site e.g. form inputs and cleaning incoming data.

Just thought I would tell you all.

Nyna don't say -DON'T USE THIS- for nothing :wink:

Posted

Re: Simple SQL Injection protection

If any ones still worried about SQL injections after adding

$_GET['ID'] = abs((int) $_GET['ID']);

if you have price caps on the markets, you can easily have it automatically delete listings over the price cap. For example on the Crystal Market with a $1,000 price cap...

ALTER TABLE `crystalmarket` ADD `cmEACH` bigint(25) NOT NULL default 0;

Replace

global $db,$ir,$c,$userid,$h;

with

global $db,$ir,$c,$userid,$h;

$db->query("DELETE FROM crystalmarket WHERE cmEACH > 1000");

Replace

$db->query("INSERT INTO crystalmarket VALUES('',{$_POST['amnt']},$userid,$tp)");

with

$db->query("INSERT INTO crystalmarket VALUES('',{$_POST['amnt']},$userid,$tp,{$_POST['price']})");

Posted

Re: Simple SQL Injection protection

Ragnar you are totaly off...

 

You're unable to view this code.

Viewing code within this forum requires registration, you can register here for free.

 

If that dont work change the < to > or some what i forgot now since i just woke up :D

Posted

Re: Simple SQL Injection protection

 

Ragnar you are totaly off...i just woke up

Read the post while awake!!! :-D I wasn't posting a price cap!

 

if you have price caps on the markets, you can easily have it automatically delete listings over the price cap. For example on the Crystal Market with a $1,000 price cap...

I was posting a way to delete listings over a price cap if there is already a price cap! That code works just find with deleting listings over the price cap!

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...