Haunted Dawg Posted May 11, 2008 Posted May 11, 2008 Re: Simple SQL Injection protection Dont you mean your code must be: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote
_ReapeR_ Posted May 11, 2008 Author Posted May 11, 2008 Re: Simple SQL Injection protection Yeah, that's exactly what I meant. xD :lol: Quote
Haunted Dawg Posted May 11, 2008 Posted May 11, 2008 Re: Simple SQL Injection protection You could always do some thing like this, You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote
Guest Anonymous Posted May 12, 2008 Posted May 12, 2008 Re: Simple SQL Injection protection Oh dear... Advice to all -- DO NOT USE THIS -- It is far to simple to bypass. I won't tell you how for obvious reasons, (Killah PM me if you want to know why). Quote
_ReapeR_ Posted May 12, 2008 Author Posted May 12, 2008 Re: Simple SQL Injection protection Might want to fix that, for the copy and pasters here. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Suppose to be You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Simple things can make people go mad. :-) Quote
Haunted Dawg Posted May 12, 2008 Posted May 12, 2008 Re: Simple SQL Injection protection Might want to fix that, for the copy and pasters here. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Suppose to be You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Simple things can make people go mad. :-) Funny how you say copy & pasters, please go look at my last post's you'll notice i dont copy & paste. Quote
_ReapeR_ Posted May 12, 2008 Author Posted May 12, 2008 Re: Simple SQL Injection protection No, I wasn't calling you a copy and paster. I was referring to those who say,"Oh, cool, a new code." They copy and paste it without looking over it to see what it does, what it contains, and why it does what it does. So, sorry if you felt I was talking about you when I said copy and pasters. Quote
Guest Anonymous Posted May 12, 2008 Posted May 12, 2008 Re: Simple SQL Injection protection Seems I should have suggest that _ReapeR_ get in touch... Again - DO NOT USE THIS - it has MAJOR vulnerabilities Quote
Decepti0n Posted May 12, 2008 Posted May 12, 2008 Re: Simple SQL Injection protection Man, so accusatory with these "mods". Anything with 'select' in the url != intrusion attempt. It's not going to be very friendly if you wind up going to a profile, say, user.php?name=selectMan, and being labelled a hacker. But sure Quote
Krafty Posted May 12, 2008 Posted May 12, 2008 Re: Simple SQL Injection protection You guys seriously don't see the DANGERS? DAmn... Quote
SaMz Posted May 12, 2008 Posted May 12, 2008 Re: Simple SQL Injection protection I Cant See Any But Ill Take Naynas Advice as Shes Better Den Us!, And Always Right :-) Quote
Magictallguy Posted May 13, 2008 Posted May 13, 2008 Re: Simple SQL Injection protection *makes buzzer sound* Actually, Nyna isn't "always" right (as she will most likely confirm) - but she does have 30+ years of experience behind her and knows what she is doing :) I Cant See Any But Ill Take Naynas Advice as Shes Better Den Us!, And Always Right :-) Quote
glg216 Posted May 14, 2008 Posted May 14, 2008 Re: Simple SQL Injection protection _ReapeR_ next time you try a SQL injection do it on your own game. i don't appreciate you hacking my game. Quote
Magictallguy Posted May 14, 2008 Posted May 14, 2008 Re: Simple SQL Injection protection This forum is for help...Not accusations (read what I'm saying, I didn't says "false accusations") Please take it to PM, I don't want to see yet another forum thread going to s*** because 2 people can't get along.. Quote
Ragnar Posted May 15, 2008 Posted May 15, 2008 Re: Simple SQL Injection protection Is killah's code safe? If not, can you post one that is, if it is possible to make one that's better than the simple market codes... if(isset($_GET['ID']) AND eregi("[^0-9]", $_GET['ID'])) { echo "Invalid Request"; and $_GET['ID'] = abs((int) $_GET['ID']); Quote
Haunted Dawg Posted May 15, 2008 Posted May 15, 2008 Re: Simple SQL Injection protection If you add this You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. correctly it should stop the market injections. For forums: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. If you add those properly it should stop all url injections. Not sayint it will stop XSS ETC but majority PHP. It wont stop all post injections either. But that could do the trick on securing your game for time bieng. Quote
Ishy Posted May 15, 2008 Posted May 15, 2008 Re: Simple SQL Injection protection Well, I would take Nyna's advice on this, she has taught me a bit on safety of my site e.g. form inputs and cleaning incoming data. Just thought I would tell you all. Nyna don't say -DON'T USE THIS- for nothing :wink: Quote
Ragnar Posted May 16, 2008 Posted May 16, 2008 Re: Simple SQL Injection protection If any ones still worried about SQL injections after adding $_GET['ID'] = abs((int) $_GET['ID']); if you have price caps on the markets, you can easily have it automatically delete listings over the price cap. For example on the Crystal Market with a $1,000 price cap... ALTER TABLE `crystalmarket` ADD `cmEACH` bigint(25) NOT NULL default 0; Replace global $db,$ir,$c,$userid,$h; with global $db,$ir,$c,$userid,$h; $db->query("DELETE FROM crystalmarket WHERE cmEACH > 1000"); Replace $db->query("INSERT INTO crystalmarket VALUES('',{$_POST['amnt']},$userid,$tp)"); with $db->query("INSERT INTO crystalmarket VALUES('',{$_POST['amnt']},$userid,$tp,{$_POST['price']})"); Quote
Haunted Dawg Posted May 17, 2008 Posted May 17, 2008 Re: Simple SQL Injection protection Ragnar you are totaly off... You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. If that dont work change the < to > or some what i forgot now since i just woke up :D Quote
~Destiny-Gaming~ Posted May 17, 2008 Posted May 17, 2008 Re: Simple SQL Injection protection LOL This Would Have Helped! Quote
Ragnar Posted May 17, 2008 Posted May 17, 2008 Re: Simple SQL Injection protection Ragnar you are totaly off...i just woke up Read the post while awake!!! :-D I wasn't posting a price cap! if you have price caps on the markets, you can easily have it automatically delete listings over the price cap. For example on the Crystal Market with a $1,000 price cap... I was posting a way to delete listings over a price cap if there is already a price cap! That code works just find with deleting listings over the price cap! Quote
Haunted Dawg Posted May 18, 2008 Posted May 18, 2008 Re: Simple SQL Injection protection Even still, there is no need to add a new row to the table. Just a simple You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. would work. Quote
mentaljason Posted June 20, 2008 Posted June 20, 2008 Re: Simple SQL Injection protection Tamper data add-on for firefox can get past that. Thats is a bit vague im talking about the original get ui on other page Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.