Help me with these problems: In any profile, 2 IPs are detailed..I don't know why like that..Another one is when i posted an apostrophe, 3 slashes are added instead of only one..I have magic_quotes_gpc on and i also added an anti_injection function with mysql_real_escape_string, trim, strip_tags..I removed forbidden words like drop, update, etc..I just only need one function that can counter sql injection attack..
-
My Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.com -
whats the point in having magic quotes on ? its a security issue
slashes are added for the mysql_real_escape_string to escape the quotes as quotes are used for mysql injection
2 ips are detailed coz you have added a code to show ips twice, thats your coding issue, people here cant solve it until you give out the coding of the page exactly where two ips are listed, chances are that 1 will be hostname while other will be iptinyurl.com/earnbymobile
Easy earning for Indians
---------------------
Alternative mobile advertising network .. Minimum 100 USD pay / NET15 pay cycle, Good Brand, Best targeting for Android
goo.gl/6vub3 -
PHP Code://protect against sql injections and remove $ sign
if( !get_magic_quotes_gpc() )
{
if( is_array($_GET) )
{
while( list($k, $v) = each($_GET) )
{
if( is_array($_GET[$k]) )
{
while( list($k2, $v2) = each($_GET[$k]) )
{
$_GET[$k][$k2] = addslashes($v2);
}
@reset($_GET[$k]);
}
else
{
$_GET[$k] = addslashes($v);
}
}
@reset($_GET);
}
if( is_array($_POST) )
{
while( list($k, $v) = each($_POST) )
{
if( is_array($_POST[$k]) )
{
while( list($k2, $v2) = each($_POST[$k]) )
{
$_POST[$k][$k2] = addslashes($v2);
}
@reset($_POST[$k]);
}
else
{
$_POST[$k] = addslashes($v);
}
}
@reset($_POST);
Comment
-
Amylee, is that realLy w0rking?c0z i'm already using that..I got it fr0m sweEt angel's p0st..I used it and rem0ve mysql_real_escape_string which i have added beFore..Yeh, it addslashes but don't kn0w if it realLy rem0ves $ sign.?Originally posted by amylee View PostMy Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
Does it realLy protects all submitTed f0rms?Like in sh0uTb0x and chat where i cAn't see addslashes there..I cAn Only seE adDslashes in pm and in my chatbot that's why i'm thinking if that realLy pr0tect all submited f0rms..My Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
its directly from my script and yeah it does it jobComment
-
if you dont see slashes in your shouts and chats , iut means you can be easily hacked , recheck your entire coding , i guess you have missed many parts where you are supposed to block sql injectionOriginally posted by kiLLeR-eyEd_14 View Posttinyurl.com/earnbymobile
Easy earning for Indians
---------------------
Alternative mobile advertising network .. Minimum 100 USD pay / NET15 pay cycle, Good Brand, Best targeting for Android
goo.gl/6vub3Comment
-
PHP Code:if(!get_magic_quotes_gpc())
{
$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}
else
{
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
$_COOKIE = array_map('stripslashes', $_COOKIE);
$_GET = array_map('mysql_real_escape_string', $_GET);
$_POST = array_map('mysql_real_escape_string', $_POST);
$_COOKIE = array_map('mysql_real_escape_string', $_COOKIE);
}
Comment
-
does tis code do the same thing like what amylee's code does?Originally posted by Spook View PostComment
-
As far as I know, function mysql_real_escape_string() cant work for escaping $ sign.Wait...
sigpicComment
-
Thanks sPo0k..That's what i'm thinking bEf0re..If cAn i use or add mysql_real_escape_string in get_magic_quotes..Thanks again..My Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
My problem now is my registration page..I d0n't think i've got wr0ng c0dings in my register.php..It's w0rking bEf0re buT then 1time it got erRor..The next page sh0ws erRor buT registrati0n was sucCessful..CAn s0me1 telL me what cAuses this pr0blem?My Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
Originally posted by kiLLeR-eyEd_14 View Post
dude dont the mess your text wid upper and lower case duhComment
-
SorRy duDe..I'm using m0bile that's why i cAn't av0id using upPer cAse..If i'm using a c0mpuTer, i wilL n0t go make hard typing with upPercAse..LolMy Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
magic quotes will be disable soon...Why not verify all field? eg the function that check for illegal characters in the registration page? only allowed A-Z 1-9 space .? in input element... thats what i did with one of ma unfinished script http://mobispace.cogia.net works perfectly..:D use your head its easy to blackCode:;||id=1--;
Last edited by mcKeny; 06.05.09, 01:42.
R.M.C
----------
PHP Adovocate B)Comment
Comment