grrrr

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    grrrr

    i thought i had this covered but seems not.
    Code:
    else if($action=="uprof")
{
    addonline(getuid_sid($sid),"Updating Settings","");
    $savat = mysql_real_escape_string($_POST["savat"]);
    $semail = mysql_real_escape_string($_POST["semail"]);
    $ubday = mysql_real_escape_string($_POST["ubday"]);
    $uloc = mysql_real_escape_string($_POST["uloc"]);
    $usig = mysql_real_escape_string($_POST["usig"]);
    $usex = mysql_real_escape_string($_POST["usex"]);
    $ms = mysql_real_escape_string($_POST["ms"]);
    Code:
    /////////////////////

function mysql_real_escape_string($string) 
{
 $badWords = "(delete)|(update)|(union)|(insert)| (drop)|(http)|(--)|(>)|(<)|(&)|(#)"; 
 $string = eregi_replace($badWords, "", $string);

 $string = mysql_real_escape_string($string); 

return $string;
 }
/////////////////////////////
    just had some muppet update all my location and emails to this site always gets hacked.

    last person that did this was huwad or his mates .

    why dont the codes i got in place stop this ? ? ?
    Last edited by nclemale36; 16.10.10, 17:16.
    Wapchat4u


    Topsites4u
    Tags: None
    #2
    block ' , in inputs
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    Comment

      #3
      so add (,) to

      Code:
      $badWords = "(delete)|(update)|(union)|(insert)| (drop)|(http)|(--)|(>)|(<)|(&)|(#)";
      ???
      Wapchat4u


      Topsites4u

      Comment

        #4
        Originally posted by nclemale36 View Post
        so add (,) to

        Code:
        $badWords = "(delete)|(update)|(union)|(insert)| (drop)|(http)|(--)|(>)|(<)|(&)|(#)";
        ???
        PHP Code:
        function clean($str) { 
                        $str = @trim($str); 
                if(        get_magic_quotes_gpc()) { 
                            $str=htmlspecialchars($str);                        
                            $str=stripslashes(trim($str)); 
                            $search=array("\\","\0","\n","\r","\x1a","'",'"'); 
                            $replace=array("\\\\","\\0","\\n","\\r","\Z","\'",'\"'); 
                            $str str_replace($search,$replace,$str); 
                } 
                return         mysql_real_escape_string($str); 
            } 
        sigpic

        Comment

          #5
          do i replace that with my function ? ? ? @ optical. .
          Wapchat4u


          Topsites4u

          Comment

            #6
            sanitize the query where the browser and ip gets updated.

            Comment

              #7
              PHP Code:
              function sanitize($value$escape FALSE)
              {
               if(              is_array($value) OR is_object($value))
               {
                foreach(              $value as $k => $v)
                {
                               // Handle recursively
                               $value[$k] = sanitize($v, (bool) $escape);
                }
               }
               elseif(              is_string($value))
               {
                 if(              get_magic_quotes_gpc())
                {
                                $value stripslashes($value);
                }

                if(              strpos($value"\r") === TRUE)
                {
                               $value str_replace(array("\r\n""\n"), "\n"$value);
                }

               return (              $escape) ? mysql_real_escape_string($value) : $value;
               }
              }

              $_GET sanitize($_GET);
              $_POST sanitize($_POST);
              $_COOKIE sanitize($_COOKIE); 
              Added after 2 minutes:

              and oh i just noticed your function name is a reserved php function, thats stupid.
              Last edited by CreativityKills; 17.10.10, 06:36.

              Comment

                #8
                its not really i just put it like that on here so no one else sees my real function
                Wapchat4u


                Topsites4u

                Comment

                  #9
                  um why? Youre afraid someone will use it remotely? Lol half you folks dont know a thing about php.

                  Comment

                  Previous template Next
                  Working...
                  X