grrrr

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    grrrr

    i thought i had this covered but seems not.
    Code:
    else if($action=="uprof")
    {
        addonline(getuid_sid($sid),"Updating Settings","");
        $savat = mysql_real_escape_string($_POST["savat"]);
        $semail = mysql_real_escape_string($_POST["semail"]);
        $ubday = mysql_real_escape_string($_POST["ubday"]);
        $uloc = mysql_real_escape_string($_POST["uloc"]);
        $usig = mysql_real_escape_string($_POST["usig"]);
        $usex = mysql_real_escape_string($_POST["usex"]);
        $ms = mysql_real_escape_string($_POST["ms"]);
    Code:
    /////////////////////
    
    function mysql_real_escape_string($string) 
    {
     $badWords = "(delete)|(update)|(union)|(insert)| (drop)|(http)|(--)|(>)|(<)|(&)|(#)"; 
     $string = eregi_replace($badWords, "", $string);
    
     $string = mysql_real_escape_string($string); 
    
    return $string;
     }
    /////////////////////////////
    just had some muppet update all my location and emails to this site always gets hacked.

    last person that did this was huwad or his mates .

    why dont the codes i got in place stop this ? ? ?
    Last edited by nclemale36; 16.10.10, 17:16.
    Wapchat4u


    Topsites4u

    #2
    block ' , in inputs
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    Comment


      #3
      so add (,) to

      Code:
      $badWords = "(delete)|(update)|(union)|(insert)| (drop)|(http)|(--)|(>)|(<)|(&)|(#)";
      ???
      Wapchat4u


      Topsites4u

      Comment


        #4
        Originally posted by nclemale36 View Post
        so add (,) to

        Code:
        $badWords = "(delete)|(update)|(union)|(insert)| (drop)|(http)|(--)|(>)|(<)|(&)|(#)";
        ???
        PHP Code:
        function clean($str) { 
                
        $str = @trim($str); 
                if(
        get_magic_quotes_gpc()) { 
                    
        $str=htmlspecialchars($str);                        
                    
        $str=stripslashes(trim($str)); 
                    
        $search=array("\\","\0","\n","\r","\x1a","'",'"'); 
                    
        $replace=array("\\\\","\\0","\\n","\\r","\Z","\'",'\"'); 
                    
        $str str_replace($search,$replace,$str); 
                } 
                return 
        mysql_real_escape_string($str); 
            } 
        sigpic

        Comment


          #5
          do i replace that with my function ? ? ? @ optical. .
          Wapchat4u


          Topsites4u

          Comment


            #6
            sanitize the query where the browser and ip gets updated.

            Comment


              #7
              PHP Code:
              function sanitize($value$escape FALSE)
              {
               if(
              is_array($value) OR is_object($value))
               {
                foreach(
              $value as $k => $v)
                {
                 
              // Handle recursively
                 
              $value[$k] = sanitize($v, (bool) $escape);
                }
               }
               elseif(
              is_string($value))
               {
                 if(
              get_magic_quotes_gpc())
                {
                  
              $value stripslashes($value);
                }

                if(
              strpos($value"\r") === TRUE)
                {
                 
              $value str_replace(array("\r\n""\n"), "\n"$value);
                }

               return (
              $escape) ? mysql_real_escape_string($value) : $value;
               }
              }

              $_GET sanitize($_GET);
              $_POST sanitize($_POST);
              $_COOKIE sanitize($_COOKIE); 
              Added after 2 minutes:

              and oh i just noticed your function name is a reserved php function, thats stupid.
              Last edited by CreativityKills; 17.10.10, 06:36.

              Comment


                #8
                its not really i just put it like that on here so no one else sees my real function
                Wapchat4u


                Topsites4u

                Comment


                  #9
                  um why? Youre afraid someone will use it remotely? Lol half you folks dont know a thing about php.

                  Comment

                  Working...
                  X