Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Clan Files PHP Converted

Moderator
Staff member
Moderator
Joined
Feb 22, 2008
Messages
2,404
Reaction score
723
just a question, is this sql inection safe proof? Also, you should REALLY look into parameterized queries. Building queries like this: "SELECT * FROM bla WHERE bla2 = '".$bla."' " is a really no no.
You know, I could take over your entire server by just using sqlmap =) (if this is sql injectable, of course)
 
Newbie Spellweaver
Joined
Apr 12, 2018
Messages
28
Reaction score
0
Missing GET Data how to fix this

SOD2.PHP .
Warning: sqlsrv_num_rows() expects parameter 1 to be resource, boolean given in C:\inetpub\wwwroot\Clan\sod2.php on line 42


 
Last edited:
RZA-PT | KilroyPT
Joined
Aug 27, 2007
Messages
936
Reaction score
85
@pukapukay the missing get data is because you're not sending the full query to it (%ipaddress%/clan/claninsert.php?gserver=%%%&chname=%%%% etc etc etc)
pull the query from your IIS logs (like i told you in discord)
you can't just browse to the php page and expect a response, it needs the GET data to go with it.... (how else will it know what the clan is and what char???)
SheenBR for a lot i had been utilising the filter_input_array to sanitise the strings to prevent XSS,

I had been looking at the PDO method, but it confuses me a bit, what is it doing differently? nothing I've read has given a definitive description. I understand you utilise the "prepare" command, but what is that actually doing? it send the query through but doesnt execute it?



i'll convert to pdo anyway. was looking to do that for the rest of mine anyway as it seems like a better cross platform method (mysql, oracle etc)
 
RZA-PT | KilroyPT
Joined
Aug 27, 2007
Messages
936
Reaction score
85
newly updated files.
now in pdo format with string cleansing to prevent sql injection.
requires php sqlsrv pdo to work.

still want to do more tinkering with sod2.php to make it sort out clan money etc but that can wait (also to update the wins and losses column)

but ill do that next time i feel energetic.
 
RZA-PT | KilroyPT
Joined
Aug 27, 2007
Messages
936
Reaction score
85
yea i have a repository on gitlab (dont have to pay to have private repos), will back them up there later



Ok I've created a GitLab repo for it,

https://gitlab.com/Phatkone/RageZone

I'll update original post with it.
 
Back
Top