Tantra Freelancer
- Joined
- Apr 9, 2014
- Messages
- 541
- Reaction score
- 23
Any thoughts how to prevent this?
Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!
Join Today!You use prepared statements.
Through the game, the web or how?
Web in Ranking page.
function antiinjectsql($tzgd){
/* Function anti sql injection by Amir Torrez */
$bn = array ("==", , "%s", "or 1", "'", "select", "insert", "from", "where", "exec", "0x", "set", "declare", "sql", '"');
$tzgd = preg_replace ($bn,'', $tzgd);
return $tzgd;
};
$dios = antiinjectsql($_GET['dios']);
Use a function:
PHP:function antiinjectsql($tzgd){ /* Function anti sql injection by Amir Torrez */ $bn = array ("==", , "%s", "or 1", "'", "select", "insert", "from", "where", "exec", "0x", "set", "declare", "sql", '"'); $tzgd = preg_replace ($bn,'', $tzgd); return $tzgd; };
Call the function in the variables, example:
PHP:$dios = antiinjectsql($_GET['dios']);
Use it in any variables, for example, GET and POST.
Y se incluye este archivo en el config o al inicio de la web.foreach( $_GET as $variable => $valor ){
$_GET [ $variable ] = antiinjectsql($_GET [ $variable ]);
}
foreach( $_POST as $variable => $valor ){
$_POST [ $variable ] = antiinjectsql($_POST [ $variable ]);
}
Para evitar llamar la funcion en cada variable se puede usar lo siguiente usando tu función:
Y se incluye este archivo en el config o al inicio de la web.
Saludos!
foreach( $_POST as $variable => $valor ){
if ($variable=='g-recaptcha-response') {
continue;
}
$_POST [ $variable ] = anti_injection($_POST [ $variable ]);
}