Can somone Please Give me the most updated or safest anti sql because i use wizkids regpage obc v2 and my database is stilll getting hacked but the hackers only can change the levels and names please provide me with good anti sql and how to use thanks
[mod]removed .[/mod]
Last edited by Rotana; 08-07-09 at 05:18 AM.
Originally Posted by CrashPoint
He was asking of an anti sql script not how to sql inject ..
try this
PHP Code:function escape($string)
{
if(ini_get('magic_quotes_gpc'))
{
$string = stripslashes($string);
}
if(!function_exists('mssql_real_escape_string'))
{
$string = mysql_escape_string($string);
}
else
{
$string = mssql_real_escape_string($string);
}
return $string;
}
For MSSQL, none of the proposed solutions are safe; rather:
The above escapes data being entered as a MSSQL query.Code:function sanitizeQuery( $data ) { return( str_replace( "'", "''", $data ) ); }
will this stop injections tho? if not plz post one what does
Yes rhys918, that will stop many forms of injection.
You also released an anti-sql that only allowed A-Z a-z and 0-9 right ?
Issn't that one better than replacing the ' ?
I'm just guessing tho.
Rhys, come msn i will say you what to edit in HG Functions.php :)
