Php Effective Anti Injection Script -> No symbol block

Thanks, Good Job :]
Which files connecting to mssql/ODBC ?

thx you veri much

ENG: Great 10/10 !
BG: bravo 10/10 !

sorry my noob question but..

where i paste this script?

good release , useful :))

Yes, how to put this code, where to put in the file?
One file or all file in web
etc: Where to put in MuWeb8.......
Thank!!!!!

When need this SQL anti injection? All problems in ' - quotes and ; - symbol...

Use:

Quote:

---

if (!get_magic_quotes_gpc()) {
$... = addslashes($_POST['...']);
} else {
$... = $_POST['...'];
}

---

thx ;) Good job. :technolog

Quote:

---

Originally Posted by SlavOOn

When need this SQL anti injection? All problems in ' - quotes and ; - symbol...

Use:

---

You really should do some reading....
The addslashes() is not a function to use for such a thing. Simply said:
$charname=addslashes("Fluffy'; drop table character"); // you should get Fluffy\'; drop table character; -- right ? try to execute it and see what happens..
mssql_query("select Resets from character where Name='".$charname."'");

\' doesn't cut it with mssql...you have to use two single quotes in order to avoid it . Str_replace("'","'',$var);

The script i have brough simply filters ALL user inputed variables from browser to server and checks not to double filter ( i mean the ' to become '''''..etc.. ), effective and without having to check every single post/get var..

If you are using an addslashes() function as a protection..better change it fast..

Quote:

---

Originally Posted by themad

You really should do some reading....
The addslashes() is not a function to use for such a thing. Simply said:
$charname=addslashes("Fluffy'; drop table character"); // you should get Fluffy\'; drop table character; -- right ? try to execute it and see what happens..
mssql_query("select Resets from character where Name='".$charname."'");

\' doesn't cut it with mssql...you have to use two single quotes in order to avoid it . Str_replace("'","'',$var);

The script i have brough simply filters ALL user inputed variables from browser to server and checks not to double filter ( i mean the ' to become '''''..etc.. ), effective and without having to check every single post/get var..

If you are using an addslashes() function as a protection..better change it fast..

---

Themad!
Please help me, how to add your script to muweb 08???, what file need to add....???
Thank!

Quote:

---

Originally Posted by anhnga

Themad!
Please help me, how to add your script to muweb 08???, what file need to add....???
Thank!

---

I have not downloaded muweb like..ever...i don't know how its build...can't help you

Hmm,my site uses sql_inject.php , if i'll put this script in it,script would work?

It is a nice script but it won't put an end to malicious attack. In MUweb ppl still could get their board hacked by remote inclusion, in a web of czf there's xss ... But the script does good enough to stop sql injection. wat i fear is blind sql injection -.-

bug good man thx !!!

Nice.. thx man
10/10
Keep it Up!