Thanks, Good Job :]
Which files connecting to mssql/ODBC ?
Thanks, Good Job :]
Which files connecting to mssql/ODBC ?
thx you veri much
ENG: Great 10/10 !
BG: bravo 10/10 !
sorry my noob question but..
where i paste this script?
good release , useful :))
Yes, how to put this code, where to put in the file?
One file or all file in web
etc: Where to put in MuWeb8.......
Thank!!!!!
When need this SQL anti injection? All problems in ' - quotes and ; - symbol...
Use:
if (!get_magic_quotes_gpc()) {
$... = addslashes($_POST['...']);
} else {
$... = $_POST['...'];
}
thx ;) Good job. :technolog
You really should do some reading....Originally Posted by SlavOOn
The addslashes() is not a function to use for such a thing. Simply said:
$charname=addslashes("Fluffy'; drop table character"); // you should get Fluffy\'; drop table character; -- right ? try to execute it and see what happens..
mssql_query("select Resets from character where Name='".$charname."'");
\' doesn't cut it with mssql...you have to use two single quotes in order to avoid it . Str_replace("'","'',$var);
The script i have brough simply filters ALL user inputed variables from browser to server and checks not to double filter ( i mean the ' to become '''''..etc.. ), effective and without having to check every single post/get var..
If you are using an addslashes() function as a protection..better change it fast..
Themad!
Please help me, how to add your script to muweb 08???, what file need to add....???
Thank!
I have not downloaded muweb like..ever...i don't know how its build...can't help you
Hmm,my site uses sql_inject.php , if i'll put this script in it,script would work?
It is a nice script but it won't put an end to malicious attack. In MUweb ppl still could get their board hacked by remote inclusion, in a web of czf there's xss ... But the script does good enough to stop sql injection. wat i fear is blind sql injection -.-
bug good man thx !!!
Nice.. thx man
10/10
Keep it Up!
Reply With Quote