don't use this script.. you will be hacked !
don't use this script.. you will be hacked !
Care to bring some arguments to the table?Originally Posted by LuC1o08
i added this script to my config.php , is ir right?
Big thanks for the script! Works perfectly! But how do I add a return text or redirection to other page if someone has been trying to inject?
el problema es que donde lo pongo?
gracias
to add this to your web you need to add that scribt into EACH web file that connect with your DATABSE
if there is already a script tag just add it above it if not you need add a sript tag blablabla... like
<?
ADD SQL INJECTION SCRIPT HERE
?>
ok now some ppl may say just add it to index.php since it includes all other stuff (this helps only against total retards^^) but the point is ppl dont need to use index.php they can navigate in the website easy by using ip/characters.php blabla and so on so you need to add it to EACH and i like to repeat it EACH file with db connection to be sure that you are safe ^^
Rephrased:
PHP Code:function xw_sanitycheck($str){ return strpos(str_replace('\'\'','',' '.$str),'\'') ? str_replace('\'', '\'\'', $str) : $str; }
function secure($str){
if (is_array($str))
foreach($str AS $id => $value)
$str["$id"] = secure($value);
else
$str = xw_sanitycheck($str);
return $str;
}
function secure2(&$str){
return secure($str);
}
secure2($_GET);
secure2($_POST);
secure2($_COOKIE);
Last edited by themad; 04-07-10 at 11:03 AM.
Reply With Quote