Hello, this is the easyest kalonline website ( PhP ) i could made that working
some scrips are taken from others, credits go to them.
Its Very Very Easy to use, Check it out
Hello, this is the easyest kalonline website ( PhP ) i could made that working
some scrips are taken from others, credits go to them.
Its Very Very Easy to use, Check it out
Wtf?lol
Its everything in 1 file:
- Status
- Register
- Ranking
- PW Change
All sql injectable tho
hmm okay how do i make so its not SQL injecktible?
PHP Code:if(alnum($var)) {
//proceed
}
else {
//gtfo
}
foxx? what u mean?
hahaha :)Originally Posted by foxx
Exactly what I wrote?
Where's the funny part?
nvm
http://www.w3schools.com/PHP/default.asp was useful for me too
I can't get my head around why kal uses mssql -.- but ill give it a try like foxx said ill use his example, what I think he means is:
I just assumed that function checked ifPHP Code:$var = $_POST['username'];
if(alnum($var)) {
run the query, like register it etc etc
}
else {
echo 'You are not trying to inject some shit are you? :O';
}
had any bad characters in it, likePHP Code:$var
when you are handling mysql, but since this is sum mssql shit, I don't rly know, don't play around with outdated mssql like kal does xDPHP Code:mysql_real_escape_string
alnum is a function to check if a string contains only alpha numeric characters, return (bool)false otherwise
so it obviously doesn't matter whether you use postgres, mssql or mysql
Neither status nor ranking can possibly be injected, so definitely not _all_.
Okay, thanks for the tip :) but i still think they should have used mysql xD
lol you could make some more files not that we have to search codes
lol i am so stupid whit making working website whit register script >.>
could someone help me? xD otherwise noone will come on my server :(
:P cya
Then go into website theard and take one?
Reply With Quote