Any thoughts how to prevent this?
Any thoughts how to prevent this?
You use prepared statements.
Unfortunately I don't have any idea how to make one. If you don't mind, can you share some links here in RaGEZONE that most likely you recommend to be use which is also effective?Originally Posted by CodeDragon
Through the game, the web or how?
Web in Ranking page.
Use a function:
Call the function in the variables, example:PHP Code:function antiinjectsql($tzgd){
/* Function anti sql injection by Amir Torrez */
$bn = array ("==", , "%s", "or 1", "'", "select", "insert", "from", "where", "exec", "0x", "set", "declare", "sql", '"');
$tzgd = preg_replace ($bn,'', $tzgd);
return $tzgd;
};
Use it in any variables, for example, GET and POST.PHP Code:$dios = antiinjectsql($_GET['dios']);
Para evitar llamar la funcion en cada variable se puede usar lo siguiente usando tu función:
Y se incluye este archivo en el config o al inicio de la web.foreach( $_GET as $variable => $valor ){
$_GET [ $variable ] = antiinjectsql($_GET [ $variable ]);
}
foreach( $_POST as $variable => $valor ){
$_POST [ $variable ] = antiinjectsql($_POST [ $variable ]);
}
Saludos!
Exactamente, aunque prefiero manual, debido al contenido de algunas otras variables, pero es a gusto del consumidor.
!= Exactly, although I prefer manually, due to the content of some other variables, but it is to consumer tastes.
Don't use an array with badwords. Instead, use what we call as "parameterized query". It is very simple and can help you.
Tuve problemas igualmente con unas variables, por ejemplo con el reCaptcha. Pero eso se puede solucionar con esto:
!= I had problems with some variables, for example with reCaptcha. But that can be fixed with this:
PD: Tendre cuidado con los gringoliebersPHP Code:foreach( $_POST as $variable => $valor ){
if ($variable=='g-recaptcha-response') {
continue;
}
$_POST [ $variable ] = anti_injection($_POST [ $variable ]);
}
Reply With Quote