Hello, this is the easyest kalonline website ( PhP ) i could made that working
some scrips are taken from others, credits go to them.
Its Very Very Easy to use, Check it out
Printable View
Hello, this is the easyest kalonline website ( PhP ) i could made that working
some scrips are taken from others, credits go to them.
Its Very Very Easy to use, Check it out
Wtf?lol
Its everything in 1 file:
- Status
- Register
- Ranking
- PW Change
All sql injectable tho
hmm okay how do i make so its not SQL injecktible?
PHP Code:if(alnum($var)) {
//proceed
}
else {
//gtfo
}
foxx? what u mean?
hahaha :)Quote:
Originally Posted by foxx
Exactly what I wrote?Quote:
Originally Posted by rise2shine
Where's the funny part?Quote:
Originally Posted by 2Kxx
nvmQuote:
Originally Posted by foxx
http://www.w3schools.com/PHP/default.asp was useful for me too
I can't get my head around why kal uses mssql -.- but ill give it a try like foxx said ill use his example, what I think he means is:
I just assumed that function checked ifPHP Code:$var = $_POST['username'];
if(alnum($var)) {
run the query, like register it etc etc
}
else {
echo 'You are not trying to inject some shit are you? :O';
}
had any bad characters in it, likePHP Code:$var
when you are handling mysql, but since this is sum mssql shit, I don't rly know, don't play around with outdated mssql like kal does xDPHP Code:mysql_real_escape_string
alnum is a function to check if a string contains only alpha numeric characters, return (bool)false otherwise
so it obviously doesn't matter whether you use postgres, mssql or mysql
Neither status nor ranking can possibly be injected, so definitely not _all_.Quote:
Originally Posted by Boarderkoen
Okay, thanks for the tip :) but i still think they should have used mysql xDQuote:
Originally Posted by foxx
lol you could make some more files not that we have to search codes :O:
lol i am so stupid whit making working website whit register script >.>
could someone help me? xD otherwise noone will come on my server :(
:P cya