Most visitors online was 12542 , on 28 Apr 2024
Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!
Join Today!if (!get_magic_quotes_gpc()) {
$... = addslashes($_POST['...']);
} else {
$... = $_POST['...'];
}
When need this SQL anti injection? All problems in ' - quotes and ; - symbol...
Use:
Themad!You really should do some reading....
The addslashes() is not a function to use for such a thing. Simply said:
$charname=addslashes("Fluffy'; drop table character"); // you should get Fluffy\'; drop table character; -- right ? try to execute it and see what happens..
mssql_query("select Resets from character where Name='".$charname."'");
\' doesn't cut it with mssql...you have to use two single quotes in order to avoid it . Str_replace("'","'',$var);
The script i have brough simply filters ALL user inputed variables from browser to server and checks not to double filter ( i mean the ' to become '''''..etc.. ), effective and without having to check every single post/get var..
If you are using an addslashes() function as a protection..better change it fast..
I have not downloaded muweb like..ever...i don't know how its build...can't help youThemad!
Please help me, how to add your script to muweb 08???, what file need to add....???
Thank!
I actually don't recommend using muweb 0.8 unless you redo all of the scripts, I have seen a lot of very effective scripts applied, including some of my own, get haxed on MW 0.8 :/anhnga said:Wink Re: [Release] Php Effective Anti Injection Script -> No symbol block
Quote:
Originally Posted by themad View Post
You really should do some reading....
The addslashes() is not a function to use for such a thing. Simply said:
$charname=addslashes("Fluffy'; drop table character"); // you should get Fluffy\'; drop table character; -- right ? try to execute it and see what happens..
mssql_query("select Resets from character where Name='".$charname."'");
\' doesn't cut it with mssql...you have to use two single quotes in order to avoid it . Str_replace("'","'',$var);
The script i have brough simply filters ALL user inputed variables from browser to server and checks not to double filter ( i mean the ' to become '''''..etc.. ), effective and without having to check every single post/get var..
If you are using an addslashes() function as a protection..better change it fast..
Themad!
Please help me, how to add your script to muweb 08???, what file need to add....???
Thank!
if you put it b4 the include "config.php"; or etc it clears all client controlled data before any scripts use that data... so its like:myea, i used to like muweb cause its so editable and simple. but now its plain garbage. unless someone comes up with the full and real fix to all the holes.
btw, i dont think this would work if u put in index.php, index.php is not the file whcih connects to mssql, if you put this in a file which actually has the connection scripts in it, page goes puff - blank.