[PHP/MySQL]Minor MySQL 'features'

Mindblaster7

Mindblaster7

Master Summoner
500 Posts 10 Happy Years
Joined
Oct 9, 2008
Messages
572
Reaction score
14
Hello :D

I decided to kick off the Java studying for a while and focus on web design and scripting, so after about one hour on studying and scripting I've come up with this:

http://nasu.dk/test.php

It took me 5 minutes to figgure out why it showed up errors when I tried to submit colors..

Also made a submittion page, just for the fun of it, to sumbit some details into test.php

Submitting details were put off cus of this:

Mindblaster7 - [PHP/MySQL]Minor MySQL 'features' - RaGEZONE Forums

Sadly cause I only posted information about the site on RZ..

I like it! This is just a sort of training for me, I will study on and such :)
 
mindblaster7 said:
Explain yourself, I am not following..
Click to expand...

Okey, I will try.

If you are using MySQL and PHP there is a possibility that people will inject something in your MySQL database. For instance drop table 'users' and so on... The mysql_real_escape_String will not allow symbols like ' or such to go through which will prevent your site from MySQL Injection. But of course there are thousands of other options how to inject. That's why most people use their own written scripts to prevent it and include ("them.php"). I hope that you understood it.

PHP: 
<?php
// Connect
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
    OR die(mysql_error());

// Query
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
            mysql_real_escape_string($user),
            mysql_real_escape_string($password));
?>

Code: 
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

More here: http://lv.php.net/manual/en/function.mysql-real-escape-string.php



Edit:
submit details were taking off due to some idiot who tried to mysql inject just after i uploaded it...
Click to expand...

See? That "idiot" was me. I'm not so good at MySQL so I was unable to do that. But believe me, there are some "idiots" around who can do much damage f you have no protection.

And just for the record. I am not an idiot. :D:
 
You must log in or register to reply here.

RaGEZONE Sponsor

    HyperFilter

About RaGEZONE

RaGEZONE® is the top forum for MMO, MMORPG, and mobile game development. We provide binaries, source codes, and tutorials for your favorite games, making it the go-to resource for developers and fans. You can also find and share private servers, fostering a vibrant gamer community.

Forum Statistics

Members online
1,140
Guests online
3,147
Total visitors
4,287
Totals may include hidden visitors.

RaGEZONE Partners

    nongamstopbets.com UK sites not on GamStop Casino Deps NZ
Back