FernyB

8 Responses to “ SQL Injections ”

1. # 1 DenisBB Says:
   January 30th, 2007 at 10:02 am

   you are such a joker.

   by the way, could you make videos on your blog don’t start automaticly?

2. # 2 DenisBB Says:
   January 30th, 2007 at 10:04 am

   or is it your radio. it really isn’t a good thing. I came to your site and it started playin

3. # 3 adam libman Says:
   February 5th, 2007 at 1:48 pm

   if you could let me know what the issue is, i’d like to fix it. we’re still at a beta level right now. Let me know. thanks
   adam

4. # 4 DenisBB Says:
   February 9th, 2007 at 2:41 am

   Adam, when you take values from $_GET array, you need to check those values for ” ‘ and maybe some other characters, so that users won’t be able to enter there whatevar code they like

   for example, if you want to get interget from $_GET['p'] forexample, you can do this
   $_GET['p'] + 0;

   when you add 0 to it, PHP will this of it as of number and if ppl will try to write there anything php won’t read it

   another way is to do this
   htmlspecialchars($_GET['p']);

   here this function will convert such symbols as

5. # 5 DenisBB Says:
   February 9th, 2007 at 2:42 am

   such symbols as

6. # 6 DenisBB Says:
   February 9th, 2007 at 2:43 am

   lol I thought y it doesn’t work, but it seems like ferny or wordpress check for these symbols too

   so

   such symbols as < &lt;
   so they will be safe for your site

7. # 7 DenisBB Says:
   February 9th, 2007 at 2:44 am

   such as < to &lt;*

   (yes it worked)

8. # 8 FernyB Says:
   February 9th, 2007 at 6:40 am

   The correct way of solving this is by using regular expressions and the mysql_real_escape_string function

Leave a Reply