SQL Injections
So I found this site its kinda funny. They have major issues with their sql queries. check it out for yourself.
theconcertgoer.com
-
I am Fernando Barajas. Mostly known as FernyB.
-
|
|
|
Recent Listened to TracksPink Floyd - Keep Talking on Sep 5, 2008 - 1:09:43 PM Pink Floyd - High Hopes on Sep 5, 2008 - 1:01:12 PM Pink Floyd - A Great Day for Freedom on Sep 5, 2008 - 12:56:53 PM Pink Floyd - Coming Back to Life on Sep 5, 2008 - 12:50:34 PM Pink Floyd - Cluster One on Sep 5, 2008 - 12:44:35 PM |
January 30th, 2007 at 10:02 am
you are such a joker.
by the way, could you make videos on your blog don’t start automaticly?
January 30th, 2007 at 10:04 am
or is it your radio. it really isn’t a good thing. I came to your site and it started playin
February 5th, 2007 at 1:48 pm
if you could let me know what the issue is, i’d like to fix it. we’re still at a beta level right now. Let me know. thanks
adam
February 9th, 2007 at 2:41 am
Adam, when you take values from $_GET array, you need to check those values for ” ‘ and maybe some other characters, so that users won’t be able to enter there whatevar code they like
for example, if you want to get interget from $_GET['p'] forexample, you can do this
$_GET['p'] + 0;
when you add 0 to it, PHP will this of it as of number and if ppl will try to write there anything php won’t read it
another way is to do this
htmlspecialchars($_GET['p']);
here this function will convert such symbols as
February 9th, 2007 at 2:42 am
such symbols as
February 9th, 2007 at 2:43 am
lol I thought y it doesn’t work, but it seems like ferny or wordpress check for these symbols too
so
such symbols as < <
so they will be safe for your site
February 9th, 2007 at 2:44 am
such as < to <*
(yes it worked)
February 9th, 2007 at 6:40 am
The correct way of solving this is by using regular expressions and the mysql_real_escape_string function