SQL Injections

Posted in Hacks, Programming, Uncategorized on Jan 30, 2007

So I found this site its kinda funny. They have major issues with their sql queries. check it out for yourself.
theconcertgoer.com

8 Responses to “ SQL Injections ”

  1. # 1 DenisBB Says:

    you are such a joker.

    by the way, could you make videos on your blog don’t start automaticly?

  2. # 2 DenisBB Says:

    or is it your radio. it really isn’t a good thing. I came to your site and it started playin

  3. # 3 adam libman Says:

    if you could let me know what the issue is, i’d like to fix it. we’re still at a beta level right now. Let me know. thanks
    adam

  4. # 4 DenisBB Says:

    Adam, when you take values from $_GET array, you need to check those values for ” ‘ and maybe some other characters, so that users won’t be able to enter there whatevar code they like

    for example, if you want to get interget from $_GET[‘p’] forexample, you can do this
    $_GET[‘p’] + 0;

    when you add 0 to it, PHP will this of it as of number and if ppl will try to write there anything php won’t read it

    another way is to do this
    htmlspecialchars($_GET[‘p’]);

    here this function will convert such symbols as

  5. # 5 DenisBB Says:

    such symbols as

  6. # 6 DenisBB Says:

    lol I thought y it doesn’t work, but it seems like ferny or wordpress check for these symbols too

    so

    such symbols as < &lt;
    so they will be safe for your site

  7. # 7 DenisBB Says:

    such as < to &lt;*

    (yes it worked)

  8. # 8 FernyB Says:

    The correct way of solving this is by using regular expressions and the mysql_real_escape_string function

  • Recent Comments