Comments on: SQL Injections http://fernyb.net/blog/2007/01/30/sql-injections/ fernyb.net/blog Mon, 01 Dec 2008 18:18:38 +0000 http://wordpress.org/?v=2.6.3 By: FernyB http://fernyb.net/blog/2007/01/30/sql-injections/#comment-103 FernyB Fri, 09 Feb 2007 14:40:37 +0000 http://fernyb.net/blog/2007/01/30/sql-injections/#comment-103 The correct way of solving this is by using regular expressions and the mysql_real_escape_string function The correct way of solving this is by using regular expressions and the mysql_real_escape_string function

]]> By: DenisBB http://fernyb.net/blog/2007/01/30/sql-injections/#comment-102 DenisBB Fri, 09 Feb 2007 10:44:12 +0000 http://fernyb.net/blog/2007/01/30/sql-injections/#comment-102 such as < to &lt;* (yes it worked) such as < to &lt;*

(yes it worked)

]]> By: DenisBB http://fernyb.net/blog/2007/01/30/sql-injections/#comment-101 DenisBB Fri, 09 Feb 2007 10:43:42 +0000 http://fernyb.net/blog/2007/01/30/sql-injections/#comment-101 lol I thought y it doesn't work, but it seems like ferny or wordpress check for these symbols too so such symbols as < &lt; so they will be safe for your site lol I thought y it doesn’t work, but it seems like ferny or wordpress check for these symbols too

so

such symbols as < &lt;
so they will be safe for your site

]]> By: DenisBB http://fernyb.net/blog/2007/01/30/sql-injections/#comment-100 DenisBB Fri, 09 Feb 2007 10:42:03 +0000 http://fernyb.net/blog/2007/01/30/sql-injections/#comment-100 such symbols as such symbols as

]]> By: DenisBB http://fernyb.net/blog/2007/01/30/sql-injections/#comment-99 DenisBB Fri, 09 Feb 2007 10:41:28 +0000 http://fernyb.net/blog/2007/01/30/sql-injections/#comment-99 Adam, when you take values from $_GET array, you need to check those values for " ' and maybe some other characters, so that users won't be able to enter there whatevar code they like for example, if you want to get interget from $_GET['p'] forexample, you can do this $_GET['p'] + 0; when you add 0 to it, PHP will this of it as of number and if ppl will try to write there anything php won't read it another way is to do this htmlspecialchars($_GET['p']); here this function will convert such symbols as Adam, when you take values from $_GET array, you need to check those values for ” ‘ and maybe some other characters, so that users won’t be able to enter there whatevar code they like

for example, if you want to get interget from $_GET['p'] forexample, you can do this
$_GET['p'] + 0;

when you add 0 to it, PHP will this of it as of number and if ppl will try to write there anything php won’t read it

another way is to do this
htmlspecialchars($_GET['p']);

here this function will convert such symbols as

]]> By: adam libman http://fernyb.net/blog/2007/01/30/sql-injections/#comment-86 adam libman Mon, 05 Feb 2007 21:48:56 +0000 http://fernyb.net/blog/2007/01/30/sql-injections/#comment-86 if you could let me know what the issue is, i'd like to fix it. we're still at a beta level right now. Let me know. thanks adam if you could let me know what the issue is, i’d like to fix it. we’re still at a beta level right now. Let me know. thanks
adam

]]> By: DenisBB http://fernyb.net/blog/2007/01/30/sql-injections/#comment-74 DenisBB Tue, 30 Jan 2007 18:04:06 +0000 http://fernyb.net/blog/2007/01/30/sql-injections/#comment-74 or is it your radio. it really isn't a good thing. I came to your site and it started playin or is it your radio. it really isn’t a good thing. I came to your site and it started playin

]]> By: DenisBB http://fernyb.net/blog/2007/01/30/sql-injections/#comment-73 DenisBB Tue, 30 Jan 2007 18:02:14 +0000 http://fernyb.net/blog/2007/01/30/sql-injections/#comment-73 you are such a joker. by the way, could you make videos on your blog don't start automaticly? you are such a joker.

by the way, could you make videos on your blog don’t start automaticly?

]]>