LCKB ** OLD LCKB DATABASE ** Programmers Gateway Coders Talk v
PHP mysql_* commands and safe them.

Linear Mode
PHP mysql_* commands and safe them.
SeaLife Offline
Member
***
Posts: 79
Threads: 8
Thanks Received: 0 in 0 posts
Thanks Given: 0
Joined: Oct 2011
Reputation: 0
#1
01-11-2013, 05:25 PM

Hello!

 

Im Building my own Web Site (Demo: 2 ) and i wand to know how to make

 

mysql_query( $sql_query ) safe

 

 

im working with These Commands:

 

 

GetGet('q');

function GetGet($STRING) {
if(!isset($_GET[$STRING])) {
$return = "";
} else {
$return = sql_inj($_GET[$STRING]);
}
return $return;
}

GetPost('post:name');

function GetPost($STRING) {
if(!isset($_POST[$STRING])) {
$return = "";
} else {
$return = sql_inj($_POST[$STRING]);
}
return $return;
}

sql_inj( $string );

function sql_inj($sql) {
error_reporting (E_ALL ^ E_NOTICE ^E_DEPRECATED);
$sql = preg_replace(sql_regcase("/(from|<|>|'|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
$sql = htmlspecialchars($sql);
return $sql;
}

 

 

and now tell me, if i execute this, if it Safe:

mysql_query("UPDATE t_characters SET a_admin = ('".GetGet('adminlvl')."') WHERE a_nick = ('".GetGet('nick')."');");

 

 

 

 

THX

Find


Messages In This Thread
[No subject] - by SeaLife - 01-11-2013, 05:25 PM
[No subject] - by Wizatek - 01-13-2013, 12:31 AM
[No subject] - by mord - 01-13-2013, 02:09 AM
[No subject] - by Wizatek - 01-14-2013, 05:20 AM
[No subject] - by SeaLife - 01-22-2013, 04:30 PM
[No subject] - by Wizatek - 01-22-2013, 08:15 PM
[No subject] - by Samker132 - 02-08-2013, 10:32 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)