|
PHP - Preventing Sql Injections + Being Able To Fetch An Array
Basically, I have the following code ($c2 is my connection variable):
Code: [Select] $rid = $_GET['id']; $q = mysql_query("SELECT * FROM reports WHERE id = $rid", $c2) or die(mysql_error()); $report = mysql_fetch_array($q); $report is used later on to gather more information that is outputted to the user. However, if in the URL, someone were to put id=1', they would have an error message spit out to them (something along the lines of: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1), indicating a SQL Injection exploit. How would I go about fixing this, and also preventing SQL Injection? Thanks a bunch, Mark Similar TutorialsHaving problem with a bit of code. I am trying to fetch data from the database, I have used mysql_fetch_array before, and even in later bits of code. I want to use this data for an IF statement later on. The IF statement isn't there, because this code is catching somewhere. The fetch array is working fine, and it echos out the correct row in database that it should. The issue, it stops displaying code that follows it. In the code, I have put a comment (// Code kills here ....) where the code is killing. I have identified the few lines of code that is killing the script. You can see the page.. The number 71 is what is supposed to be supplied by the query and array. This is the page as it is with the trouble code. Here is the page without the trouble bit of code, and it displays all that it should. But it doesn't have the functionality I want to build in with the array obviously. Here is the code with highlight bit of trouble: /source/userinfo.php Code: [Select] <?php include ("db.php"); $get_info = mysql_query ("SELECT * FROM registrations WHERE u_id=$uid AND appid=$appid" , $link2); //Begin Trouble Code while ($check = mysql_fetch_array($get_info)) { echo $check['assign_id']; } //End Trouble Code // Code kills here, for some reason.... Proper assign_id displayed, but it kills script. $count = mysql_num_rows($get_info); if ($count >= 1) { $get_jos_info = mysql_query ("SELECT * FROM jos_users WHERE id=$appid" , $link); $get_avatar = mysql_query ("SELECT * FROM jos_comprofiler WHERE user_id=$appid" , $link); while ($avatar_link = mysql_fetch_array($get_avatar)) $avatarurl = $avatar_link['avatar']; echo $avatar_link['avatar']; echo "<table border='0' width='70%' align='center' cellpadding=5>"; while ($rowteam = mysql_fetch_array($get_info)) { while ($rowjos = mysql_fetch_array($get_jos_info)) { $urlbegin = "<img src='http://versionxlegends.com/images/comprofiler/tn"; $urlend = "'>"; echo "<tr><td width=100% align=center colspan=2>".$urlbegin.$avatarurl.$urlend."</td></tr>"; echo $avatar; echo "<tr><td width=40% align=right><strong>Registration #</strong></td><td width=60% align=center>$rowjos[id]</td></tr>"; echo "<tr><td width=40% align=right><strong>User's Username</strong></td><td width=60% align=center>$rowteam[username]</td></tr>"; echo "<tr><td width=40% align=right><strong>User's Name</strong></td><td width=60% align=center>$rowteam[name]</td></tr>"; echo "<tr><td width=40% align=right><strong>Provided Skype Username</strong></td><td width=60% align=center>$rowteam[skype]</td></tr>"; //Add script for lead only view Email Address. Team Member, field is hidden. Lead sees email and a YES/NO if email matches. If not, lead will email user to get email verification, to edit account before assignments occur. echo "<tr><td width=40% align=right><strong>E-Mail Address</strong></td><td width=60% align=center>$rowteam[email]</td></tr>"; echo "<tr><td width=40% align=right><strong>Registration Date</strong></td><td width=60% align=center>$rowjos[registerDate]</td></tr>"; // Add script for lead only view age. Team Member, field is hidden. Lead sees birthdate and/or age and a YES/NO if age matches. If not, lead will email user with ID verification e-mail, to verify age before assignments occur. echo "<tr><td width=40% align=right><strong>Age</strong></td><td width=60% align=center>$rowteam[age]</td></tr>"; }} echo "</table>"; } else { echo "Invalid URL. Registration does not exist"; } ?> This code is included within this page: viewregistration.php Code: [Select] <?php session_start(); $user_id = $_SESSION['user_id']; $uid = $_GET['u_id']; $appid= $_GET['appid']; include ("db.php"); $get = mysql_query ("SELECT * FROM registrations WHERE u_id = $uid AND appid=$appid", $link2); echo $get; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252" /> <title>Nuke Ice By ThemeKings</title> <link rel="stylesheet" type="text/css" href="nuke-ice.css" /> </head> <body> <div id="wrapper"> <div id="banner"> <div id="banner-edit"></div> </div> <div id="container"> <?php include ("sidebar.php"); ?> <div id="col-2"> <?php $uid = $_GET['uid']; $appid= $_GET['appid']; ?> <div class="CntBox"> <div class="CntHead"> <div class="CntHeadInfo">User Information</div> </div> <div class="CntFill"> <div class="CntInfo"> <?php include ("./source/userinfo.php"); ?> </div> </div> <div class="CntFooter"></div> </div> I included this bit of code so you can see some of the variables that were assigned in another file. Hi all, I'm new to PHP have written some code to extract data from mysql. here it is <!DOCTYPE html> <html lang="en"> result 1.png 18.34KB 0 downloads result 2.png 24.62KB 0 downloads Table.png 4.61KB 0 downloads <head> <meta charset="utf-8" /> <title></title> </head> <body> <?php echo "Testing Database....<br>"; $con = mysqli_connect('localhost', 'db_id', 'my_pw', 'mysql_db'); $result = $con->query("SELECT user_id FROM users"); echo "Number of users : ".$result->num_rows."<br><br>"; $row = mysqli_fetch_row($result); echo $row[0]."<br>"; echo $row[1]."<br>"; echo $row[2]."<br>"; ?> </body> </html> in result number of rows its giving right, but when i fetch the result in row, its giving only first row. rest all are empty. then further i have tested few more things like, i change the query as below 'SELECT * FROM users' now this is giving another strange result. It selected first row of the table and making array for all available columns. i have attached herewith image of my table, and result of both of my queries. Could someone guide me on this issue... Hi, I'm wondering if theres a shortcut to a potential problem I have. I'm currently running a query on my website to pull all the fields from a table in my database, for the data to be used on various parts of the page. Usually I would do something as follows Code: [Select] $result = mysql_query("SELECT * FROM table WHERE page='1'"); while ($row=mysql_fetch_array($result)) { $title = $row["title"]; $data = $row["data"]; } And so on and so forth. I would then call the appropriate data by echoing $data for example. However, my table contains a lot more rows than i've mentioned (Around 25 or so). Rather than assigning each to a variable and having a large portion of variable assignments at the top of the page, is there any clever way of putting all of these values inside of an array. So for example, I could call $array_data["title"] or $array_data["data"]?? So it keeps the same key, but puts it inside of an array that I don't have to loop through each time? Hope that makes sense! Thanks, Edd Hi,
Does anyone have a clue how I might solve this little issue:
I have a MySQL query, for example:
<?php
// Make a MySQL Connection
$query = "SELECT * FROM staff";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
if($row['clock'] < time()) {
echo "<b>"$row['name']. " - ". $row['age']"</b>";
echo "<br />";
} else {
echo $row['name']. " - ". $row['age'];
echo "<br />";
}
}
?>
Taking data from the following table setup:
name - age - clock
Timmy Mellowman - 23 - 09:00:00Sandy Smith - 21 - 12:00:00 Bobby Wallace - 15 - 14:00:00 What im trying to achieve is compare the current time to the time in the clock column and depending if it's earlier or later, change the styling of the results. The above code does appear to work somewhat however it seems to change the styling of all results in one go, rather than individually when it passes the time in the cell, which is what im looking for. Thanks I've been using this code for a long time and realised it's very repetitive, but the id_column I want changes all the time function getRows() { $query = mysql_query($sql); $rows = array(); while($row = mysql_fetch_assoc($query)) { $rows[$row['id_column']] = $row; } return $rows; } So I wrote this function that will automatically create an array with a column I choose if I wish, but I'm not sure if it's very efficient. function getRows($query, $column_id = false) { $rows = array(); while($row = mysql_fetch_assoc($result)) { if($column_id === false) { $rows[] = $row; } else { if(isset($row[$column_id])) { $rows[$row[$column_id]] = $row; } else { $rows[] = $row; } } } return $rows; } I would appreciate some input as to make it better. Thanks. Hey guys tried to search for this but didn't find anything usefull about the issue. So what i have is mssql_fetch_array in a while loop in the loop i have it assign a specified row as a variable that i can print later on in the page. Code: [Select] while($row = mssql_fetch_array($query) { $tables = "<tr>"; $tables .= "<td> {$row['specifiedrow']} </td>"; $tables .= "</tr>"; }Then i call it in the html table as Code: [Select] <? php echo $tables; ?> I have done this with mysql_fetch_array before and it would print the entire database row associated with that row in the table. But as it is now it only returns the last row from the database. Is there something i am missing. Thanks for any help Hi, I've used this code before, but have had to make some modifications and am now getting a mysql fetch array error: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tesolcla/public_html/test/results10k201010.php on line 134 If anyone can help, it would be much appreciated. Code: [Select] <?php $dbcnx = @mysql_connect('localhost', 'MYUSERNAME', 'MYPASSWORD'); //$dbcnx = @mysql_connect('localhost', 'root', 'mysql'); if (!$dbcnx) { exit('<p>Unable to connect to the ' . 'database server at this time.</p>'); } if (!@mysql_select_db('MYDATABASE')) { //if (!@mysql_select_db('rac')) { exit('<p>Unable to locate the results ' . 'database at this time.</p>'); } $asc_on = '<img src="images/results_sorting/Asc.gif" border="0" />'; $asc_off= '<img src="images/results_sorting/AscOff.gif" border="0" />'; $desc_on = '<img src="images/results_sorting/Desc.gif" border="0" />'; $desc_off= '<img src="images/results_sorting/DescOff.gif" border="0" />'; $sortfield = isset($_GET['sort']) ? $_GET['sort'] : '4'; $sorttype = isset($_GET['type']) ? $_GET['type'] : '1'; for($i=1; $i<5; $i++) { if($i==$sortfield) { if ($sorttype==1) $srt[$i] = $asc_on.'<a href="?sort='.$i.'&type=2">'.$desc_off.'</a>'; else $srt[$i] = '<a href="?sort='.$i.'&type=1">'.$asc_off.'</a>'.$desc_on; } else { $srt[$i] = '<a href="?sort='.$i.'&type=1">'.$asc_off.'</a><a href="?sort='.$i.'&type=2">'.$desc_off.'</a>'; } } $fields = array("firstname", "lastname", "time", "position"); $sorts = array("ASC", "DESC"); $field = $fields[$sortfield-1]; $sort = $sorts[$sorttype-1]; $field = $field=="" ? $fields[4] : $field; $sort = $sort=="" ? $sorts[0] : $sort; $sql = mysql_query("SELECT firstname, lastname, time, position FROM 10k_results ORDER BY $field $sort"); echo "<table border='1' align='center' bordercolor='#000000' CELLPADDING=5 cellspacing='0' STYLE='font-size:13px'>"; echo "<tr bgcolor='#008000' STYLE='color:white'> <td>*</td><td><H3>First name $srt[1]</h3></td> <td><H3>Lastname $srt[2]</H3></td> <td><H3>Time $srt[3]</H3></td> <td><H3>Position $srt[4]</H3></td></tr>"; // keeps getting the next row until there are no more to get $row_counter = 1; //create row counter with default value 0 // Print out the contents of each row into a table while ($row = mysql_fetch_array($sql)) { // Print out the contents of each row into a table echo "<tr>\n"; echo "</td><td>"; echo $row_counter++; echo "</td>"; echo "<td>{$row['firstname']}</td>\n"; echo "<td>{$row['lastname']}</td>\n"; echo "<td>{$row['time']}</td>\n"; echo "<td>{$row['position']}</td>\n"; echo "</tr>\n"; } echo "</table>"; ?> Warning: mysql_fetch_array() expects parameter 1 to be resource, string given... im tryin to put class inside code if $dayNumber and $dan are equal i tried few ways but all are complicated since i have to call some functions this end up as "simple" solution but i dont know where did i get wrong PS that should be possible? Code: [Select] else { echo "<td width='40'"; $moj_id = $_SESSION['id']; $query_event = mysql_query("SELECT * FROM events WHERE id_user='$moj_id' GROUP BY 'event_date'") ; $test = mysql_fetch_array('$query_event'); $date_event = $test['event_date']; sscanf($date_event, "%d-%d-%d", $godina, $mjesec, $dan); if ($dan==$dayNumber && $mjesec==$month && godina==$year) { echo " class='radni'"; } echo"><a href='day_info.php?dan=",$dayNumber,"&mj=",$month,"&gd=",$year,"'>" . $dayNumber . " </a></td>\n"; $dayNumber++; } This is really blowing my mind... the code is as follows the table, the column names everything is right and contains information but the variables aren't being filled... I don't get it... Anyone have any ideas or options I might not have thought of for debugging? $item_name = ("SELECT * FROM items WHERE id = '$grab_item'"); $que_items = mysql_query($item_name); while ($item_todel = mysql_fetch_array($que_items, MYSQL_BOTH)) { $name = $item_todel['name']; $desc = $item_todel['desc']; } echo ($name . "<br>" . $desc . "<br>" . $grab_item); the only variable thats set is grab_item, fetch_array throws no errors, if I plug in the query straight to the sql I get all the proper information... It's just not filling the two variables.... Okay, this is getting on my nerves now, my head is throbbing probably just need a break from it all now. I'm currently getting the following message; Warning: mysql_fetch_array() expects parameter 1 to be resource, null given in C:\xampp\htdocs\duff3\test3.php on line 25 Can anyone figure out and explain why this isn't working for me, I believe I am calling the function correctly and then putting the result into a while loop. Code: [Select] <?php function getPageContent($selectedPage) { $sql = "SELECT * "; $sql .= "FROM tbl_pages "; $sql .= "WHERE tbl_pages.pageCategoryId = ".$selectedPage." "; $sql .= "AND active = 1 "; $sql .= "LIMIT 1"; $result = mysql_query($sql) or die ("Error in page sql query:". $sql); return $pageSet; } ?> Code: [Select] <?php require_once ''.$_SERVER['DOCUMENT_ROOT'].'/duff3/commonResources/dbConnection/dbQueryClass.php'; ?> <?php #FUNCTIONS IS A TEMP FILE UNTIL OO PHP COMES INTO PLAY require_once ("commonResources/includes/functions.php"); # if page isn't set then set it to default. if(isset($_GET["page"])) { $selectedPage = $_GET["page"]; } else { $selectedPage = 1; } #call function to select all page $pageSet = getPageContent($selectedPage); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> <?php while ($row = mysql_fetch_array($pageSet)) { # Start while loop echo $row["pageTitle"]; ?> </title> <link rel="shortcut icon" href="commonResources/images/container/favicon.ico" /> <link rel="stylesheet" type="text/css" href="<?php $_SERVER["DOCUMENT_ROOT"] ?>/duff3/commonResources/css/style.css" /> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252" /> <!-- PUT COMMON JAVASCRIPT FILES IN AN INCLUDE 05/05/2011 --> <script type="text/javascript" src="commonResources/javaScript/jQuery.js"></script> <script type="text/javascript" src="commonResources/javaScript/jQueryTest/menu.js"></script> <?php require_once ("".$_SERVER["DOCUMENT_ROOT"]."/duff3/commonResources/includes/tinymce.php"); ?> </head> <body> <div id="viewContainer"><!--OPEN DIV FOR VIEW CONTAINER --> <div id="headerContent"><!--OPEN DIV FOR HEADER CONTENT --> <div class="logoContent"><!--OPEN DIV FOR LOGO CONTAINER --> <a href="index.html"><img src="<?php $_SERVER["DOCUMENT_ROOT"] ?>/duff3/commonResources/images/container/logo.png" alt="Hannah Jane Duff" longdesc="Hannah Jane Duff Home Link" /></a> </div><!--CLOSE DIV FOR LOGO CONTAINER --> </div><!--CLOSE DIV FOR HEADER CONTENT --> <!-- TEMP TAKE OUT AND PUT INTO HEADER AREA --> <div id="mainContent"><!--OPEN DIV FOR MAIN CONTENT--> <div class="centreContent"><!--OPEN DIV FOR CENTRE CONTENT--> <div id="menuContent"><!--OPEN DIV FOR MENU CONTENT--> <div id="menu"> <ul class="menu"> <li><a href="index.html" class="main"><span>Home</span></a></li> <li><a href="" class="main"><span>bio</span></a> <div><ul> <li><a href=""><span>violin</span></a></li> <li><a href=""><span>piano</span></a></li> <li><a href=""><span>singing</span></a></li> <li><a href="" class="parent"><span>teaching</span></a> <div><ul> <li><a href="" class="parent"><span>aberdeen</span></a> <div><ul> <li><a href="#"><span>aberdeen 1</span></a></li> </ul></div> </li> <li><a href="" class="parent"><span>bradford</span></a> <div><ul> <li><a href=""><span>bradford 1</span></a></li> </ul></div> </li> <li><a href="" class="parent"><span>leeds</span></a> <div><ul> <li><a href=""><span>leeds 1</span></a></li> </ul></div> </li> </ul></div> </li> <li><a href="" class="parent"><span>influences</span></a> <div><ul> <li><a href=""><span>classical</span></a></li> <li><a href=""><span>folk</span></a></li> </ul></div> </li> <li><a href="" class="parent"><span>other</span></a> <div><ul> <li><a href=""><span>folk′d</span></a></li> <li><a href=""><span>string quaret</span></a></li> </ul></div> </li> </ul></div> </li> <li><a href="" class="main"><span>publicity</span></a> <div><ul> <li><a href="" class="parent"><span>news</span></a> <div><ul> <li><a href=""><span>may 2011</span></a></li> <li><a href=""><span>march 2011</span></a></li> </ul></div> </li> <li><a href=""><span>gallery</span></a></li> <li><a href=""><span>other</span></a></li> </ul></div> </li> <li><a href="" class="main"><span>recordings</span></a> <div><ul> <li><a href=""><span>all</span></a></li> <li><a href=""><span>new york dolls</span></a></li> <li><a href=""><span>classical</span></a></li> </ul></div> </li> <li><a href="" class="main"><span>contact</span></a></li> </ul></div> </div><!--CLOSE DIV FOR MENU CONTENT--> <div class="paraBlock"><!--OPEN DIV FOR PARA BLOCK --> <p><?php echo $row["pageContent"]; ?></p> </div><!--CLOSE DIV FOR PARA BLOCK--> <div class="clearArea"><!--OPEN DIV FOR CLEAR AREA--> </div><!--CLOSE DIV FOR CLEAR AREA--> </div><!-- CLOSE DIV FOR CENTRE CONTENT--> </div><!--CLOSE DIV FOR MAIN CONTENT--> <div id="footerContent"><!--OPEN DIV FOR FOOTER CONTENT--> <div class="leftFooter"><!--OPEN DIV FOR LEFT FOOTER--> © <?php echo date(Y); ?> All Rights Reserved | Design by <a href="http://www.innovationation.co.uk/">Innovationation UK</a> </div><!--CLOSE DIV FOR LEFT FOOTER--> <div class="rightFooter"><!--OPEN DIV FOR RIGHT FOOTER--> <a href="">Copyright | </a> <a href="">Disclaimer | </a> <a href="">Privacy Policy </a> <a href="">Terms of Use | </a> <a href="">Site Map | </a> <a href="loginArea/login.php">Admin</a> </div><!--CLOSE DIV FOR RIGHT FOOTER--> </div><!--CLOSE DIV FOR FOOTER CONTENT--> <?php } ?> </div><!--CLOSE DIV FOR VIEW CONTAINER--> </body> </html> I am trying to protect my guestbook entries from injections such as html, xss, and mysql injections. My php knowledge is very little. If possible, can I have some help please with protecting my entries. I have a few bits and pieces of code to protect my guestbook from injections that I got from some tutorials that I was reading. Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!-- Author: Reality Software Website: http://www.realitysoftware.ca Note: This is a free template released under the Creative Commons Attribution 3.0 license, which means you can use it in any way you want provided you keep the link to the author intact. --> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title></title> <link href="style.css" rel="stylesheet" type="text/css" /></head> <body> <!-- header --> <div id="header"> <div id="logo"><a href="index.html">Header</a></div> <div id="menu"> <ul> <li><a href="index.html">Home</a></li> <li><a href="">Link 1</a></li> <li><a href="">Link 2</a></li> <li><a href="">Link 3</a></li> <li><a href="">Contact</a></li> <li><a href="guestbook.php">Guestbook</a></li> </ul> </div> </div> <div id="icon"><a href="twitter.com/"> <img border="0" src="http://www.000webhost.com/forum/images/twitter.png" alt="twitter" width="58px;" height="53px;" /> </a></div> <!--end header --> <!-- main --> <div id="main"> <div id="content"> <div id="text"> <h1><strong>Guestbook</strong></h1> </div> <?php $input = is_numeric($input) ? intval($input) : mysql_real_escape_string($input);function sanitizeString($string) { return htmlentities( (string) $string, ENT_COMPAT, "UTF-8" ); } $preparedStatement = $db->prepare('SELECT * FROM guestbook WHERE name = :name'); $preparedStatement->execute(array(':name' => $name)); $rows = $preparedStatement->fetchAll(); $mysql_host = "localhost"; $mysql_database = "a7560006_guest"; $mysql_user = "a7560006_host"; $mysql_password = "mypassword"; // Connect to server and select database. mysql_connect("$mysql_host", "$mysql_user", "$mysql_password") or die("cannot connect server"); mysql_select_db("$mysql_database") or die("cannot select DB"); $tbl_name="guestbook"; // Table name $name = ($_POST['name']); $comment = ($_POST['comment']); $comment = stripslashes($comment); $name = stripslashes($name); $comment = str_replace("<","<",$comment); $name = str_replace("<","<",$name); $datetime=date("M-d-Y h:i:s A"); //date time $verif_box = ($_POST['verif_box']); if(md5($verif_box).'a4xn' != $_COOKIE['tntcon']){ ?> <table width="400" border="0" align="center"> <tr><td align="center"><h4>You have not entered captcha or entered incorrect captcha!</h4></td></tr> </table> </div> <!-- footer --> <div id="footer"> <div id="left_footer">© Copyright 2011<strong> Author </strong></div> <div id="right_footer"> <!-- Please do not change or delete this link. Read the license! Thanks. :-) --> Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a> </div> </div> <!-- end footer --> </div> <!-- end main --> </body> </html> <? exit; } if(empty($name) || empty($comment)) { ?> <table width="400" border="0" align="center"> <tr><td align="center"><h3>Sorry, all fields are required!</h3></td></tr> </table> <? } else { $sql="INSERT INTO $tbl_name (name, comment, datetime) VALUES ('$name', '$comment', '$datetime')"; $result=mysql_query($sql); //check if query successful if($result) { ?> <table width="400" border="0" align="center"> <tr><td align="center"><h3>Thank you for signing my guestbook!</h3></td></tr> </table> <? echo "<meta http-equiv='Refresh' content='1; URL=viewguestbook.php'>"; // link to view guestbook page } else { echo "ERROR"; } mysql_close(); } ?> </div> <!-- footer --> <div id="footer"> <div id="left_footer">© Copyright 2011<strong> Author </strong></div> <div id="right_footer"> <!-- Please do not change or delete this link. Read the license! Thanks. :-) --> Design by <a href="http://www.realitysoftware.ca" title="Website Design">Reality Software</a> </div> </div> <!-- end footer --> </div> <!-- end main --> </body> </html> Hi everyone, I have been the victim (at least i think) of SQL injection attacks!? I believe this as my contact us db table is full of 1's. How can i stop this from happening? Here's the contact form: Code: [Select] <form method="get" action="contact-send.php"> Name:<br /> <input type="text" name="name" id="name" size="30" /><br /> Email:<br /> <input type="email" name="email" id="email" size="30" /><br /> Your Question:<br /> <textarea name="question" id="question" rows="10" cols="50"></textarea><br /> <input type="submit" name="submit" value="send" /> </form> And here's the script 'contact-send.php': Code: [Select] <?PHP session_start(); include ('php only scripts/db.php'); if(isset($_POST['submit'])){ $name = $_POST['name']; $email = $_POST['email']; $question = $_POST['question']; //your code to insert variables into db can go here or after the if statement $query = "INSERT INTO contact_us (name, email, questions) VALUES ('" .$name. "', '" .$email. "', '" .$question. "')"; $result = mysql_query($query) or die(mysql_error()); echo $name."<br/>".$email."<br/>".$question; } header( 'Location: http://www.removalspace.com/contactconf.php' ); ?> Do i have to have if(isset on EACH variable? like on name, email and question too? Hello, I have been using the preg_match() to throw out invalid form characters and then both mysql_real_escape_string() and stripslashes() to escape data variables before using them with mysql. But how about messages from a text area for example on a contact form. You cant limit the characters for the user. Is escaping variables good enough to eliminate sql injections from user input? I am having problems with a search feature I am using for a website I am building. Everything was working fine when I was testing on my local machine using EasyPHP 3.0. The issue I am having is that once I uploaded the site to a "live" server and tested it, my search function wouldn't work. The issue resides in the two lines with the magic quotes and the real escape string, for some reason those lines worked fine while testing using EasyPHP 3.0, but now I must delete those lines in order for my search function to work. The problem is that deleting those lines makes me vulnerable to an SQL injection. I have tried deleting just the magic quotes line and everything works properly, but then I am not seeing any kind of strip slashing/sanitizing when I enter in a statement like this into my search: a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't. Any help on this issue would be greatly appreciated! //get data $button = $_GET['submit']; if (get_magic_quotes_gpc() == 0){ $search = mysql_real_escape_string($_GET['search']); // clean up the search string } else { $search = $_GET['search']; $limit = 9; $page = $_GET['page']; if($page) $start = ($page - 1) * $limit; I also tried using the mysql_real_escape_string on my construct, but I get syntax errors because of the | being used before and after the $search_each. That | character must remain in place in order for my search to work the way I want it to. $x++; if ($x==1) $construct .= "keywords LIKE '%".mysql_real_escape_string(|$search_each|)."%'"; else $construct .= "AND keywords LIKE '%|$search_each|%'"; } htmlspecialchars($str, ENT_QUOTES, 'UTF-8');Using this code with UTF-8. I need someone to help craft up some smalll xss injections with this. I heard htmlspecialchars doesn't stop all xss attacks, so I'm wondering what's the most xss attack you can craft to load a simple cookie loader. (Basically, just simple javascript injection is all I'm trying to find, because people can use cookie loaders with it, and yeah, that's not good). Looking for your code to be posted, and once it is.. I'll copy it and submit it through the code I posted above and see if there is any vulnerabilities. (On my localhost server) Thanks! $str = user input. Oh, and here is the BBCODE regex that the code passes through before this function is returned on the text. $text = preg_replace( "#\[b\](.+?)\[/b\]#is", "<span class='b'>\\1</span>", $text );
$text = preg_replace( "#\[i\](.+?)\[/i\]#is", "<i>\\1</i>", $text );
$text = preg_replace( "#\[u\](.+?)\[/u\]#is", "<u>\\1</u>", $text );
$text = preg_replace( "#\[s\](.+?)\[/s\]#is", "<s>\\1</s>", $text );
//Spoiler
$text = preg_replace( "#\[right\](.+?)\[/right\]#is", "<div style='text-align:right'>$1</div>", $text );
//Beautiful Colors
$text = preg_replace( "%\[colou?r=([a-zA-Z]{3,20}|\#[0-9a-fA-F]{6}|\#[0-9a-fA-F]{3})](.+?)\[/colou?r\]%msi", '<span style="color: \\1">\\2</span>', $text );
$text = preg_replace( "%\[colou?r=(rgb\(\d{1,3}, ?\d{1,3}, ?\d{1,3}\))](.+?)\[/colou?r\]%msi", '<span style="color: \\1">\\2</span>', $text );
If anyone can craft up an XSS for this, I'd appreciate it. Because I need this to be secure.
Edited by Monkuar, 10 January 2015 - 06:33 PM. htmlspecialchars($str, ENT_QUOTES, 'UTF-8');Using this code with UTF-8. I need someone to help craft up some smalll xss injections with this. I heard htmlspecialchars doesn't stop all xss attacks, so I'm wondering what's the most xss attack you can craft to load a simple cookie loader. (Basically, just simple javascript injection is all I'm trying to find, because people can use cookie loaders with it, and yeah, that's not good). Looking for your code to be posted, and once it is.. I'll copy it and submit it through the code I posted above and see if there is any vulnerabilities. (On my localhost server) Thanks! $str = user input. Oh, and here is the BBCODE regex that the code passes through before this function is returned on the text. $text = preg_replace( "#\[b\](.+?)\[/b\]#is", "<span class='b'>\\1</span>", $text );
$text = preg_replace( "#\[i\](.+?)\[/i\]#is", "<i>\\1</i>", $text );
$text = preg_replace( "#\[u\](.+?)\[/u\]#is", "<u>\\1</u>", $text );
$text = preg_replace( "#\[s\](.+?)\[/s\]#is", "<s>\\1</s>", $text );
//Spoiler
$text = preg_replace( "#\[right\](.+?)\[/right\]#is", "<div style='text-align:right'>$1</div>", $text );
//Beautiful Colors
$text = preg_replace( "%\[colou?r=([a-zA-Z]{3,20}|\#[0-9a-fA-F]{6}|\#[0-9a-fA-F]{3})](.+?)\[/colou?r\]%msi", '<span style="color: \\1">\\2</span>', $text );
$text = preg_replace( "%\[colou?r=(rgb\(\d{1,3}, ?\d{1,3}, ?\d{1,3}\))](.+?)\[/colou?r\]%msi", '<span style="color: \\1">\\2</span>', $text );
If anyone can craft up an XSS for this, I'd appreciate it. Because I need this to be secure.
Edited by Monkuar, 10 January 2015 - 06:33 PM. Here is the code that i am using to accept data and display the data. To accept and add it in database i am using : $comment = $_POST['txtcomment']; $comment = @mysql_real_escape_string($comment); To display the data from DB i am using : $comment = $rowscomment['comment']; <?php echo nl2br($comment); ?> Please help me correct it....... I am still learning PHP. I am trying to write a php/mysql that will allow a church keep attendance on their members in bible study. I am also going to try to prevent doing a circular reference between tables and just can't figure it out how since I am just starting to learn mysql. Here are the tables:
Table 1: Members:
---------------
1:Name:
2:Address:
3:Bible Study Group it belongs to:
Table 2: Cells
--------------
1:Bible Study Lider:
2:Bible Group Name
Table 3: Attendance
--------------
1:Date
2:Member
3:Bible Group
As you all can see, Table 2:2 makes a lookup at Table 1 for the member(in this case, the leader). BUT Table 1:3 makes a lookup to Table 2:2
and is a circular lookup.
Anyone have an idea on how to properly do this without any circular problems?
Thanks in advance!
I'd like to use a text editor like this one: http://tinymce.moxiecode.com/examples/full.php for my forums. But I am not sure exactly how I would prevent abuse and injects to messed up the page, rather than being contained in the designated area it is meant for. Could some one please help me, I know htmlspecailchars will not work, since some of the code needs to render as html Hello every1,
I'm trying to create a magazine wesite and I dont want anybody to access my images folder which is located in the root directory.
I want some thing like this...
I want to call the images in my website using <img> tag but I dont want any1 to access the directory directly.
It should also protect from software bots also like (HTTrack or website Copier)
It should show "Access forbidden".
Any help will be greatly appreciated.
Thank you...
|
|||||||