Jump to content

OxAlien

New Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

OxAlien's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. OxAlien
    Tried the function "mysql_real_escape_string()" on XAMPP and worked like a charm (y) Thanks everything works perfectly now
  2. OxAlien
    Using AppServ on windows. ran the mysql_real_escape_string() on multiple browsers but they all returned the same result "error on page". So I'm guessing the problem could be from AppServ.
  3. OxAlien
    After submitting the name, the page reads "Problem Loading page" & "The connection was reset" But I don't get that error when using addslashes() instead of mysql_real_escape_string()
  4. OxAlien
    Thank you so much. "mysql_real_escape_string()" didn't work for me so I used "addslashes()" is the addslashes() command enough to prevent sql injection in that particular perimeter?
  5. OxAlien
    Thanks for your help guys. Here is my code now: <? mysql_connect("xxx","xxx","xxx"); mysql_select_db("name"); if (!isset($_POST['submit'])) { print "<h1>"; print "Welcome"; print "</h1>"; print "<br><br><br>"; echo "<center>"; print "<form action=\"\" method=\"POST\">"; print "<input name=\"dgt\" id=\"Join\" style=\"width:400px\" type=\"text\"> "; print "<input name=\"submit\" value=\"Join\" type=\"submit\">"; print "</form>"; } else { $name = $_POST['dgt']; if(strlen($name) != "10") { print "Name is incorrect."; } else { $query = mysql_query("SELECT * FROM contacts WHERE name ='$name';"); $fix = mysql_real_escape_string($query); if(mysql_num_rows($fix) > 0){ $row = mysql_fetch_assoc($fix); print "True"; print "$row[no]"; }else{ print "False"; } } } ?> What did I do wrong here?
  6. OxAlien
    Greetings <? mysql_connect("xxx","xxx","xxx"); mysql_select_db("name"); if (!isset($_POST['submit'])) { print "<h1>"; print "Welcome"; print "</h1>"; print "<br><br><br>"; echo "<center>"; print "<form action=\"\" method=\"POST\">"; print "<input name=\"dgt\" id=\"Join\" style=\"width:400px\" type=\"text\"> "; print "<input name=\"submit\" value=\"Join\" type=\"submit\">"; print "</form>"; } else { $name = $_POST['dgt']; if(strlen($name) != "10") { print "Name is incorrect."; } else { $query = mysql_query("SELECT * FROM contacts WHERE name ='$name';"); if(mysql_num_rows($query) > 0){ $row = mysql_fetch_assoc($query); print "True"; print "$row[no]"; }else{ print "False"; } } } ?> This script is vulnerable to SQLi I need help in fixing the vulnerability please.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.