Search the Community

<?php if(isset($_POST['submit'])){ $uname = $_POST['username']; $pword = $_POST['password']; /*** mysql hostname ***/ $hostname = 'localhost'; /*** mysql username ***/ $username = 'root'; /*** mysql password ***/ $password = 'anty90'; try { $link = new PDO("mysql:host=$hostname;dbname=gambling", $username, $password); /*** echo a message saying we have connected ***/ echo 'Connected to database<br />'; /*** INSERT data ***/ $stmt = $link->prepare("INSERT INTO gamb(username, password) VALUES (?, ?)"); try{ $stmt->execute(array("$uname", "$pword")); } catch(PDOException $e){ echo "Exception caught: $e"; } /*** echo the number of affected rows ***/ //echo $count; /*** close the database connection ***/ $link = null; } catch(PDOException $e) { echo $e->getMessage(); } } ?> <html> <form action='home.php' method='post'> <input type="text" name="username" > <input type="password" name="password" > <input type="submit" name="submit" value="submit"> </form> </html> I'm new to databse programming so I was just wondering if this was vulnerable to sql injection or not.

I am having a wamp issue so I can't try these out right now. According to the book I'm learning php with, I can easily avoid injection attacks this way: $a= stripslashes($a); $a= mysql_real_escape_string($a); What concerns me is the repetition of the variable, $a. Does it matter? Intuitively, it should. $a changes. By the time $a hits mysql_real_escape_string it is slash-free. So it is a totally different "value" but still contained in the original variable which may have had slashes...just has me concerned a bit. I know PDOs are the best way. I'm not there yet, unfortunately.

I was wondering what most of you guys use to prevent against SQL injection? This is what I am currently using. function transform_HTML($string, $length = NULL){ $string = trim($string); $string = utf8_decode($string); $string = htmlentities($string, ENT_NOQUOTES); $string = str_replace("\"", """, $string); $string = str_replace("#", "#", $string); $string = str_replace("$", "$", $string); $string = str_replace("%", "%", $string); $string = str_replace("&", "&", $string); $string = str_replace("'", "'", $string); $string = str_replace("(", "(", $string); $string = str_replace(")", ")", $string); $string = str_replace("*", "*", $string); $string = str_replace("+", "+", $string); $string = str_replace(",", ",", $string); $string = str_replace("-", "-", $string); $string = str_replace("/", "/", $string); $string = str_replace(":", ":", $string); $string = str_replace(";", ";", $string); $string = str_replace("<", "<", $string); $string = str_replace("=", "=", $string); $string = str_replace(">", ">", $string); $string = str_replace("?", "?", $string); $string = str_replace("@", "@", $string); $string = str_replace("[", "[", $string); $string = str_replace("]", "]", $string); $string = str_replace("^", "^", $string); $string = str_replace("_", "_", $string); $string = str_replace("`", "`", $string); $string = str_replace("{", "{", $string); $string = str_replace("|", "|", $string); $string = str_replace("}", "}", $string); $string = str_replace("~", "~", $string); $length = intval($length); if ($length > 0){ $string = substr($string, 0, $length); } return $string; } Which then gets called by: if ($action == 'login'){ // Login Action $_SESSION['loginerror'] = FALSE; $myusername = transform_HTML($_POST['login-username'], 21); $mypassword = transform_HTML($_POST['login-password'], 21); $sql="SELECT * FROM $table[users] WHERE username='$myusername' and password=MD5('$mypassword')"; $result=mysqli_query($db, $sql); // Mysql_num_row is counting table row $count=mysqli_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Login Stuff } Is there a more efficient way, or more secure way of doing this?

Greetings <? mysql_connect("xxx","xxx","xxx"); mysql_select_db("name"); if (!isset($_POST['submit'])) { print "<h1>"; print "Welcome"; print "</h1>"; print "<br><br><br>"; echo "<center>"; print "<form action=\"\" method=\"POST\">"; print "<input name=\"dgt\" id=\"Join\" style=\"width:400px\" type=\"text\"> "; print "<input name=\"submit\" value=\"Join\" type=\"submit\">"; print "</form>"; } else { $name = $_POST['dgt']; if(strlen($name) != "10") { print "Name is incorrect."; } else { $query = mysql_query("SELECT * FROM contacts WHERE name ='$name';"); if(mysql_num_rows($query) > 0){ $row = mysql_fetch_assoc($query); print "True"; print "$row[no]"; }else{ print "False"; } } } ?> This script is vulnerable to SQLi I need help in fixing the vulnerability please.

Hi all, I am new to this, so please be gentle . I have just taken over a website and moved to new server and it has thrown up a couple of errors, most of which I've sorted other than this one: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 this comes up when trying to update a quantity in a shopping cart and I think it has something to do with SQL injection but I've no idea what to do. My two bits of code are below, first the page with the drop down menu on it: <?php include 'include/functions.php'; $colname_rsOrderInformation = "-1"; if (isset($_SESSION['cartId'])) { $colname_rsOrderInformation = $_SESSION['cartId']; } mysql_select_db($database_conDB, $conDB); $query_rsCartInformation = sprintf("SELECT * FROM tabCart WHERE cartId = %s", GetSQLValueString($colname_rsOrderInformation, "int")); $rsCartInformation = mysql_query($query_rsCartInformation, $conDB) or die(mysql_error()); $row_rsCartInformation = mysql_fetch_assoc($rsCartInformation); $totalRows_rsCartInformation = mysql_num_rows($rsCartInformation); ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="keywords" content="belfast, cookery, school, fish, seafood, learning, northern ireland" /> <meta name="description" content="Belfast Cookery School in association with Mourne Seafood Bar - More than just a restaurant" /> <title>Belfast Cookery School in association with Mourne Seafood Bar - More than just a restaurant - Gift Vouchers</title> <link rel="shortcut icon" href="favicon.ico" /> <link href="main.css" rel="stylesheet" type="text/css"/> <style type="text/css"> .slideshow { height:319px; width:476px; margin-right:0px; margin-bottom:0px; z-index:0; background-color: #fff;} .slideshow img { height: 319px !important; width: 476px !important; padding-left: 0px; } </style> <!-- include jQuery library --> <script type="text/javascript" src="include/jquery.min.js"></script> <!-- include Cycle plugin --> <script type="text/javascript" src="include/java.js"></script> <script type="text/javascript"> $(document).ready(function() { $('.slideshow').cycle({ fx: 'fade' // choose your transition type, ex: fade, scrollUp, shuffle, etc... }); }); </script><?php if (!isset($_SESSION['memUsername'])) {?> <script type="text/javascript"> function changeToPassword(){ document.getElementById("txtLogPassword").type = "password"; document.getElementById("txtLogPassword").value = "" } function resetPassword() { if (document.getElementById("txtLogPassword").value == "") { document.getElementById("txtLogPassword").type = "text"; document.getElementById("txtLogPassword").value = "Password"; } } </script> <?php }?> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-9218136-12']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> Now the update function that's called: <?php for ($x=1; $x<=$_POST['hidTotalCartItems']; $x++) { $tempCartQty = "selQty".$x; $newCartQty = @$_POST[$tempCartQty]; $tempCartItemId = "hidCartRowId".$x; $cartItemId = @$_POST[$tempCartItemId]; $tempCartItemPrice = 'hidCartPrice'.$x; $cartItemPrice = @$_POST[$tempCartItemPrice]; mysql_select_db($database_conDB, $conDB); $query_rsUpdateCartLine = sprintf("SELECT * FROM tabCart WHERE Id = %s", $cartItemId); $rsUpdateCartLine = mysql_query($query_rsUpdateCartLine, $conDB) or die(mysql_error()); $row_rsUpdateCartLine = mysql_fetch_assoc($rsUpdateCartLine); $totalRows_rsUpdateCartLine = mysql_num_rows($rsUpdateCartLine); if ($newCartQty>0) { $newCartItemPrice = $newCartQty * $cartItemPrice; $updateSQL = sprintf("UPDATE tabCart SET cartQty=%s, cartTotal=%s WHERE Id = %s", GetSQLValueString(@$newCartQty, "int"), GetSQLValueString(@$newCartItemPrice, "double"), GetSQLValueString($cartItemId, "int")); mysql_select_db($database_conDB, $conDB); $Result1 = mysql_query($updateSQL, $conDB) or die(mysql_error()); mysql_free_result($rsUpdateCartLine); } if ($newCartQty==0) { $deleteSQL = sprintf("DELETE FROM tabCart WHERE Id = %s", GetSQLValueString($cartItemId, "int")); mysql_select_db($database_conDB, $conDB); $Result1 = mysql_query($deleteSQL, $conDB) or die(mysql_error()); } } ?> Anyone got any ideas what I'm doing wrong? When the voucher quantity is changed and update button clicked, that's when the error occurs.

as the title suggests, what steps do i need to take to give a website a reasonable amount of security? i know about mysql_real_escape_string and have googled a bit regarding this topic. what else do i need to do??

Hi PHP Freaks, At the moment I have been researching SQL Injection Protection however most sites just tell me that mysqli::real_escape_string ( string $escapestr ) is not enough and hackers can still insert malicious actions. I don't know how else to secure it. If anyone has a pre-written script for SQL Injection Protection or knows what other functions I need to make use of could you please advise. (Also functions for protecting from HTML injections) Thanks in advance, Timothy

Would you say that this code is safe from SQL injection? If not, then why? <?php if ($_SERVER['REQUEST_METHOD']=='POST'){ $con = mysql_connect( "###","###","###" ); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("###", $con); $n = mysql_real_escape_string($_POST['name']); $e = mysql_real_escape_string($_POST['email']); $sql="INSERT INTO waiting (name, email) VALUES('$n','$e')"; if (!mysql_query($sql,$con)){ die('Error: ' . mysql_error()); } echo "Thankyou! We will be in touch soon."; mysql_close($con); } ?> <?php if ($_SERVER['REQUEST_METHOD']<>'POST'){ ?> <p> This website is under construction!<br /> Enter your details and we will get back to you as soon as we are all done.<br /> <br /> <form action="<?php $_SERVER['PHP_SELF'] ?>" method="post"> Name: <input type="text" name="name" /><br /><br /> Email: <input type="email" name="email" /> <br /><br /> <input type="submit" value="Submit" /> </form></p> <?php } ?>