Monk3h Posted May 4, 2008 Share Posted May 4, 2008 When people enter a value into the text box they can buy it for the corect price. But iv noticed that its possible to add + <any number> and you get any number for Free as it adds onto the SQL string (im guessing) Is there any short and fast fay to fix this problem. I tried running the text box value thru a String_replace but it stoped the box from working and no matter what you tried to buy it would just buy 0 every time. =/ if ($mytribe[devcount] >=1) { Print "<form method=post action=dtroops.php?step=buy&troop=1> <table> <tr> <td width='25%'><center>$unit1[name]</center></td> <td width='25%'><center>$unit1[cost] Credits</center></td> <td width='25%'><center><input number=text name=aunit1></b></center></td> <td width='25%'><center><input type=submit value=Buy></form></center></td> </tr> <tr> <td colspan=4><center>$unit1[description]</center></td> </tr> </table></form><br><br>"; if ($troop == 1) { if ($stat[id] != $mytribe[owner]) { Print "You are not the Tribe Owner, you dont have the authority to do that!"; include ("footer.php"); exit; } $amm1 = ($unit1[cost] * $aunit1); if ($mytribe[credits] < $amm1) { Print "<b>Your Tribe Does not have that many Credits.<br><br></b>"; } elseif ($mytribe[land] < $land1) { Print "<b>Your Tribe Does not have enough land to Support.</b>"; } else { Print "<b>You Bought <i>$aunit1 $unit1[name](s) </i>for Your tribe at a cost of $amm1 Credits</b><br><br>"; mysql_query("update tribes set land=land-$land1 where id=$mytribe[id]"); mysql_query("update tribes set credits=credits-$amm1 where id=$mytribe[id]"); mysql_query("update tribes set Wall=Wall+$aunit1 where id=$mytribe[id]"); mysql_query("insert into tlog (owner,log) values($mytribe[id],'<span style=color:#993399>$stat[user] has bought $aunit1 Walls for $amm1 Credits. </span>')"); } } Any help will be greatly aprechiated. Thanks. =] Quote Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/ Share on other sites More sharing options...
papaface Posted May 4, 2008 Share Posted May 4, 2008 Use mysql_real_escape_string() Quote Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/#findComment-532668 Share on other sites More sharing options...
Monk3h Posted May 4, 2008 Author Share Posted May 4, 2008 How would i add that to my script? Quote Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/#findComment-532670 Share on other sites More sharing options...
nafetski Posted May 5, 2008 Share Posted May 5, 2008 http://us.php.net/mysql_escape_string Quote Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/#findComment-533459 Share on other sites More sharing options...
MadTechie Posted May 5, 2008 Share Posted May 5, 2008 i assume thats not all the code but try this <?phpmysql_query("update tribes set land=land-$land1 where id=$mytribe[id]"); mysql_query("update tribes set credits=credits-$amm1 where id=$mytribe[id]"); mysql_query("update tribes set Wall=Wall+$aunit1 where id=$mytribe[id]"); mysql_query("insert into tlog (owner,log) values($mytribe[id],'<span style=color:#993399>$stat[user] has bought $aunit1 Walls for $amm1 Credits. </span>')"); ?> to $mytribeid = (int)$mytribe['id']; $aunit1= (int)$aunit1; $amm1=(int)$amm1; $land1=(int)$land1; mysql_query("update tribes set land=land-$land1 where id=$mytribeid"); mysql_query("update tribes set credits=credits-$amm1 where id=$mytribeid"); mysql_query("update tribes set Wall=Wall+$aunit1 where id=$mytribeid"); mysql_query("insert into tlog (owner,log) values($mytribeid,'<span style=color:#993399>$stat[user] has bought $aunit1 Walls for $amm1 Credits. </span>')"); Quote Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/#findComment-533472 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.