Monk3h Posted May 4, 2008 Share Posted May 4, 2008 When people enter a value into the text box they can buy it for the corect price. But iv noticed that its possible to add + <any number> and you get any number for Free as it adds onto the SQL string (im guessing) Is there any short and fast fay to fix this problem. I tried running the text box value thru a String_replace but it stoped the box from working and no matter what you tried to buy it would just buy 0 every time. =/ if ($mytribe[devcount] >=1) { Print "<form method=post action=dtroops.php?step=buy&troop=1> <table> <tr> <td width='25%'><center>$unit1[name]</center></td> <td width='25%'><center>$unit1[cost] Credits</center></td> <td width='25%'><center><input number=text name=aunit1></b></center></td> <td width='25%'><center><input type=submit value=Buy></form></center></td> </tr> <tr> <td colspan=4><center>$unit1[description]</center></td> </tr> </table></form><br><br>"; if ($troop == 1) { if ($stat[id] != $mytribe[owner]) { Print "You are not the Tribe Owner, you dont have the authority to do that!"; include ("footer.php"); exit; } $amm1 = ($unit1[cost] * $aunit1); if ($mytribe[credits] < $amm1) { Print "<b>Your Tribe Does not have that many Credits.<br><br></b>"; } elseif ($mytribe[land] < $land1) { Print "<b>Your Tribe Does not have enough land to Support.</b>"; } else { Print "<b>You Bought <i>$aunit1 $unit1[name](s) </i>for Your tribe at a cost of $amm1 Credits</b><br><br>"; mysql_query("update tribes set land=land-$land1 where id=$mytribe[id]"); mysql_query("update tribes set credits=credits-$amm1 where id=$mytribe[id]"); mysql_query("update tribes set Wall=Wall+$aunit1 where id=$mytribe[id]"); mysql_query("insert into tlog (owner,log) values($mytribe[id],'<span style=color:#993399>$stat[user] has bought $aunit1 Walls for $amm1 Credits. </span>')"); } } Any help will be greatly aprechiated. Thanks. =] Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/ Share on other sites More sharing options...
papaface Posted May 4, 2008 Share Posted May 4, 2008 Use mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/#findComment-532668 Share on other sites More sharing options...
Monk3h Posted May 4, 2008 Author Share Posted May 4, 2008 How would i add that to my script? Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/#findComment-532670 Share on other sites More sharing options...
nafetski Posted May 5, 2008 Share Posted May 5, 2008 http://us.php.net/mysql_escape_string Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/#findComment-533459 Share on other sites More sharing options...
MadTechie Posted May 5, 2008 Share Posted May 5, 2008 i assume thats not all the code but try this <?phpmysql_query("update tribes set land=land-$land1 where id=$mytribe[id]"); mysql_query("update tribes set credits=credits-$amm1 where id=$mytribe[id]"); mysql_query("update tribes set Wall=Wall+$aunit1 where id=$mytribe[id]"); mysql_query("insert into tlog (owner,log) values($mytribe[id],'<span style=color:#993399>$stat[user] has bought $aunit1 Walls for $amm1 Credits. </span>')"); ?> to $mytribeid = (int)$mytribe['id']; $aunit1= (int)$aunit1; $amm1=(int)$amm1; $land1=(int)$land1; mysql_query("update tribes set land=land-$land1 where id=$mytribeid"); mysql_query("update tribes set credits=credits-$amm1 where id=$mytribeid"); mysql_query("update tribes set Wall=Wall+$aunit1 where id=$mytribeid"); mysql_query("insert into tlog (owner,log) values($mytribeid,'<span style=color:#993399>$stat[user] has bought $aunit1 Walls for $amm1 Credits. </span>')"); Link to comment https://forums.phpfreaks.com/topic/104054-text-box-exploitation-problem/#findComment-533472 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.