Jump to content

sql injections

dezkit

By dezkit
in PHP Coding Help

 Share

Recommended Posts

deadlyp99 Member

deadlyp99

Posted
Posted

OK man, you have some serious googling to do.

As a former aspiring "hacker" I am telling you the best way to learn to prevent them, is to learn how the hell they work and how to use them.

 

Steer your browser towards hackthissite.org and hellboundhackers.org. Both have basically the same web challenges, but different takes. So you may have a harder time on the same type of challenge on the different site.

 

In addition, read all the member articles, and the forums helping on the challenges (which will point you towards many other resources).

 

Oh and this is a free community forum, don't demand things because your not paying anyone for the information, we are just kind enough to help.

 

Also there are instances where escaping code won't do the trick, I can't really give specifics. Cracking/security is like art. Every new case is unique and special. Its why I love programming so much. There is a thousand different ways to code things, and every programmer has his own unique footprint. Strengths and weaknesses. You will undoubtedly have some, so read up on all areas of security and web cracking, because while the applications you code may have tighter security than a bank vault, if the floor underneath has a public access shaft, then you'll find your things gone.

 

Security takes more than the code, though thats the first thing people will look for as its one of the most common human errors, the applications that actually run your code need to be secure as well. The OS, web server, mysql server, etc etc

 

Have a good day ;D

 

PS: I love security theory ;)

 

EDIT: and cooldude832 remove "can't be exploited" from your vocabulary, that is a fiction thing and simply does not exist. All things can be exploited, it just takes different levels of ingenuity, skill, and intuition, and most importantly... time.

Link to comment
Share on other sites
deadlyp99 Member

deadlyp99

Posted
Posted

No no no. You can code to not be exploited, sure.

But never know if some Stephen Hawking brainchild cracker has found an error in a command as simple as echo or something. And believe me its not outside the realm of possibility.

 

So the lesson is you can code to not be exploited with things you already know can be exploited, as well as some things that have the possibility to be exploited.

 

Being cracked or exploited mean basically the same thing, but if you mean cracking a password algorithm, then yes they are different. I was referring to cracking as the term "hacking" is commonly improperly used as, though I guess political correctness doesn't really matter at all ;)

 

Exploiting a whole is like a tool in a crackers arsenal in the way I see the term. However lets not get in a debate on the forum, I've done way to many of those and I'd rather spend my time playing a video game or something. If you want to take it further, shoot me a pm. I don't want to make any enemies, but I did call you out didn't I? >< Damn lol.

 

Lets instead focus on educating this guy, or at least giving him the resources to do so.

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

that is finding a way to get around in the base of the language that every single script written in php would be at risk for. 

That is not hacking your specific script.

 

If you are witting a script that needs to have a level of security that would draw attention of world class hackers I doubt you should be witting it if you have to ask questions on a help forum.

Link to comment
Share on other sites
DarkWater Member

DarkWater

Posted
Posted

addslashes

mysql_real_escape_string

 

 

Those would work just fine to prevent SQL injection with MySQL.  (Don't use both.)

 

 

 

 

Actually, the latter is the one you should use because addslashes() doesn't cover every character that'll cause issues for MySQL.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.