fallen00sniper Posted December 12, 2008 Share Posted December 12, 2008 having a problem with this code and getting it to work properly with my database, someone else coded it up and gave it out freely, but i need to make one change to it and also it isn't communicating with my database properly with one table ExtWareHouse. Thanks to anyone that can help. Edit: no error it just doesn't copy the warehouse table to extwarehouse, this is for a MMORPG game MuOnline. thanks brian for letting me know to put it here in 3rd party you can del the other post if you want. My Alteration <table align="center" width="450" border="0" class="text_little"> <tr> <td align="center"><?php echo "Still debugging. :smile:"; ?></td> </tr> </table> <form id="form1" name="form1" method="post" action=""> <table align="center" width="450" border="0" cellspacing="0" cellpadding="0" style="visibility:collapse;"> <tr> <td> <table align="center" width="450" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="center" width="450" class="text_little">For security purposes please verify your account.</td> </tr> <tr> <td height="5px"></td> </tr> </table> <table align="center" width="135" border="0" cellspacing="0" cellpadding="0" class="text_little"> <tr> <td class="text_little">Anti-Dupe System:</td> <td style="color:#00ff00;">Enabled</td> <td class="text_little">.</td> </tr> </table> <table align="center" width="150" border="0" class="text"> <tr> <td align="left">Username</td> </tr> <td align="left"><div><input name="id" type="text" class="field" size="20" /></div></td> </tr> <tr> <td align="left">Password</td> </tr> <td align="left"><div><input name="clave" type="password" class="field" size="20" /></div></td> </tr> <tr> <td align="left"><div><input name="Submit" type="submit" value="Change Vault" class="button" /></div></td> </tr> </table> <table align="center" width="450" border="0" class="text_little"> <tr> <td align="center"><?php $conection = mssql_connect("127.0.0.1","sa","28772877") or die("SQL connection fail, verify your connection config."); mssql_select_db("MuOnline",$conection); function anti_injection( $mensaje ) { $banlist = array ("insert","select","drop","update","delete","distinct","having","truncate","replace", "handler","like","procedure","limit","order by","group by","<",">","/","'"," ","=","*",",","-"); if ( eregi ( "[a-zA-Z0-9]+", $mensaje ) ) { $mensaje = trim ( str_replace ( $banlist, '', strtolower ( $mensaje ) ) ); } else { $mensaje = NULL; } return $mensaje; } if(trim($HTTP_POST_VARS["id"]) != "" && trim($HTTP_POST_VARS["clave"]) != "") { $sql = "SELECT memb___id FROM MEMB_INFO WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."' and memb__pwd='".anti_injection($HTTP_POST_VARS["clave"])."'"; $result = mssql_query($sql); if($row = mssql_fetch_array($result)) { $sqlexiste = "SELECT AccountID FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'"; $resultexiste = mssql_query($sqlexiste); if($rowexiste = mssql_fetch_array($resultexiste)) { $sqlchar = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."'"); $rschar = mssql_fetch_array($sqlchar); if(($rschar['ConnectStat'])==0) { $sqlbaul = mssql_query("SELECT number FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'"); $rsbaul = mssql_fetch_array($sqlbaul); if(($rsbaul['number'])==1) { /* If I want my original vault */ /* Save 2nd vault in extwarehouse table */ $sql ="update extwarehouse set items=(select items from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); $sql ="update extwarehouse set money=(select money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); /* Update main vault to original content */ $sql ="update warehouse set items=(select items from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); $sql ="update warehouse set money=(select money from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); /* Set vault number */ $sql ="update warehouse set number=0 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); /* Clean main vault last data */ $sql ="delete charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); } if(($rsbaul['number'])==0) { /* If I want 2nd vault */ /* Save main vault data into charbaul table */ $sql ="insert into charbaul(accountid, items, money)(select accountid, items, money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."')"; mssql_query($sql); /* Update main vault to 2nd vault data */ $sql ="update warehouse set items=(select items from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); $sql ="update warehouse set money=(select money from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); /* Set vault number */ $sql ="update warehouse set number=1 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); } echo "Your vault was changed successfully to"; if(($rsbaul['number'])==0) echo " Vault 2."; if(($rsbaul['number'])==1) echo " Vault 1."; } else { echo "You must be offline to do this. vault change did not proceed!"; } } else { echo "You don't have extravault, Please contact your Administrator!"; } } else { echo "Invalid Username or Password!"; } mssql_free_result($result); } else { echo "You must complete all fields to change vault."; } mssql_close(); ?></td> </tr> </table> </td> </tr> </table> </form> Original Script <? $conection = mssql_connect("127.0.0.1","sa","28772877") or die("SQL connection fail, verify your connection config."); mssql_select_db("MuOnline",$conection); function anti_injection( $mensaje ) { $banlist = array ("insert","select","drop","update","delete","distinct","having","truncate","replace", "handler","like","procedure","limit","order by","group by","<",">","/","'"," ","=","*",",","-"); if ( eregi ( "[a-zA-Z0-9]+", $mensaje ) ) { $mensaje = trim ( str_replace ( $banlist, '', strtolower ( $mensaje ) ) ); } else { $mensaje = NULL; } return $mensaje; } if(trim($HTTP_POST_VARS["id"]) != "" && trim($HTTP_POST_VARS["clave"]) != "") { $sql = "SELECT memb___id FROM MEMB_INFO WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."' and memb__pwd='".anti_injection($HTTP_POST_VARS["clave"])."'"; $result = mssql_query($sql); if($row = mssql_fetch_array($result)) { $sqlexiste = "SELECT AccountID FROM EXTWAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'"; $resultexiste = mssql_query($sqlexiste); if($rowexiste = mssql_fetch_array($resultexiste)) { $sqlchar = mssql_query("SELECT ConnectStat FROM MEMB_STAT WHERE memb___id='".anti_injection($HTTP_POST_VARS["id"])."'"); $rschar = mssql_fetch_array($sqlchar); if(($rschar['ConnectStat'])==0) { $sqlbaul = mssql_query("SELECT number FROM WAREHOUSE WHERE AccountID='".anti_injection($HTTP_POST_VARS["id"])."'"); $rsbaul = mssql_fetch_array($sqlbaul); if(($rsbaul['number'])==1) { /* If I want my original vault */ /* Save 2nd vault in extwarehouse table */ $sql ="update extwarehouse set items=(select items from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); $sql ="update extwarehouse set money=(select money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); /* Update main vault to original content */ $sql ="update warehouse set items=(select items from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); $sql ="update warehouse set money=(select money from charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); /* Set vault number */ $sql ="update warehouse set number=0 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); /* Clean main vault last data */ $sql ="delete charbaul where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); } if(($rsbaul['number'])==0) { /* If I want 2nd vault */ /* Save main vault data into charbaul table */ $sql ="insert into charbaul(accountid, items, money)(select accountid, items, money from warehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."')"; mssql_query($sql); /* Update main vault to 2nd vault data */ $sql ="update warehouse set items=(select items from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); $sql ="update warehouse set money=(select money from extwarehouse where accountid='".anti_injection($HTTP_POST_VARS["id"])."') where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); /* Set vault number */ $sql ="update warehouse set number=1 where accountid='".anti_injection($HTTP_POST_VARS["id"])."'"; mssql_query($sql); } echo "-".anti_injection($HTTP_POST_VARS["id"])." vault changed successfully!"; } else { echo "You must be offline, vault change did not proceed!"; } } else { echo "You don't have extravault, contact your administrator!"; } } else { echo "Login fail!"; } mssql_free_result($result); } else { echo "You must to complete all field to login!"; } mssql_close(); ?> Quote Link to comment https://forums.phpfreaks.com/topic/136601-moved-php-injecting-into-sql-database-problem/ Share on other sites More sharing options...
fallen00sniper Posted December 13, 2008 Author Share Posted December 13, 2008 so no one knows about php and mssql ??? the combo box isn't important so i'm not looking for help with that as much as the script needing a little help since it doesn't communicate with my ExtWareHouse table as it should. Quote Link to comment https://forums.phpfreaks.com/topic/136601-moved-php-injecting-into-sql-database-problem/#findComment-714308 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.