Jump to content

Recommended Posts

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

thanks Coreye, I didn't try m changes with the register form yet.

I really want to fix that. what about the login form??

 

any functions that you have used in the past to protect your fields that

I can use?

 

thanks again!

 

thanks Coreye, I didn;'t try m changes with the register form yet.

I really want to fix that. what about the login form??

 

any functions that you have used in the past to protect your fields that

I can use?

 

thanks again!

 

Login doesn't work either. I registered with Username: testing and password: test and it says "Invalid username or password, Try Again!". This was before you deleted the account.

 

I use

function clean($str)
{
$str = stripslashes(strip_tags(htmlspecialchars($str, ENT_QUOTES)));
return $str;
}

Darkfreaks posted some also.

http://www.phpfreaks.com/forums/index.php/topic,230194.msg1066598.html#msg1066598

http://www.phpfreaks.com/forums/index.php/topic,230194.msg1066646.html#msg1066646

Failed to execute SQL: INSERT INTO sportsdb_freeagents (sportsdb_freeagents.user_id,sportsdb_freeagents.Firstname,sportsdb_freeagents.Lastname,sportsdb_freeagents.sport,sportsdb_freeagents.skilllevel,sportsdb_freeagents.email,sportsdb_freeagents.phone,sportsdb_freeagents.info,sportsdb_freeagents.automatic,sportsdb_freeagents.active) VALUES (0,\'testing\',\'testing\',\'soccer\',\'Other\',\'testing@testing.com\',\'>test\',\'testing\',1,1). Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'testing\',\'testing\',\'soccer\',\'Other\',\'testing@testing.com\',\'>test\',\' at line 1

I got this error message with your function and without the return:

Failed to execute SQL: INSERT INTO sportsdb_freeagents (sportsdb_freeagents.user_id,sportsdb_freeagents.Firstname,sportsdb_freeagents.Lastname,sportsdb_freeagents.sport,sportsdb_freeagents.skilllevel,sportsdb_freeagents.email,sportsdb_freeagents.phone,sportsdb_freeagents.info,sportsdb_freeagents.automatic,sportsdb_freeagents.active) VALUES (). Error: Column count doesn't match value count at row 1

and your function with the return i got this:

 

Failed to execute SQL: INSERT INTO sportsdb_freeagents (sportsdb_freeagents.user_id,sportsdb_freeagents.Firstname,sportsdb_freeagents.Lastname,sportsdb_freeagents.sport,sportsdb_freeagents.skilllevel,sportsdb_freeagents.email,sportsdb_freeagents.phone,sportsdb_freeagents.info,sportsdb_freeagents.automatic,sportsdb_freeagents.active) VALUES (0,'alert('this is injection');','>test','Flag Football','Fun Only','testing@gmail.com','>test','>test',1,1). Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''alert('this is injection');','>test','Fla' at line 1

<?php

//cleaning up injection
function clean($str)
{
$str = stripslashes(strip_tags(trim($str)));
$str=htmlspecialchars($str,ENT_QUOTES);
return $str;
//example of calling clean
$str=clean($_POST['string']);
}?>

XSS

 

http://happyhoursports.com/members.php?psearch=%22%3E%3Cscript%3Ealert(%22XSS%22)%3B%3C%2Fscript%3E

 

SQL Injection

 

Poll system, validate poll_id and option_id.

 

User Voting Error!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' unio' at line 1

People cannot register:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: YES) in /home2/happyho8/public_html/register.php on line 26

 

Warning: mysql_select_db() [function.mysql-select-db]: Access denied for user 'happyho8'@'localhost' (using password: NO) in /home2/happyho8/public_html/register.php on line 27

 

Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /home2/happyho8/public_html/register.php on line 27

 

People can also their own values to the drop down menu on the free agents page. You should also use PHP when validating the fields.

http://happyhoursports.com/freeagents.php


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.