mo Posted April 21, 2009 Share Posted April 21, 2009 Still have 4 remaining errors from FireFox's SQl Inject Me. I have an array as a field name as and when I try to clean the array, I still get the SQL injection errors. All 4 errors are for field $_POST['qID']. I tried to clean $_POST['qID'] and $_POST['qID[]'] using the below function. <?php function checkSQLinject($data){ if(get_magic_quotes_gpc()) { $data = stripslashes($data); } return mysql_real_escape_string($data); } ?> Errors: Server Status Code: 302 Moved Temporarily Tested value: 1' OR '1'='1 Server Status Code: 302 Moved Temporarily Tested value: 1' OR '1'='1 Server Status Code: 302 Moved Temporarily Tested value: ' OR username IS NOT NULL OR username = ' Server Status Code: 302 Moved Temporarily Tested value: '; DESC users; -- <?php if(isset($_POST['UpdateCart'])){ //Update cart item quantities foreach($_POST['pid'] as $pid_key => $pid) { $postQty = $_POST['qID'][$pid_key]; $optionsStr = $_POST['optionStr'][$pid_key]; $pid = (int) $pid; $postQty = (int) $postQty; $optionsStr = checkSQLinject($optionsStr); $message = UpdateItem($pid,$postQty,$optionsStr); } } echo "<form id=\"CartForm\" name=\"CartForm\" method=\"post\" action=\"".$_SERVER['PHP_SELF']."\">"; echo "<table class=\"dataList\">"; } echo "<tr><td class=\"dataListHeader\">Item ID</td> <td class=\"dataListHeader\">Store</td> <td class=\"dataListHeader\">Description</td> <td class=\"dataListHeader\">Recipient</td> <td class=\"dataListHeader\">Comments</td> <td class=\"dataListHeader\">Size</td> <td class=\"dataListHeader\">Qty.</td> <td class=\"dataListHeader\">Price</td> <td class=\"dataListHeader\" colspan=\"2\">Total</td> <td class=\"dataListHeader\"></td> </tr>"; echo "<tr><td class=\"dataListItem\">$strID</td> <td class=\"dataListItem\"> <a href=\"dispmenu.php?storeid=$strStoreId&storename=".urlencode($strStoreName)."\">$strStoreName</a></td> <td class=\"dataListItem\">$strTitle</td> <td class=\"dataListItem\">$strRecipient</td> <td class=\"dataListItem\">$strComments</td> <td class=\"dataListItem\">$strProdSize</td> <td class=\"dataListItem\"> <input id=\"qID[]\" name=\"qID[]\" type=\"text\" size=\"5\" value=\"$strQty\" maxlength=\"5\"> <input type=\"hidden\" class=\"hidden\" id=\"pid[]\" name=\"pid[]\" value=\"$strID\"> <input type=\"hidden\" class=\"hidden\" id=\"optionStr[]\" name=\"optionStr[]\" value=\"$strOptions\"> </td> <td class=\"dataListItem\">$strPrice</td> <td class=\"dataListItem\" colspan=\"2\">$strTotal</td> <td class=\"dataListItemNoBorder\"> <input type=\"button\" class=\"DeleteButn\" alt=\"Delete\" name=\"btnDelete\" id=\"btnDelete\" value=\"\" onClick=\"window.location.href='$full_home/cart.php?action=remove_item&smid=$strID&itemOption=$strOptions'\"> </td></tr>"; echo "</table></form>"; ?> The contents of the port variables are: Array ( [qID] => Array ( [0] => 1 [1] => 1 ) [pid] => Array ( [0] => 19 [1] => 32 ) [optionStr] => Array ( [0] => 1, [1] => 5,6,8, ) [tipAmount] => 0.00 [update_x] => 54 [update_y] => 24 [update] => update [updateCart] => 1 [cartSubTotal] => 35.97 [qID[]] => ) Link to comment https://forums.phpfreaks.com/topic/155052-solved-still-cant-clean-array-from-sql-injection/ Share on other sites More sharing options...
soak Posted April 21, 2009 Share Posted April 21, 2009 http://www.phpfreaks.com/forums/index.php/topic,248276.msg1162365.html#msg1162365 Still applies. I don't think there is a problem. the 302 means that somewhere your code is redirecting which looks to be causing SQL Inject me to think there is a problem. Are you redirecting if bad data is received? Link to comment https://forums.phpfreaks.com/topic/155052-solved-still-cant-clean-array-from-sql-injection/#findComment-815499 Share on other sites More sharing options...
mo Posted April 21, 2009 Author Share Posted April 21, 2009 http://www.phpfreaks.com/forums/index.php/topic,248276.msg1162365.html#msg1162365 Still applies. I don't think there is a problem. the 302 means that somewhere your code is redirecting which looks to be causing SQL Inject me to think there is a problem. Are you redirecting if bad data is received? No I am not redirecting. If your sure this is not a SQL injection vulnerability, than I will just call it done. I just want to make sure my site is secure before I release it and all my other forms have no SQL injection or XSS errors. Link to comment https://forums.phpfreaks.com/topic/155052-solved-still-cant-clean-array-from-sql-injection/#findComment-815503 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.