tommyda Posted October 8, 2007 Share Posted October 8, 2007 I am stuck and cannot find any information online about User Enumeration and what i should do to prevent it can anyone help me Quote Link to comment Share on other sites More sharing options...
teng84 Posted October 8, 2007 Share Posted October 8, 2007 Enumeration ??? Quote Link to comment Share on other sites More sharing options...
L Posted October 8, 2007 Share Posted October 8, 2007 User Enumeration: some mysql injection thing probably...I need help with that too...guys over at beta testing test against this so prevention is needed!! Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 8, 2007 Share Posted October 8, 2007 MYSQL why not just use strip_tags and mysql_real_escape_string? ??? Quote Link to comment Share on other sites More sharing options...
L Posted October 8, 2007 Share Posted October 8, 2007 I know, I did use both...but it says for me User Enumeration: http://infinitevortex.6te.net/~root/ Quote Link to comment Share on other sites More sharing options...
teng84 Posted October 8, 2007 Share Posted October 8, 2007 bad i dont know whats that @&*^!@ can any body explain that thing Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 8, 2007 Share Posted October 8, 2007 An enumeration. A string object that can have only one value, chosen from the list of values 'value1', 'value2', ..., NULL or the special '' error value. An ENUM column can have a maximum of 65,535 distinct values. ENUM values are represented internally as integers. Quote Link to comment Share on other sites More sharing options...
teng84 Posted October 8, 2007 Share Posted October 8, 2007 i that what they mean hmm SQL i never thought they mean SQL ENUM Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted October 8, 2007 Share Posted October 8, 2007 yeah its SQL ENUM he just needs an example of how to do it use something like <?php $sql = "SHOW COLUMNS FROM members LIKE 'membertype'"; $qry = mysql_query($sql); $res = mysql_fetch_object($qry); // This returns a row with a field 'Type' containing 'enum(...)' $res->Type = str_replace('enum', 'array', $res->Type); eval(" \$memberTypes = $res->Type; "); foreach($memberTypes as $type) { echo "<option...etc." } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.