Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Ad icon
🎮 INDIAN PSN GIFT CARDS AVAILABLE NOW! 🎮
madukaperera
Updated:
Yesterday at 12:57 PM
🚀 Google AI PRO – 18 Months | Rs. 850 Only
lkkolla
Updated:
Monday at 4:56 PM
🔒 NordVPN Premium – 3 Months
hrdilshan
Updated:
Thursday at 8:29 PM
🚀 Microsoft Office 365 Pro Plus – Lifetime Access! 🚀
hrdilshan
Updated:
Thursday at 8:28 PM
Linkedin Premium Business / Careere /Sales Navigator - 1/2/3/6/9/12 Months - Reddem Link
hrdilshan
Updated:
Thursday at 8:27 PM
Electronics
Vehicles
Property
Search
Reply to thread
Forums
General
Education
How to become a Professional Hacker.... Sri Lankan Way
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="sri_lion" data-source="post: 3339864" data-attributes="member: 4103"><p>Your code must be clean to prevent the vulnerability of your forms! And must process every connection handler through a proper procedure!</p><p></p><p>For example in PHP you have some functions you can use for this.. like </p><p></p><p>[CODE]mysql_escape_string </p><p>mysql_real_escape_string()</p><p>stripslashes</p><p>addslashes</p><p>[/CODE]</p><p></p><p>So after implementing these you can define what character sets to use in that particular even or function so whatever SQL commends goes out of scope would not entertained!</p><p></p><p>Here's an example!</p><p></p><p>[CODE]<?php</p><p>if (!function_exists("GetSQLValueString")) {</p><p>function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") </p><p>{</p><p> $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;</p><p></p><p> $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);</p><p></p><p> switch ($theType) {</p><p> case "text":</p><p> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";</p><p> break; </p><p> case "long":</p><p> case "int":</p><p> $theValue = ($theValue != "") ? intval($theValue) : "NULL";</p><p> break;</p><p> case "double":</p><p> $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";</p><p> break;</p><p> case "date":</p><p> $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";</p><p> break;</p><p> case "defined":</p><p> $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;</p><p> break;</p><p> }</p><p> return $theValue;</p><p>}</p><p>}</p><p>... rest of the code[/CODE]</p></blockquote><p></p>
[QUOTE="sri_lion, post: 3339864, member: 4103"] Your code must be clean to prevent the vulnerability of your forms! And must process every connection handler through a proper procedure! For example in PHP you have some functions you can use for this.. like [CODE]mysql_escape_string mysql_real_escape_string() stripslashes addslashes [/CODE] So after implementing these you can define what character sets to use in that particular even or function so whatever SQL commends goes out of scope would not entertained! Here's an example! [CODE]<?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ... rest of the code[/CODE] [/QUOTE]
Insert quotes…
Verification
Dahaya deken beduwama keeyada?
Post reply
Top
Bottom