Well nice idea too but I prefer this one.It's securing the variables nicely no one will be able to input ( ' ) it will be automatically replaced with ( " ) so no one will be actually able to do evil queries.Quote:
Nice function, but urls are decoded by the server and shouldn't do any harm at all
And writing a function that just replaces invalid chars isn't really good imo
Easiest thing would be to use a regex(or create 2 loops and one array with the valid chars and check every single character yourself; could be a little faster) to check if it only contains the chars you want and if it doesn't, the query isn't even executed to avoid some random data in the db
[WARNING]Don't use Vsro Reg page v2
03/09/2012 23:17
LastThief*#16
03/09/2012 23:26
JamalXd#17
fixed easy.
(local)/SQL....
use USER DNS Fixed.
(local)/SQL....
use USER DNS Fixed.
03/09/2012 23:31
ThElitEyeS#18
i know this function before years.Quote:
to escape the data before sending itPHP Code:function ms_escape_string($data)
{
if (!isset($data) or empty($data))
return '';
if (is_numeric($data))
return $data;
$non_displayables = array(
'/%0[0-8bcef]/', // url encoded 00-08, 11, 12, 14, 15
'/%1[0-9a-f]/', // url encoded 16-31
'/[\x00-\x08]/', // 00-08
'/\x0b/', // 11
'/\x0c/', // 12
'/[\x0e-\x1f]/' // 14-31
);
foreach ($non_displayables as $regex)
$data = preg_replace($regex, '', $data);
$data = str_replace("'", "''", $data);
return $data;
}
as i said i tested my reg page under php 3.5.10 its 100% safe.
03/09/2012 23:34
LastThief*#19
before years ? and php 3.5.10 ? everybody uses atleast php 5+ and as Shickl said \' will escape your security dude don't struggle every one is making mistakesQuote:
as i said i tested my reg page under php 3.5.10 its 100% safe.
my function will escape the data for real lol
03/09/2012 23:35
ThElitEyeS#20
who want to see come at tv.
03/09/2012 23:38
PortalDark#21
since php 4 there were removed lots of bug and exploits, and most involve injection and MSSQLQuote:
as i said i tested my reg page under php 3.5.10 its 100% safe.
use lastest php
03/09/2012 23:50
LastThief*#22
TONS of functions were removed in php 4+ php 3 is not really preferred lol
03/10/2012 12:35
ThElitEyeS#23
warning is fake until its approved by them on my pc.
03/10/2012 13:01
ThElitEyeS#24
first gay appear.
not surprised :awesome:
not surprised :awesome:
03/10/2012 13:33
Schickl#25
You're small-mindedQuote:
not surprised :awesome:
Accept the fact that your site isn't perfect(in fact it's far away from that) and that it's vulnerable
Instead of acting like an idiot denying that it is you could just spend like 5 minutes and fix your fucking site
03/10/2012 13:43
PortalDark#26
first you say php 2.5 is the best and best bugless phpQuote:
now the warning is fake just because you don't find a way to understand it?
03/10/2012 14:01
ThElitEyeS#27
from where you getting this shit.Quote:
now the warning is fake just because you don't find a way to understand it?
if you don't understand talk about your self not about others
i guess you should use glasses
i never said 2.5 is the best.
i said i use 3.5.10.
:facepalm:
I think you should use glasses too i never said its perfect.Quote:
Accept the fact that your site isn't perfect
You just can STFU, or you can come to tv showing me while you inject it so i can release hotfix.Quote:
Instead of acting like an idiot denying that it is you could just spend like 5 minutes and fix your fucking site
03/10/2012 14:06
PortalDark#28
guess I cant make you realize the mistake you are doing by saying that warning is fakeQuote:
if you don't understand talk about your self not about others
i guess you should use glasses
i never said 2.5 is the best.
i said i use 3.5.10.
:facepalm:
lastthief and Schickl already prove it to you,so warning is real
but i guess i dont need to stay here watching you argue about "fake" warning
03/10/2012 14:13
vorosmihaly#29
seriously,this topic has turned to be a funny topic xD
03/10/2012 14:18
ThElitEyeS#30
good for youQuote:
lastthief and Schickl already prove it to you,so warning is real
but i guess i dont need to stay here watching you argue about "fake" warning