Hello guys I am asking for those expert this

[marlyandedsel]

Can you do or check the following php script if this scrip is vulnerable of sql injection please, and can you recommend us the right way or some sample on how to to this, I am really suck at PHP scripting.

PHP Code:

<?php        

function madSafety($string) {
 $string = stripslashes($string);
 $string = strip_tags($string);
 $string = mysql_real_escape_string($string);
 return $string;
 }

# was there a reCAPTCHA response?

        

if(isset($_POST['submits'])) 
{
    $conn = mysql_connect("localhost", "root", "password");
    $db = mysql_select_db("database");
    mysql_select_db($accdb);
    $username=$_POST['name'];
    $password=$_POST['pass'];
    $email=$_POST["email"];
    $ip = $_SERVER['REMOTE_ADDR'];

    $username = madSafety($username);
    $password = madSafety($password);
    $email = madSafety($email);

    $AllRight = True;

    require_once('recaptchalib.php');

    // Get a key from https://www.google.com/recaptcha/admin/create
    $publickey = "6Ld339MSAAAAAHNQMGcQ35VZW18fqm4iUk5fVIJe";
    $privatekey = "6Ld339MSAAAAAEjMoKlss8CJAO_sSURNPm97YZdj";

    # the response from reCAPTCHA
    $resp = null;
    # the error code from reCAPTCHA, if any
    $error = null;

    $resp = recaptcha_check_answer ($privatekey,
                                   $_SERVER["REMOTE_ADDR"],
                                   $_POST["recaptcha_challenge_field"],
                                   $_POST["recaptcha_response_field"]);

    if ($resp->is_valid) 
    {
        $AllRight = True;
    } 
    else 
    {
       # set the error code so that we can display it
       $error = "<tr><FONT COLOR='#0000FF'><FONT SIZE='3'><center>".$resp->error."</center></FONT></FONT></p>";
       print "<center>You provided an invalid security code</center>";        
       $AllRight = False;
    }
    if(!$username) { print("<center>Account ID Field Empty!</center>");  $AllRight = False; }
    else 
        if(!$pass]) { print("Password Field Empty!");   $AllRight = False;}
        else 
            if(!$pass2]) { print("Confirm Password Field Empty!");   $AllRight = False;}
            else 
                if(!$email]) { print("E-mail Address Field Empty!");   $AllRight = False;}
                else 
                    if(!ereg("^[0-9a-z]{4,12}$",$username)) { print("AccountID only letters from \"a\" to \"z\" and numbers, length of 4 to 12 characters");  $AllRight = False; }
                    else 
                        if(!ereg("^[0-9a-z]{4,14}$",$password)) { print("Password only letters from \"a\" to \"z\" and numbers, length of 4 to 14 characters");   $AllRight = False;}
                        else
                            if($_POST["pass"]!=$_POST["pass2"]) { print("Passwords do not match!");  $AllRight = False; }    
                            else 
                                $check = mysql_query("SELECT * FROM accounts WHERE Username = '".$username."'");
                                if(mysql_num_rows($check) != '0') 
                                {
                                    echo"<center><FONT COLOR='white'>Username <i>'".$username."'</i> is already registered, please use another name.</FONT></center>";
                                }
                                else
                                {                     
                                    mysql_query('INSERT INTO accounts(Username,Password,Email) VALUES ("'.$username.'","'.$password.'","'.$email.'")') or die(mysql_error());                         
                                    echo "<center><FONT COLOR='white'>Registered Successfully</FONT></center>";
                                }
                    
mysql_close($conn);
}
?>

Thank You in advance

[JohnHeatz]

Would've been good to post this as a follow-up on your already existing thread:



I am not a "pro" when it comes to security, yet I don't see (after checking the code briefly) any vulnerabilities, yet I might be mistaken as it is sort of late for me right now, so just wait for some more people to check on it