1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
SQL injection - Stupid idea
PeterJane
Big Clucker
***
Posts: 118
Threads: 9
Joined: Dec 2014
Reputation: 0
#1

12.06.2015, 21:38
Hi guys I need your opinion.

It will probably be the most stupid quetion you ever read in your life, but still I'm going to ask!

I'm thinking about a system where the player in-game cracks an atm. I've thought about several things including math equations, which signal/number comes next, etc. But would it be possible to allow an user to do an sql injection into a separate database used only for a special occasion? I mean, it would be hard for the majority of players.

I know some of you will say that I've no experience whatsoever about databases, and that's true, but this is part of my learning and curiosity.
Find
Reply
JaydenJason
Gangsta
****
Posts: 687
Threads: 35
Joined: Oct 2014
Reputation: 0
#2

12.06.2015, 22:17
Quote:
Originally Posted by PeterJane
Посмотреть сообщение
Hi guys I need your opinion.

It will probably be the most stupid quetion you ever read in your life, but still I'm going to ask!

I'm thinking about a system where the player in-game cracks an atm. I've thought about several things including math equations, which signal/number comes next, etc. But would it be possible to allow an user to do an sql injection into a separate database used only for a special occasion? I mean, it would be hard for the majority of players.

I know some of you will say that I've no experience whatsoever about databases, and that's true, but this is part of my learning and curiosity.
nononono, I like the idea but you shouldn't allow actual injections. howeverrr you could use strfind to find if player has inserted something like "100', accountCash = '99999'" or w/e,
Find
Reply
[DOG]irinel1996
High-roller
*****
Posts: 1,469
Threads: 62
Joined: Jan 2010
Reputation: 0
#3

12.06.2015, 22:23
I'm not sure about how works the MySQL plugin right now for SA-MP, 'cause I didn't use it for a long time, but there must be something like mysqli_real_escape_string, that should avoid SQL Injection.

Probably this isn't 100% secure, but it's enough.

I didn't understand your question at all, are you going to allow users to crack an ATM in-game (in a RP gamemode probably) using real SQL code? In my opinion, that's not a good idea because I think there isn't any way to say "disable SQL Injection there and there not".

Use PAWN for in-game systems.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help