1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Filterscripts
  4. Tools and Files

Linear Mode
[Tool/Web/Other] Shop Webpage [Socket/MySQL]
azzerking
Huge Clucker
****
Posts: 482
Threads: 3
Joined: Dec 2009
Reputation: 0
#14

22.08.2017, 22:45
Holy Crap,

Your script is completely open to MySQL Injection.

Code:
$query = "SELECT Username, Password FROM `Users` WHERE `Username` = '".$_POST["playerName"]."'";
$result = mysqli_query($conn, $query);
Please use prepared statements.

Code:
$stmt = $mysqli->prepare("SELECT Username, Password FROM `Users` WHERE `Username` = :username ");
$stmt->execute( array( ":username", $_POST[ 'playerName' ] ) );
PHP Prepared Statements
Find
Reply
« Next Oldest | Next Newest »


Messages In This Thread
Shop Webpage [Socket/MySQL] - by oMa37 - 30.07.2017, 11:14
Re: Shop Webpage [Socket/MySQL] - by blackgangs - 30.07.2017, 11:17
Re: Shop Webpage [Socket/MySQL] - by darkhunter332 - 30.07.2017, 12:03
Re: Shop Webpage [Socket/MySQL] - by oMa37 - 30.07.2017, 13:57
Re: Shop Webpage [Socket/MySQL] - by justice96 - 30.07.2017, 16:04
Re: Shop Webpage [Socket/MySQL] - by Younes44 - 30.07.2017, 16:14
Re: Shop Webpage [Socket/MySQL] - by oMa37 - 31.07.2017, 04:27
Respuesta: Shop Webpage [Socket/MySQL] - by SlowARG - 31.07.2017, 22:43
Re: Respuesta: Shop Webpage [Socket/MySQL] - by oMa37 - 01.08.2017, 09:39
Re: Shop Webpage [Socket/MySQL] - by Anadolu - 01.08.2017, 13:31
Re: Shop Webpage [Socket/MySQL] - by TheMaskedGamer - 07.08.2017, 13:22
Re: Shop Webpage [Socket/MySQL] - by Barnwell - 07.08.2017, 14:18
Re: Shop Webpage [Socket/MySQL] - by oMa37 - 13.08.2017, 01:09
Re: Shop Webpage [Socket/MySQL] - by azzerking - 22.08.2017, 22:45
Re: Shop Webpage [Socket/MySQL] - by Roozevelt - 22.08.2017, 23:02
Re: Shop Webpage [Socket/MySQL] - by Omirrow - 22.08.2017, 23:09

Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Filterscripts
  4. Tools and Files