[Emmet_]

db_injection.inc

Introduction
This include will simply detect any malicious queries that contain injection vulnerabilities within the query (only works for db_query and MySQL R7 queries at the moment). The injection reports are saved in inject_log.txt in scriptfiles.

What is SQL injection?
SQL injection is when a user exploits a form of SQL, such as a login form, to gain unprivileged access or execute vulnerable queries that will damage the data or put it at risk. Basically, this include will help stop prevent that from happening!

How it works
This include works by hooking db_query and mysql_function_query (R7 only) to see if the query contains any malicious injection vulnerabilities. If so, it is recorded into inject_log.txt.

Functions
There are only these three functions for now:

pawn Код:

// Returns the number of injected values found, otherwise zero.
forward IsMaliciousQuery(query[]);

// Disables any malicious queries from being executed (disabled by default).
forward DisableBadQueries();

// Escapes the inputted value and returns it.
forward SQL_Escape(input[]);

Instructions
Simply download the include, place it into your includes folder, and then add this at the top:

pawn Код:

#include <db_injection>

And watch out for inject_log.txt in your scriptfiles, all SQL injection attempts will be recorded there!

Download
db_injection.inc

[Wizza]

Decent work Emmet! This is very useful.

[Emmet_]

Thanks, kind sir.

Also guys, should the attempts automatically save inside "inject_log.txt" or should it be within a callback?