1. SA-MP Forums Archive
  2. Non-English
  3. Languages
  4. Português/Portuguese

Threaded Mode
[Ajuda] SQL injection
Mr.Hardy
Huge Clucker
****
Posts: 442
Threads: 45
Joined: Dec 2011
Reputation: 0
#1

14.01.2014, 01:11
Tem haver com SA:MP kkkkk

Posso sofrer SQL injection nesse cуdigo PHP?

PHP код:
        $result mysql_query("SELECT `usuario` FROM `usuarios` WHERE usuario='".$_POST['usuario']."'");
        if(!mysql_fetch_row($result))
        {
            $problema true;
        }
        $result mysql_query("SELECT `usuario`,`senha`,`ultimaskin` FROM `usuarios` WHERE usuario='".$_POST['usuario']."'");        
        while($data mysql_fetch_array($result)) // Make $data an array of the query you just executed. 
        
            $senha $data['senha'];
            $usuario $data['usuario'];
            $ultimaskin $data['ultimaskin'];
        } 
Estou mostrando somente a parte que tenho б duvida. E se posso ser atacado como evitar?
Find
Reply
Kmatsu
Huge Clucker
****
Posts: 461
Threads: 1
Joined: Aug 2011
Reputation: 0
#2

14.01.2014, 01:13
Sim, vocк pode .-.
use: mysql_real_escape_string
Find
Reply
Mr.Hardy
Huge Clucker
****
Posts: 442
Threads: 45
Joined: Dec 2011
Reputation: 0
#3

14.01.2014, 01:16
Implementa nesse cуdigo pra min? Huheuehue
PHP код:
        $result mysql_query("SELECT `usuario`,`senha`,`ultimaskin` FROM `usuarios` WHERE usuario='".$_POST['usuario']."'");        
        while($data mysql_fetch_array($result)) // Make $data an array of the query you just executed. 
        
            $senha $data['senha'];
            $usuario $data['usuario'];
            $ultimaskin $data['ultimaskin'];
        }
        function udb_hash($pass)
        {
            $length strlen($pass);
            $s1 1;
            $s2 0;   
            for($i=0$i<$length$i++)
            {
                $s1 = ($s1 ord($pass[$i])) % 65521;
                $s2 = ($s2 $s1)       % 65521;
            }
            $wy= ($s2 << 16) + $s1;
            return $wy;
        }        
        if($senha == $_POST['senha'])
        {
            $problema false;    
            $_SESSION['logado'] = 1;
            $_SESSION['usuario'] = $usuario;
            $_SESSION['skin'] = $ultimaskin;
            echo "<meta http-equiv='refresh' content='0; url=naoachou.php'>";
        } 
Find
Reply
Falcon.
High-roller
*****
Posts: 1,743
Threads: 36
Joined: Jul 2010
Reputation: 0
#4

14.01.2014, 11:39
Prepared Statements
Find
Reply
GWMPT
Gangsta
*****
Posts: 987
Threads: 21
Joined: Nov 2012
Reputation: 0
#5

14.01.2014, 17:17
.... NГO USE MYSQL_*
Estas funзхes jб estгo desactualizadas.
Use MySQLi_*

E use mysqli_escape_string para "limpar" o "input"
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. Non-English
  3. Languages
  4. Português/Portuguese