• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

[REQUEST] ANTI SQL INJECTION

EstebanGod

EstebanGod

New Member
Joined
Jun 18, 2014
Messages
83
Reaction score
3
Is there any tutorial about this and how to protect yourself against them?
I keep gettin my index edited from vps and files deleted by someone using sql injection
 
EstebanGod said:
im using znote for tfs 0.4 where can find this'

@Summ could u explain abitmore?
Click to expand...

there should be thing in like
Code: 
$q = mysql_query("SELECT * FROM login WHERE login = '$login'");

so if "hacker" write something like..
Code: 
variable ' or '1'='4”
they could do weird things... or even worse destroy the database typing
Code: 
 „variable';DROP TABLE

You can fix it by placing perl code like

Code: 
$query = $sql->prepare("SELECT * FROM login WHERE name = ?");
$query->execute($login);

Or just adding
Code: 
/ ' "
where its needed

THIS IS NOT TESTED, because i dont have time to do such things for everyone. But i think you get a point so you can easly fix it for yourself... if not then stop working on ots because you need knowledge to create such things (imagine if you have BUG in PAYMENT SYSTEM and you couldnt fix it).

#edit
IF YOU ARE REALLY UNSKILLED then you can try install software that block database commands. Just check https://www.modsecurity.org
 
Last edited:
Thanks alot information was really useful to me, Its just that there is too many info about sql injections on the internet I had already tried some scripts and other things but it didnt seem to work... Im already working on this
 
Znote AAC does not use prepared statements. Prepared statements are used to prevent human error, stupid things humans do which creates vulnerability.

In Znote AAC, just remember to fetch POST and GET variables using the getValue method and your all set. And you should not have any problems with SQL injections.

If you find any problems with the default Znote AAC files, especially in regard to security, please tell me. I have yet to find a hacker good enough to challenge my code, I would highly appreciate any attempts. Go nuts on http://demo.znote.eu/
 
Im actually using @Znote AAC 1.4 . Also using a custom layout.

Where exactly do i work this out?

"In Znote AAC, just remember to fetch POST and GET variables using the getValue method and your all set. And you should not have any problems with SQL injections."
 

Similar threads

N
Programmer OTCv8 protection services
Replies
1
Views
436
neptuno
N
tarantonio
[Tutorial] How to run a fresh 7.7 Cipsoft Server
Replies
15
Views
3K
Sunny98
Sunny98
zdolny
Looking for help
Replies
5
Views
430
PuszekLDZ
PuszekLDZ
ShadowProwl
  • Question
TFS 1.X+ MySQL errors
Replies
2
Views
245
ShadowProwl
ShadowProwl
G
  • Question
TFS 0.X [TFS]0.3.6 decrease map size or compile 64bit
Replies
1
Views
353
claws2012
C
valorek
  • Question
OTClient [RME] 7.92 palette extension/modification files
Replies
0
Views
240
valorek
valorek
Giorox
Naive Dockerized TFS 1.5
Replies
5
Views
1K
OTAmator
O
J
  • Question
Problem Myacc (Guild War
Replies
3
Views
712
jareczekjsp
J
alelu541
  • Question
AAC AAC not connecting with my SQL
Replies
1
Views
309
slaw
slaw
N
BLACK - Client protection
Replies
3
Views
547
Erikas Kontenis
Erikas Kontenis
Back
Top