• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Does someone understand my script ^^[PHP]

F

fenomenoide

New Member
Joined
Oct 22, 2007
Messages
134
Reaction score
0
<?php

function sql_seguro($valor)
{
/*we are replacing < > so it doesnt insert codes as <?php ...ataque... ?>*/
$valor = str_replace("<","&lt;",$valor);
$valor = str_replace(">","&gt;",$valor);

/*words that can cause problems*/
$valor = str_replace('INSERT','[INSERT]',$valor);
$valor = str_replace('REPLACE','[REPLACE]',$valor);
$valor = str_replace('UPDATE','[UPDATE]',$valor);
$valor = str_replace('DELETE','[DELETE]',$valor);
$valor = str_replace('SELECT','[SELECT]',$valor);
$valor = str_replace('TRUNCATE','[TRUNCATE]',$valor);
$valor = str_replace('CREATE','[CREATE]',$valor);
$valor = str_replace('DROP','[DROP]',$valor);
$valor = str_replace('SET','[SET]',$valor);
$valor = str_replace(';','[;]',$valor);
$valor = str_replace('"','["]',$valor);
$valor = str_replace("'","[']",$valor);

return $valor;
}

function sql_noseguro($valor)
{
/*words that can make problems*/
$valor = str_replace('[INSERT]','INSERT',$valor);
$valor = str_replace('[REPLACE]','REPLACE',$valor);
$valor = str_replace('[UPDATE]','UPDATE',$valor);
$valor = str_replace('[DELETE]','DELETE',$valor);
$valor = str_replace('[SELECT]','SELECT',$valor);
$valor = str_replace('[TRUNCATE]','TRUNCATE',$valor);
$valor = str_replace('[CREATE]','CREATE',$valor);
$valor = str_replace('[DROP]','DROP',$valor);
$valor = str_replace('[SET]','SET',$valor);
$valor = str_replace('[;]',';',$valor);
$valor = str_replace('["]','"',$valor);
$valor = str_replace("[']","'",$valor);

return $valor;
}

?>
Click to expand...

What do you think...
These is just a beta try
Trying make more anti-~~~ you kno
 
I understand it, but I don't get the point :/

Just protect yourself from SQL-injections and XSS attacks, and you'll be fine.

use mysql_real_escape_string, when taking GET/POST-data to your database, and htmlentities to print it out. Because they could save HTML code, which'd f*ck up your website :p
 
well it was long time since around 3 years I got it on my computer I was wondering if it still working cuz I dont rmmbr much for shit of sql inyections and php all thjat
 

Similar threads

samuel157
  • Question
Lua -=[TFS]=- 0.4 8.60 [TALKACTIONS] Can someone create a !debug script hp/mana/cap Reset System
Replies
6
Views
429
samuel157
samuel157
J
  • Question
Myacc tfs1.5 shop problem
Replies
8
Views
433
tobi132
T
J
  • Question
Auction system Problem
Replies
0
Views
248
jareczekjsp
J
Back
Top