Rickolajten
Member
- Joined
- Jul 21, 2008
- Messages
- 175
- Reaction score
- 16
sql injection
--------------------------------------------------------------------------------
Our acc page/server had some problems with this issue, i did some research and it seems you can add some kind of mysql escape string to the source, does anyone where to add the code precisely?
something like this;
Also there should be some code available so only the hoster got acces to the
manager/admin panel on the acc page (with the 127.0.0.1 ip). Maybe som1 knows more about this, if you do please feel free to post a reply.
One last question, will changing to another acc solve the sql injection problem?
Thanks in advance.
~
--------------------------------------------------------------------------------
Our acc page/server had some problems with this issue, i did some research and it seems you can add some kind of mysql escape string to the source, does anyone where to add the code precisely?
something like this;
PHP:
<?php
function quote_smart($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
?>
manager/admin panel on the acc page (with the 127.0.0.1 ip). Maybe som1 knows more about this, if you do please feel free to post a reply.
One last question, will changing to another acc solve the sql injection problem?
Thanks in advance.
~
Last edited by a moderator: