• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

[Tutorial] Anti sql Injection and Blocking Right-click

LucasFerraz

LucasFerraz

Systems Analyst
Joined
Jun 10, 2010
Messages
2,858
Reaction score
96
Location
Brazil
Hello,
I'm tired of seeing lot of OTs being hacked, then I decided to post this Anti sql Injection and Blocking Right-click.
I didn't made it, I searched and found it, don't remember where. I tested in Gesior's AAC and It's working fine.

//How to use that
You must add the code in layout.php

Blocking Right-click.
PHP: 
<body oncontextmenu="return false" onselectstart="return false" ondragstart="return false">

Anti sql Injection
PHP: 
<?php 
function anti_injection($sql)
{
// remove palavras que contenham sintaxe sql
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);//limpa espaços vazio
$sql = strip_tags($sql);//tira tags html e php
$sql = addslashes($sql);//Adiciona barras invertidas a uma string
return $sql;
}

//modo de usar pegando dados vindos do formulario
$nome = anti_injection($_POST["nome"]);
$senha = anti_injection($_POST["senha"]);

//changing html characters using htmlspecialchars() Learn more here: http://www.php.net/manual/en/function.htmlspecialchars.php
//$_POST['link'] = <a href="test">test</a>

$link = htmlspecialchars($_POST['link'], ENT_QUOTES);
echo $link; //outputs:  &lt;a href='test'&gt;Test&lt;/a&gt; 

header("Content-Type: text/html;  charset=ISO-8859-1",true) ?>


//Example?
PHP: 
<body oncontextmenu="return false" onselectstart="return false" ondragstart="return false">
<?php 
function anti_injection($sql)
{
// remove palavras que contenham sintaxe sql
$sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
$sql = trim($sql);//limpa espaços vazio
$sql = strip_tags($sql);//tira tags html e php
$sql = addslashes($sql);//Adiciona barras invertidas a uma string
return $sql;
}

//modo de usar pegando dados vindos do formulario
$nome = anti_injection($_POST["nome"]);
$senha = anti_injection($_POST["senha"]);

//changing html characters using htmlspecialchars() Learn more here: http://www.php.net/manual/en/function.htmlspecialchars.php
//$_POST['link'] = <a href="test">test</a>

$link = htmlspecialchars($_POST['link'], ENT_QUOTES);
echo $link; //outputs:  &lt;a href='test'&gt;Test&lt;/a&gt; 

header("Content-Type: text/html;  charset=ISO-8859-1",true) ?>
<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<title><?PHP echo $title ?></title>
 
Last edited:
These Anti sql Injection codes block unauthorized persons access to the database?
 
it's smarter to make it impossible for any users to screw around, than to use this
 
@killing
On Znote AAC just use:
getValue($value);
or
sanitize($value);

Znote AAC uses these functions to protect against SQL injection. Its already installed.

Code: 
function array_sanitize(&$item) {
    $item = htmlentities(strip_tags(mysql_real_escape_string($item)));
}

function sanitize($data) {
    return htmlentities(strip_tags(mysql_real_escape_string($data)));
}

function getValue($post) {
    return (!empty($post)) ? sanitize($post) : false;
}

getValue():
getValue is mostly used to fetch GET and POST data. It will fetch and sanitize them if they exist, or return false if it dosn't exist.

Code: 
$charname = getValue($_GET['charname']);

if ($charname !== false) {
    //All is good, it fetched the get and sanitized it.
    $player = mysql_select_single("SELECT `level` FROM `players` WHERE `name`='$charname' LIMIT 1;");

    if ($player !== false) {
        // If $player is not false, it means we found the player. :)
        echo "Player: ". $charname ." is level: ". $player['level'];

    } else {
        echo "Error, player not found. Did you write correct name?";
    }
}
 
Last edited:
im not sure how it works but ive added it to my layout .i hope itll protect me. thanks man
 
Back
Top