• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Solved [ZNOTE AAC] - Query Usage / security

Xevomu

Xevomu

New Member
Joined
Oct 23, 2018
Messages
10
Reaction score
1
Hello!
I have doubts as to the safe use by select/insert/updates with querys in znote aac.

1)
Is it better to use a mysqli_connect or use the znote functions?

2)
What is the safest way to protect against sql-injection?
Code: 
mysqli_query($connection, "UPDATE znote_accounts SET points = '$points' WHERE account_id = '$accountid' LIMIT 1");
or
Code: 
mysqli_query($connection, "UPDATE znote_accounts SET points = '" . $points. "' WHERE account_id = '". $accountid . "' LIMIT 1");
or
Code: 
mysql_update("UPDATE znote_accounts SET points = '$points' WHERE account_id = '$accountid' LIMIT 1;");
or
Code: 
mysql_update("UPDATE znote_accounts SET points = '" . $points. "' WHERE account_id = '". $accountid . "' LIMIT 1;");
 
Solution
Discovery
@Webtimize you're right. But the more simple way is develop a function to protect all queries! (at this time)

OR... you can RE-implement all your library with PDO (OOP). You'll spend more time in a "small" project in my opinion.

Time > OR < Valuation
Sort by date Sort by votes
@Webtimize you're right. But the more simple way is develop a function to protect all queries! (at this time)

OR... you can RE-implement all your library with PDO (OOP). You'll spend more time in a "small" project in my opinion.

Time > OR < Valuation
 
Upvote 0 Downvote
Solution
Discovery said:
@Webtimize you're right. But the more simple way is develop a function to protect all queries! (at this time)

OR... you can RE-implement all your library with PDO (OOP). You'll spend more time in a "small" project in my opinion.

Time > OR < Valuation
Click to expand...

Znote and gesior are shit in general.

Most of the code is cluttered, unreadable and/or outdated. Most of the times error_reporting is turned off, just because the application itself is poorly designed and written from the bottom up. Going over all queries and refactor them (+ additional testing) would be a waste of time imo, since that'd be patching a sinking ship.

@ts; MyAAC by Slawkens is pretty dope, and actually being updated.
slawkens/myaac
 
Upvote 0 Downvote

Similar threads

D
  • Question
Setting up website for OT server
Replies
1
Views
510
Mateus Robeerto
Mateus Robeerto
johnsamir
  • Question
Solved Error on log in or when character si choosen to be used in order to log in
Replies
2
Views
179
johnsamir
johnsamir
Back
Top