Jump to content
  • 0

SQL Injection

TheGodfather

Asked by TheGodfather,

 Share

Question

TheGodfather Proficient

TheGodfather

Posted
Posted

Salut, cum se pot rezolva problemele legate de sql injection? Am vazut ca una din metode ar fi folosirea de %e in loc de %s ca in exemplul de mai jos.

Sql injection: format(gQuery, sizeof(gQuery), "SELECT * FROM users WHERE `name`='%s' AND `password`='%s' LIMIT 1", GetName(playerid),password);

Fara sql injection: format(gQuery, sizeof(gQuery), "SELECT * FROM users WHERE `name`='%e' AND `password`='%e' LIMIT 1", GetName(playerid),password);

6 answers to this question

Recommended Posts

  • 0
TheGodfather Proficient

TheGodfather

Posted
  • Author
Posted
9 minutes ago, segmentationfault said:

Da... `e` vine de la `escape`, basically apeleaza functia automat `mysql_escape_string` pe argumente.

Multumesc :)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. For more details you can also review our Terms of Use and Privacy Policy.