CodingForums.com - View Single Post

Arcticwarrio · 02-27-2013, 04:10 PM

its good practice to have users inputs striped against hacker attempts

this sanitize script you can put in config.php

PHP Code:


			
function sanitize($input) {
    if (is_array($input)) {
        foreach($input as $var=>$val) {
            $output[$var] = sanitize($val);
        }
    }
    else {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $input  = cleanInput($input);
        $output = mysql_real_escape_string($input);
    }
    return $output;
}

then try this:

ps you just had an extra ) after campaigns and fields like name and password need backsticks as below
its the key to the left of 1 on your keyboard.

PHP Code:


			
sanitize($_POST);

mysql_query("UPDATE IGarmy SET 
`Comname` = '".$_POST['Comname']."', 
`password` = '".$_POST['password']."', 
`name` = '".$_POST['name']."', 
`homeworld` = '".$_POST['homeworld']."', 
`regsize` = '".$_POST['regsize']."', 
`unittype` '".$_POST['unittype']."', 
`gender` = '".$_POST['gender']."', 
`allegiance` = '".$_POST['allegiance']."', 
`specialweapon` = '".$_POST['specialweapon']."', 
`heavyweapon` = '".$_POST['heavyweapon']."', 
`Background` = '".$_POST['Background']."', 
`HistoricalFigures` = '".$_POST['HistoricalFigures']."', 
`campaigns` = '".$_POST['campaigns']."'
WHERE `Comname` = '".$_POST['Comname']."' AND `password` = '".$_POST['password']."'");

02-27-2013, 04:10 PM	PM User \| #22
Arcticwarrio Regular Coder Join Date: May 2012 Location: UK Posts: 624 Thanks: 16 Thanked 70 Times in 70 Posts	its good practice to have users inputs striped against hacker attempts this sanitize script you can put in config.php PHP Code: `function sanitize($input) { if (is_array($input)) { foreach($input as $var=>$val) { $output[$var] = sanitize($val); } } else { if (get_magic_quotes_gpc()) { $input = stripslashes($input); } $input = cleanInput($input); $output = mysql_real_escape_string($input); } return $output; }` then try this: ps you just had an extra ) after campaigns and fields like name and password need backsticks as below its the key to the left of 1 on your keyboard. PHP Code: sanitize($_POST); mysql_query("UPDATE IGarmy SET `Comname` = '".$_POST['Comname']."', `password` = '".$_POST['password']."', `name` = '".$_POST['name']."', `homeworld` = '".$_POST['homeworld']."', `regsize` = '".$_POST['regsize']."', `unittype` '".$_POST['unittype']."', `gender` = '".$_POST['gender']."', `allegiance` = '".$_POST['allegiance']."', `specialweapon` = '".$_POST['specialweapon']."', `heavyweapon` = '".$_POST['heavyweapon']."', `Background` = '".$_POST['Background']."', `HistoricalFigures` = '".$_POST['HistoricalFigures']."', `campaigns` = '".$_POST['campaigns']."' WHERE `Comname` = '".$_POST['Comname']."' AND `password` = '".$_POST['password']."'"); __________________ There are 10 types of people on CodingForums, Those who understand Binary and those who dont.