eT` Posted March 13, 2010 Report Posted March 13, 2010 nestrādā a.k.a FF izmet Dont Send ka PHP beidzis strādāt :/ $username = strip_tags(stripslashes(mysql_real_escape_string($username))); $passhash = sha1($pass.'xxx'); $mail = strip_tags(stripslashes(mysql_real_escape_string($mail))); $country = strip_tags(stripslashes(mysql_real_escape_string($country))); $city = strip_tags(stripslashes(mysql_real_escape_string($city))); mysql_query("INSERT INTO party_users (username,pass,email,country,city) VALUES ('".$username."','".$passhash."','".$mail."','".$country."','".$city."')"); Quote
anonīms Posted March 13, 2010 Report Posted March 13, 2010 ārprāts :D A metot kaut ko DB nepietiek tikai ar escape_string? Kapēc vēl tie liekie vajadzīgi? Paņem pieliec or die klāt aiz kverija. Quote
Aleksejs Posted March 13, 2010 Report Posted March 13, 2010 mysql_real_escape() ir jābūt pēdējai pielietotajai funkcijai pirms ievietošanas. Quote
waplet Posted March 13, 2010 Report Posted March 13, 2010 manu prāt pietiktu tikai ar mysql_real_escape_string(); Quote
daGrevis Posted March 13, 2010 Report Posted March 13, 2010 Pag, man pašam arī būtu jāapgūst security... :D Kā būtu šis kods jāpārveido? $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; // some code. $sql = "INSERT INTO `members` (`username`, `password`, `email`) VALUES ('$username', '$password', '$email')"; mysql_query($sql) or die('<strong>' . mysql_errno() . '</strong>: ' . mysql_error()); Kā šādi? $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; // some code. $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $email = mysql_real_escape_string($email); $sql = "INSERT INTO `members` (`username`, `password`, `email`) VALUES ('$username', '$password', '$email')"; mysql_query($sql) or die('<strong>' . mysql_errno() . '</strong>: ' . mysql_error()); Quote
briedis Posted March 13, 2010 Report Posted March 13, 2010 Pag, man pašam arī būtu jāapgūst security... :D Kā būtu šis kods jāpārveido? $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; // some code. $sql = "INSERT INTO `members` (`username`, `password`, `email`) VALUES ('$username', '$password', '$email')"; mysql_query($sql) or die('<strong>' . mysql_errno() . '</strong>: ' . mysql_error()); Kā šādi? $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; // some code. $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $email = mysql_real_escape_string($email); $sql = "INSERT INTO `members` (`username`, `password`, `email`) VALUES ('$username', '$password', '$email')"; mysql_query($sql) or die('<strong>' . mysql_errno() . '</strong>: ' . mysql_error()); Bravo! :) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.