eT` Posted March 13, 2010 Report Share Posted March 13, 2010 nestrādā a.k.a FF izmet Dont Send ka PHP beidzis strādāt :/ $username = strip_tags(stripslashes(mysql_real_escape_string($username))); $passhash = sha1($pass.'xxx'); $mail = strip_tags(stripslashes(mysql_real_escape_string($mail))); $country = strip_tags(stripslashes(mysql_real_escape_string($country))); $city = strip_tags(stripslashes(mysql_real_escape_string($city))); mysql_query("INSERT INTO party_users (username,pass,email,country,city) VALUES ('".$username."','".$passhash."','".$mail."','".$country."','".$city."')"); Quote Link to comment Share on other sites More sharing options...
anonīms Posted March 13, 2010 Report Share Posted March 13, 2010 ārprāts :D A metot kaut ko DB nepietiek tikai ar escape_string? Kapēc vēl tie liekie vajadzīgi? Paņem pieliec or die klāt aiz kverija. Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted March 13, 2010 Report Share Posted March 13, 2010 mysql_real_escape() ir jābūt pēdējai pielietotajai funkcijai pirms ievietošanas. Quote Link to comment Share on other sites More sharing options...
waplet Posted March 13, 2010 Report Share Posted March 13, 2010 manu prāt pietiktu tikai ar mysql_real_escape_string(); Quote Link to comment Share on other sites More sharing options...
daGrevis Posted March 13, 2010 Report Share Posted March 13, 2010 Pag, man pašam arī būtu jāapgūst security... :D Kā būtu šis kods jāpārveido? $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; // some code. $sql = "INSERT INTO `members` (`username`, `password`, `email`) VALUES ('$username', '$password', '$email')"; mysql_query($sql) or die('<strong>' . mysql_errno() . '</strong>: ' . mysql_error()); Kā šādi? $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; // some code. $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $email = mysql_real_escape_string($email); $sql = "INSERT INTO `members` (`username`, `password`, `email`) VALUES ('$username', '$password', '$email')"; mysql_query($sql) or die('<strong>' . mysql_errno() . '</strong>: ' . mysql_error()); Quote Link to comment Share on other sites More sharing options...
briedis Posted March 13, 2010 Report Share Posted March 13, 2010 Pag, man pašam arī būtu jāapgūst security... :D Kā būtu šis kods jāpārveido? $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; // some code. $sql = "INSERT INTO `members` (`username`, `password`, `email`) VALUES ('$username', '$password', '$email')"; mysql_query($sql) or die('<strong>' . mysql_errno() . '</strong>: ' . mysql_error()); Kā šādi? $username = $_POST['username']; $password = $_POST['password']; $password2 = $_POST['password2']; $email = $_POST['email']; // some code. $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $email = mysql_real_escape_string($email); $sql = "INSERT INTO `members` (`username`, `password`, `email`) VALUES ('$username', '$password', '$email')"; mysql_query($sql) or die('<strong>' . mysql_errno() . '</strong>: ' . mysql_error()); Bravo! :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.