Raised This Month: $ Target: $400
 0% 

How to make MySQL Query secure?


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Author Message
STr!ker
Senior Member
Join Date: Jun 2009
Location: Germany
Old 04-17-2012 , 12:06   How to make MySQL Query secure?
Reply With Quote #1

Hello folks,

i have written a Plugin which saves the money of eachs player and give the money back after the rejoin the server. All works with a MYSQL Query.

One Day a player come to me and wrote me this:

Quote:
str_004 string "" ->host
str_005 string "" ->user
str_006 string "4rj" ->password (deletet ;) by me now! )
str_007 string "h" -> DB
This was deleted by me ;) And this has he written me:

Quote:
str_008 string "player"
str_009 string "hfw_plrSpawnPost"
str_010 string "MySql_Init"
arr_002 array 2 fill 0x0
str_011 string "[Money Lost!] Player %s (%s) hat %d Geld verloren!"
str_012 string "give_money"
str_013 string "CREATE TABLE IF NOT EXISTS money (steamid varchar(32), name varchar(64), money INT(12))"
str_014 string "SELECT * FROM `money` WHERE (`money`.`steamid` = '%s')"
str_015 string "register_client"
str_016 string "Load - Could not connect to SQL database. [%d] %s"
str_017 string "Load Query failed. [%d] %s"
str_018 string "ID_PENDING"
str_019 string "SELECT * FROM `money`WHERE (`money`,`steamid`= `%s`,`money`= `%d`)"
str_020 string "`"
I donīt know how he has get all data, included the right password, but he donīt wanted to say more. He just has said, that he has sniffed the server.

I donīt want to post the plugin, because it is private work. If someone want to see some parts, he should PM me ;)

Last edited by STr!ker; 04-17-2012 at 12:07.
STr!ker is offline
 



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 07:49.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode