Raised This Month: $ Target: $400
 0% 

Preventing SQL from injection


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Author Message
Lukass
Junior Member
Join Date: Dec 2008
Old 01-08-2009 , 14:47   Preventing SQL from injection
Reply With Quote #1

Hi ppl,

I have one MySQL query:
Code:
format(CheckQuery, 254, "SELECT `id` FROM `users` WHERE `nick`='%s' AND `password`='%s'", user_name,password)
It contains user's name, and it can be SQL injection's result. How can i prevent it ? If i set my name to "; 'OR 'x'='x", my server's console says:
Code:
01/08/2009 - 21:39:45: [AMXX] Plugin ("sql_vip.amxx") is setting itself as failed.
L 01/08/2009 - 21:39:45: [AMXX] Plugin says: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'x'='x' AND `password`='lopas'' at line 1
L 01/08/2009 - 21:39:45: [AMXX] Run time error 1 (plugin "sql_vip.amxx") - forced exit
Ignoring custom decal from ; OR 'x'='x
L 01/08/2009 - 21:39:45: "; OR 'x'='x<1><STEAM_ID_PENDING><>" entered the game
Lukass is offline
 



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 09:05.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode