Raised This Month: $ Target: $400
 0% 

Preventing SQL from injection


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Bad_Bud
Senior Member
Join Date: Oct 2006
Location: The internet
Old 01-08-2009 , 14:50   Re: Preventing SQL from injection
Reply With Quote #2

If you store by their steam id and not their name, you could be guaranteed that this wouldn't happen, unless they set their password to have one of the same characters (which may cause this same odd problem for you), but you can check for that when they try to set a password.

PHP Code:
static SteamID[37]
get_user_authid(id,SteamID[id],36
Edit: I'm using mySQL and I ran a query searching for ";" in a string field, and it returned a value just fine. Perhaps either you are doing something wrong with the user's name before you make this call, or you are using a version of SQL that doesn't like semicolons. Either way, I still suggest using their steam id if it will work fine for whatever your goal is.

Output exactly what you're passing into the query using a print_chat or print_console before you run the query, and post exactly what's making it in there.
__________________

Last edited by Bad_Bud; 01-08-2009 at 14:58.
Bad_Bud is offline
 



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 09:05.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode