Uutiset:

Wondering if this will always be free?  See why free is better.

Main Menu
Advertisement:

SQL Injection problem

Aloittaja nimasdj, syyskuu 19, 2007, 02:52:17 IP

« edellinen - seuraava »
Tulosta
Siirry alas Sivuja1
Käyttäjän toimet

nimasdj

syyskuu 19, 2007, 02:52:17 IP
Hello,

I wrote a code like this:

function fetch_database($fetch_info){

global $db_host, $db_user, $db_pass, $db_name, $results, $num;

                                $link = mysql_connect($db_host, $db_user, $db_pass) or die ("<font class=\"warning\">Couldn't connect to the database!<br>". mysql_errno() . " : " . mysql_error()."</font>");

          mysql_select_db($db_name, $link) or die ("<font class=\"warning\">Could not select database!<br>". mysql_errno() . " : " . mysql_error()."</font>");

                                $query = mysql_query($fetch_info, $link) or die ("<font class=\"warning\">Could'nt update the information.<br>". mysql_errno() . " : " . mysql_error()."</font>");

                               if (mysql_num_rows($query) > 0 ){
                                          $num = mysql_num_rows($query);
                                          $results = array();
                                          while ($row = mysql_fetch_assoc($query)) {
                                          $results[] = $row;
                                          }
                               }

                                mysql_close($link);

return true;
}

This code gets $db_host, $db_user, $db_pass, $db_name variables from config.php file by globaling them.

wherever in my code I could have:
$fetch_info = "SELECT*FROM table";
fetch_database($fetch_info);

by calling this function I can pass a query and get an associative array from results in $results array. then I can have for example $results[0][username] etc. the first dimention is row number. second dimention is coloumn name.

as you can see this code is still vulnerable for SQL Injection attack.

so I wrote this one where I want to pass a query to this function:

$link = mysql_connect($db_host, $db_user, $db_pass) or die ("Couldn't connect to the database!<br>". mysql_errno() . " : " . mysql_error());

        if(get_magic_quotes_gpc()) {
            $username        = stripslashes($_POST['username']);
        } else {
            $username        = $_POST['username'];
        }

$fetch_info = sprintf("SELECT admin_id, admin_pswrd, permission FROM admin WHERE admin_user_name = '%s'", mysql_real_escape_string($username, $link));
fetch_database($fetch_info);


it works fine but as you can see this code is not yet professionally written.

Can anyone re-write this as a class or function in a very professional way, that I can pass any $_POST thing to it? we won't know what is the key and value of $_POST so I think first we should parse the array and run stripslasshes if gpc is on then re-make it as an awway to pass to the code, also we won't know how many $_POSTY thing we have that we would know how many real_escale_string is necessary there.

so the only solution is coding it as a class rather than function, but I don't know OOP. can anyone help me re-conding it? I'll appreciate your time.

Regards,



LainaaAre you looking for a good hosting for your SMF? EvidentHost is good for you.

Are you looking for a free affiliate software? JAM is good for you.
Tulosta
Siirry ylös Sivuja1
Käyttäjän toimet
Advertisement: