.png)
Zero Identity Forums - General - Security - fixing blind SQLI
Are you bored? Check out the unaswered threads!
|
vs4vijay
 Member Hacked!!!....  ZI Guru Joined: 10/02/2008 Last Seen: 2011-03-28 Experience: 1129.58 Points: 930 |
|
| #1 fixing blind SQLI on 01/01/1970 00:00 | |
|
does any body know how to fix or patch blind SQL injection....
   |
|
|
SirGod
 Member One of Godz  Professional Analyst Joined: 09/05/2008 Last Seen: 2011-05-29 Experience: 507.38 Points: 1310 |
|
| #2 on 01/01/1970 00:00 | |
|
Make a filtering function to filter special chars used to sqli,blind sqli also to rfi,lfi etc and use it to secure all your $_GET and $_POST variables.Using this you will fixing blind sqli and more :)
Nothing. |
|
|
scankyfrank
 Veteran Member King of the Jews  Professional Analyst Joined: 04/03/2008 Last Seen: 0000-00-00 Experience: 865.28 Points: 220 |
|
| #3 on 01/01/1970 00:00 | |
|
if you doing php and using mysql use mysql_real_escape_string.
_('~')_/ how does it feel to be something on? |
|
|
SirGod
Member One of Godz Professional Analyst Joined: 09/05/2008 Last Seen: 2011-05-29 Experience: 507.38 Points: 1310 |
|
| #4 One of Godz on 01/01/1970 00:00 | |
|
mysql_real_escape_string present only in PHP 4 >= 4.3.0, PHP 5
If you use a lower version than 4.3.0 use mysql_escape_string who is present in 4 >= 4.0.3, PHP 5 Nothing. |
|
|
Grindordie
 Administrator Software Engineer  ZI Guru Joined: 11/04/2007 Last Seen: 0000-00-00 Experience: 1207.57 Points: 1100 |
|
| #5 Software Engineer on 01/01/1970 00:00 | |
|
Assuming you are referring to the MySQL database:
The difference between mysql_real_escape_string() and mysql_escape_string() is that mysql_real_escape_string() converts new lines to \r\n and it requires an active connection to the database. mysql_escape_string() does NOT require a connection to the database, and it does keep formatting. I use mysql_escape_string() for everything, otherwise I would have to parse \r\n from any field that mysql_real_escape_string() parsed. SQLI could be SQLite, or MySQLi. MySQLite has sqlite_escape_string() MySQLi has mysqli_real_escape_string() |
|
|
vs4vijay
Member Hacked!!!.... ZI Guru Joined: 10/02/2008 Last Seen: 2011-03-28 Experience: 1129.58 Points: 930 |
|
| #6 on 01/01/1970 00:00 | |
|
thanx for replying buddys........
but what is the the main concept of that function....... |
|
Who is watching forums
| Users viewing this page: | Guests (1) |
| Users viewing the forum: | 1 |