SQL injection test
Posted: Thu Aug 26, 2010 6:13 am
Hello,
About 3-4 months ago I made a php site for my games and it got SQL injected by some random people :/
I deleted it and started working on it here a few days ago. Now I think I sanitized my $_POST stuff right but I'm unsure how if it works,
only real way to test it is to make an SQL injection attack yourself I suppose...
I made a code sortof like this:
and when I made the $_POST I made a string called $comment and set it to sanitize($_POST(['comment']) which should work?
I wanna ask if someone here can see if it's working? If you tried doing SQL injection attacks before...
If it doesn't work I wanna ask if I could get some help xD.
My site is at http://solgryn.org/php/ go into a game and scroll down for the comment section (WIP)
Thanks in advance
About 3-4 months ago I made a php site for my games and it got SQL injected by some random people :/
I deleted it and started working on it here a few days ago. Now I think I sanitized my $_POST stuff right but I'm unsure how if it works,
only real way to test it is to make an SQL injection attack yourself I suppose...
I made a code sortof like this:
Code: Select all
function sanitize($data){
if(get_magic_quotes_gpc()){
$data = stripslashes($data);
}
$data = mysql_real_escape_string($data);
return $data;
}I wanna ask if someone here can see if it's working? If you tried doing SQL injection attacks before...
If it doesn't work I wanna ask if I could get some help xD.
My site is at http://solgryn.org/php/ go into a game and scroll down for the comment section (WIP)
Thanks in advance