About 3-4 months ago I made a php site for my games and it got SQL injected by some random people :/
I deleted it and started working on it here a few days ago. Now I think I sanitized my $_POST stuff right but I'm unsure how if it works,
only real way to test it is to make an SQL injection attack yourself I suppose...
I made a code sortof like this:
Code: Select all
function sanitize($data){
if(get_magic_quotes_gpc()){
$data = stripslashes($data);
}
$data = mysql_real_escape_string($data);
return $data;
}I wanna ask if someone here can see if it's working? If you tried doing SQL injection attacks before...
If it doesn't work I wanna ask if I could get some help xD.
My site is at http://solgryn.org/php/ go into a game and scroll down for the comment section (WIP)
Thanks in advance