Welcome Guest [Log In] [Register]
Add Reply
php $_GET method
Topic Started: May 31 2009, 01:58 AM (390 Views)
Knight13

0
Edited by Knight13, Mar 19 2010, 06:56 AM.
Offline Profile Quote Post Goto Top
 
Mike
Member Avatar

Check if the user is in the database?
Posted ImagePosted Image
Offline Profile Quote Post Goto Top
 
Darksorrow131

If "username" is a unique key in your database (aka it's guaranteed that no two users have the same username), then where you have the while loop that goes through the results of the query, change that "while" into "if" (since the loop won't run more than once anyways if username is unique), and add an else clause to it to handle the case where the user enters something weird in the URL such as printing error messages or redirecting.

Your code does have another issue though, what if the user puts the following into the "username=" part of the URL?
Code:
 
'; DROP DATABASE wsdatabase; --

(let loop () (loop))
((lambda (x) (x x)) (lambda (x) (x x)))
(let ((k #f)) (call/cc (lambda (cc) (set! k cc)) (k))
((call/cc call/cc) (call/cc call/cc))

-- Infinite loops are awesome! --
Tell me if you have other awesome infinite loops!
Offline Profile Quote Post Goto Top
 
Knight13

0
Edited by Knight13, Mar 19 2010, 06:56 AM.
Offline Profile Quote Post Goto Top
 
Darksorrow131

Something like this, which is the URL-escaped form of the stuff I wrote before (obviously substitute "whatever" for the real path)
Code:
 
whatever/secondpage.php?username=%27%3B+drop+database+wsdatabase%3B+--

If my brain was still working when I read the code yesterday, accessing this will delete your database.
Edited by Darksorrow131, Jun 2 2009, 06:53 PM.
(let loop () (loop))
((lambda (x) (x x)) (lambda (x) (x x)))
(let ((k #f)) (call/cc (lambda (cc) (set! k cc)) (k))
((call/cc call/cc) (call/cc call/cc))

-- Infinite loops are awesome! --
Tell me if you have other awesome infinite loops!
Offline Profile Quote Post Goto Top
 
Knight13

0
Edited by Knight13, Mar 19 2010, 06:56 AM.
Offline Profile Quote Post Goto Top
 
Darksorrow131

urlencode() is what converts the spaces to '+' and a bunch of other things. I'm not sure why the hacking attempt in my last post would fail, but usually the way to deal with this kind of thing is to call a quotes-escaping function on the user-entered parts of the SQL string. I don't remember exactly what the function is called but it probably looks like mysql_*blah*_escape_string() or something (search the php documentation).
(let loop () (loop))
((lambda (x) (x x)) (lambda (x) (x x)))
(let ((k #f)) (call/cc (lambda (cc) (set! k cc)) (k))
((call/cc call/cc) (call/cc call/cc))

-- Infinite loops are awesome! --
Tell me if you have other awesome infinite loops!
Offline Profile Quote Post Goto Top
 
Knight13

0
Edited by Knight13, Mar 19 2010, 06:56 AM.
Offline Profile Quote Post Goto Top
 
Darksorrow131

I never ran any of that code, only sort of "ran the code in my head" :P so I don't know if it's right.
(let loop () (loop))
((lambda (x) (x x)) (lambda (x) (x x)))
(let ((k #f)) (call/cc (lambda (cc) (set! k cc)) (k))
((call/cc call/cc) (call/cc call/cc))

-- Infinite loops are awesome! --
Tell me if you have other awesome infinite loops!
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
« Previous Topic · Web-Based Programming Support · Next Topic »
Add Reply

Banner and Logo by TheKeith