PHP Indonesia - Facebook: Butuh Bantuan Tentang Menangkal Sql Injection

PHP Indonesia - Facebook PHP Indonesia is a community for everyone that loves PHP. Our focus is in the PHP world but our topics encompass the entire LAMP stack. Topics include PHP coding, to memcached handling, db optimizations, server stack, web server tuning, code deploying, hosting options and much much more. Youtube Channel : http://www.youtube.com/user/OurPHPIndonesia Twitter : @php_indonesia NOTE: Rules for Wall posting: https://www.facebook.com/groups/35688476100/doc/10151597056316101/ Daftar Keanggotaan : http://www.facebook.com/groups/35688476100/doc/10150671770741101/

Mobile Game Development Course Learn how to create awesome HTML5 games that run on iPhone, iPad, Android and Desktop! Sign up today for this $99 online course. From our sponsors

Butuh Bantuan Tentang Menangkal Sql Injection Oct 26th 2013, 07:55, by Jasablog Jasablog 7:55am Oct 26 Butuh Bantuan Tentang Menangkal Sql Injection Jimm Dethover D'blackicedblood 7:57am Oct 26 sedikit yg q tau sih make mysql_real_escape_string pada saat insert data ke tabel, yg lain monggo master nya dsini psty bsa bantu Jasablog 8:02am Oct 26 kalo jenis2 sql injection apa aja ya master Jasablog 8:04am Oct 26 up Jimm Dethover D'blackicedblood 8:06am Oct 26 aq bru bang mainan php n sql jd krg pantes di pgl master :( Jasablog 8:06am Oct 26 bantu ane mastah Mardiansyah Bahri 8:09am Oct 26 http://wnorcx.blogspot.com/2013/07/teknik-security-pada-php.html Jasablog 8:18am Oct 26 yang kena sql injection di id nya master Achmad Ryo 8:18am Oct 26 Enak Gunakan PDOStatement atau MySQLi lebih simple Jimm Dethover D'blackicedblood 8:19am Oct 26 #up ikut belajar dr ndewo2 bhas security :D Jasablog 8:20am Oct 26 MySQLi master Achmad Ryo 8:22am Oct 26 untuk PDO bs belajar di http://php.net/manual/en/book.pdo.php , dan MySQLi bs http://php.net/manual/en/book.mysqli.php .. Jasablog 8:24am Oct 26 /tugas/tangkap.php?fungsi=siswa&act=add&id=99999999 Jasablog 8:25am Oct 26 saya udah scan dan muncul errot kaya gitu Jasablog 8:27am Oct 26 bantu dong master Achmad Ryo 8:29am Oct 26 kl mysql injection gunakan function : function injeksi($injek) { return mysql_real_escape_string(stripslashes(htmlspecialchars($injek, ENT_QUOTES))); } Jasablog 8:31am Oct 26 udah master tapi tetap bisa di inject Jimm Dethover D'blackicedblood 8:34am Oct 26 kalo dt4 q make functions ini : public static function checkin($str) { if (function_exists('iconv')) { $str = iconv("UTF-8", "UTF-8", $str); } $str = preg_replace('/[^\P{C}\n]+/u', '', $str); return trim($str); } public static function check($str) { $str = htmlentities(trim($str), ENT_QUOTES, 'UTF-8'); $str = self::checkin($str); $str = nl2br($str); $str = $self::db->real_escape_string($str); return $str; } ketika insert data jd sepertin ini : $msg = isset($_POST['msg']) ? functions::checkin(mb_substr(trim($_POST['msg']), 0, 500)) : ''; $db->query("INSERT INTO `timeline` SET `time` = '" . time() . "', `user_id` = '" . $user_id . "', `text` = '" . $db->real_escape_string($msg) . "'"); Achmad Ryo 8:34am Oct 26 tunggu .. tunggu .. itu errornya apa yg anda ingin tanyakan ?? ohiya, jgn manggil master, saya masih newbie,,saya hanya membagi ilmu yg saya tahu saja .. :) Jasablog 8:37am Oct 26 tangkap?fungsi=siswa&act=add&id=$r[id] Achmad Ryo 8:39am Oct 26 itu url nya dr form atau dr header(); ???? Jasablog 8:40am Oct 26 dari url Achmad Ryo 8:42am Oct 26 itu brarti dr inputan form kan gan ??? Jasablog 8:44am Oct 26 kalo yg id=$r[id] ngambil dari table Achmad Ryo 8:45am Oct 26 owhh untuk edit atau hapus gan ???

You are receiving this email because you subscribed to this feed at blogtrottr.com. If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions