Sabtu, 26 Oktober 2013

PHP Indonesia - Facebook: Butuh Bantuan Tentang Menangkal Sql Injection

PHP Indonesia - Facebook
PHP Indonesia is a community for everyone that loves PHP. Our focus is in the PHP world but our topics encompass the entire LAMP stack. Topics include PHP coding, to memcached handling, db optimizations, server stack, web server tuning, code deploying, hosting options and much much more. Youtube Channel : http://www.youtube.com/user/OurPHPIndonesia Twitter : @php_indonesia NOTE: Rules for Wall posting: https://www.facebook.com/groups/35688476100/doc/10151597056316101/ Daftar Keanggotaan : http://www.facebook.com/groups/35688476100/doc/10150671770741101/ 
Mobile Game Development Course

Learn how to create awesome HTML5 games that run on iPhone, iPad, Android and Desktop! Sign up today for this $99 online course.
From our sponsors
Butuh Bantuan Tentang Menangkal Sql Injection
Oct 26th 2013, 07:55, by Jasablog

Jasablog 7:55am Oct 26
Butuh Bantuan Tentang Menangkal Sql Injection

Jimm Dethover D'blackicedblood 7:57am Oct 26
sedikit yg q tau sih make mysql_real_escape_string pada saat insert data ke tabel, yg lain monggo master nya dsini psty bsa bantu

Jasablog 8:02am Oct 26
kalo jenis2 sql injection apa aja ya master

Jasablog 8:04am Oct 26
up

Jimm Dethover D'blackicedblood 8:06am Oct 26
aq bru bang mainan php n sql jd krg pantes di pgl master :(

Jasablog 8:06am Oct 26
bantu ane mastah

Mardiansyah Bahri 8:09am Oct 26
http://wnorcx.blogspot.com/2013/07/teknik-security-pada-php.html

Jasablog 8:18am Oct 26
yang kena sql injection di id nya master

Achmad Ryo 8:18am Oct 26
Enak Gunakan PDOStatement atau MySQLi lebih simple

Jimm Dethover D'blackicedblood 8:19am Oct 26
#up ikut belajar dr ndewo2 bhas security :D

Jasablog 8:20am Oct 26
MySQLi master

Achmad Ryo 8:22am Oct 26
untuk PDO bs belajar di http://php.net/manual/en/book.pdo.php , dan MySQLi bs http://php.net/manual/en/book.mysqli.php ..

Jasablog 8:24am Oct 26
/tugas/tangkap.php?fungsi=siswa&act=add&id=99999999

Jasablog 8:25am Oct 26
saya udah scan dan muncul errot kaya gitu

Jasablog 8:27am Oct 26
bantu dong master

Achmad Ryo 8:29am Oct 26
kl mysql injection gunakan function :
function injeksi($injek)
{
return mysql_real_escape_string(stripslashes(htmlspecialchars($injek, ENT_QUOTES)));
}

Jasablog 8:31am Oct 26
udah master tapi tetap bisa di inject

Jimm Dethover D'blackicedblood 8:34am Oct 26
kalo dt4 q make functions ini :
public static function checkin($str) {
if (function_exists('iconv')) {
$str = iconv("UTF-8", "UTF-8", $str);
}
$str = preg_replace('/[^\P{C}\n]+/u', '', $str);
return trim($str);
}

public static function check($str)
{
$str = htmlentities(trim($str), ENT_QUOTES, 'UTF-8');
$str = self::checkin($str);
$str = nl2br($str);
$str = $self::db->real_escape_string($str);
return $str;
}

ketika insert data jd sepertin ini :
$msg = isset($_POST['msg']) ? functions::checkin(mb_substr(trim($_POST['msg']), 0, 500)) : '';
$db->query("INSERT INTO `timeline` SET `time` = '" . time() . "', `user_id` = '" . $user_id . "', `text` = '" . $db->real_escape_string($msg) . "'");

Achmad Ryo 8:34am Oct 26
tunggu .. tunggu .. itu errornya apa yg anda ingin tanyakan ?? ohiya, jgn manggil master, saya masih newbie,,saya hanya membagi ilmu yg saya tahu saja .. :)

Jasablog 8:37am Oct 26
tangkap?fungsi=siswa&act=add&id=$r[id]

Achmad Ryo 8:39am Oct 26
itu url nya dr form atau dr header(); ????

Jasablog 8:40am Oct 26
dari url

Achmad Ryo 8:42am Oct 26
itu brarti dr inputan form kan gan ???

Jasablog 8:44am Oct 26
kalo yg id=$r[id] ngambil dari table

Achmad Ryo 8:45am Oct 26
owhh untuk edit atau hapus gan ???

You are receiving this email because you subscribed to this feed at blogtrottr.com.

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions

Tidak ada komentar:

Posting Komentar