(adsbygoogle = window.adsbygoogle || []).push({}); Hi, All. Here is a quick new snippet I've made, I just took up PHP about 2 months ago and im getting the hang of it.. What it is, SQL-Injection Blocker Kinda self explanatory.

Good luck.

    <?php

  class MySQL{

     private $db;



     private function EditString($string){

         $buff = htmlspecialchars($string);

         $buff = mysql_real_escape_string($buff);

         return $buff;

     }



     public function  __construct() {

             if (!$this->db = mysql_connect("localhost","root","12345")) {

                 throw new Exception('Unable to connect';

             }

             if (!mysql_select_db("board" ,$this->db)) {

                 throw new Exception('The database does not exist';

             }

     }



     public function QUERY($string){

            $numargs = func_num_args();

            $query = func_get_arg(0);

            for ($i = 1; $i<$numargs;$i++){

                 switch ($query[strpos($query, "#")+1]){

                     case "s":

                         $buff = substr($query,0,strpos($query, "#"));

                         $end_buff = substr($query,strpos($query, "#")+2);

                         $query_arg = $this->EditString(func_get_arg($i));

                         $query = $buff."'".$query_arg."'".$end_buff;

                         break;

                     case "i":

                         $buff = substr($query,0,strpos($query, "#"));

                         $end_buff = substr($query,strpos($query, "#")+2);

                         $query_arg = (int)(func_get_arg($i));

                         $query = $buff.$query_arg.$end_buff;

                         break;

                     case "f":

                         $buff = substr($query,0,strpos($query, "#"));

                         $end_buff = substr($query,strpos($query, "#")+2);

                         $query_arg = (float)(func_get_arg($i));

                         $query = $buff.$query_arg.$end_buff;

                         break;

                 }

            }

            $sql = mysql_query($query ,$this->db);

            return $sql;

     }



     public function  __destruct() {

         mysql_close($this->db);

     }

  }

?>

wats it for?

---------- Post added at 01:52 AM ---------- Previous post was at 01:51 AM ----------

srry im new to whole hacking stuff

Its for blocking an SQLI attack (SQL Injection) on a website. An SQLI will allow an attacker to gain the administrator username and password, allegedly this PHP script will prevent such a thing from happening.

If you don't know what I'm talking about, go learn PHP, and then read one of the countless SQLI tutorials.

o ok thnx for tellin me

You must login or register to view this content.lso, this is 'false' security. If you trust this you will get hacked. There is no quick fix to protect a site. you have to secure 'Every' piece of data submitted.

You can tell it is pretty fake right here:


public function __construct() {
if (!$this->db = mysql_connect("localhost","root","12345")) {

I'm pretty sure that is what gets the DB name of the site and all the information in it?

Let me know if I am wrong:p

'

That's what confused me to. Although, couldn't you just use mysql_real_escape_string() to sanitize values before using them in a query? ... I mean, that's why the function was created in the first place.

That is the database connection string. That is normal to look like that, when posting a script you don't want to give your login information out :p



You are correct. The only way to really make it secure is to sanitize everything yourself. MRES and other things..Though MRES will stop 95% of people out there because most are just script kiddies. Now making a function to shorten what you type isn't all that bad. But information to the database isn't the only things that need sanitized..all request and all user submission does. ($_GET, $_POST, etc)