SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    googlicious graymatter bvarvel's Avatar
    Join Date
    Sep 2002
    Location
    Katy, TX
    Posts
    956
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    New help with Query!

    I've got the following query that's giving me issues, and I'm willing to bet you can see where the problem lies:

    PHP Code:
    $sql "SELECT * FROM ibp_members WHERE mgroup = 5 OR mgroup = 4 AND name = '$_POST[uid]' AND password = PASSWORD('$_POST[pwd]')"
    My issue is this... it's returning positives if either mgroup = 5 or if mgroup = 4 and the name and password are correct.

    I need all three variables to be correct meaning... name and password must match and the mgroup must equal either 4 or 5. I'm sure some parentheses somewhere will do it.. but I can't seem to get it going.

    any help?

  2. #2
    SitePoint Wizard siteguru's Avatar
    Join Date
    Oct 2002
    Location
    Scotland
    Posts
    3,631
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $sql "
    SELECT * FROM ibp_members 
    WHERE (mgroup=5 OR mgroup=4) 
    AND name='"
    .$_POST['uid']."' 
    AND password=PASSWORD('"
    .$_POST['pwd']."')
    "

    I'm sure I don't need to tell you that putting form variables straight into a SQL command is asking for someone to try and crack your database and wreak havoc.

    SQL injection attack, anyone?
    Ian Anderson
    www.siteguru.co.uk

  3. #3
    googlicious graymatter bvarvel's Avatar
    Join Date
    Sep 2002
    Location
    Katy, TX
    Posts
    956
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Apparently you do. Can you explain to me why this is bad form? I'm always looking for better ways to do things. and thanks.... that did the trick.

  4. #4
    My precious!!! astericks's Avatar
    Join Date
    Mar 2002
    Location
    Vancouver, BC
    Posts
    1,971
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    do a google search for SQL injections if you wanna understand what it's like.

    furthermore, check out this function:

    http://ca3.php.net/manual/en/functio...ape-string.php

  5. #5
    SitePoint Wizard
    Join Date
    Oct 2001
    Location
    Tucson, Arizona
    Posts
    1,858
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    And here's a handy little function for you that I wrote a while back and continue to use all the time:
    PHP Code:
    function clean($data$max_length='')
    {
        
    $clean trim($data);
        
    $clean strip_tags($clean);
        
    $clean = empty($max_length) ? $clean substr($clean0$max_length);
        
    $clean mysql_escape_string($clean);
        return 
    $clean;
    }

    $uid clean($_POST['uid'], 12);
    $pwd clean($_POST['pwd'], 8); 


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •