Off TopicAre you a QOTWer? Do you want to start a thread that isn't a direct answer to the current QOTW? Then this place, gentle poster, is your friend.
(
rob, Sun 1 Apr 2001, 1:00)
« Go Back | See The Full Thread
The sollution is using something called a "Real Escape String".This puts a slash before the ' (so it would look like this
$sql = "SELECT * FROM users WHERE (username='admin') AND (password = '/') OR (/'1/' = /'1');";
So it would be looking for a password called ') OR ('1' = '1, and therefore wouldn't match up in the database, not return a row, and the page will say "Incorrect combination".
(
G/PP 💩💩💩💩💩€, Sat 16 Oct 2010, 18:24,
1 reply,
15 years ago)
Ah, the old Real Escape String escape.*shakes head* *lights pipe* Classic.
(
Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:31,
Reply)
If you wanna get into this sort of things in a comercially viable way, learn and use this....codeigniter.com/
Almost _every_ job I applied for said that was a major factor. Another one to learn is something called jQuery for javascript. Both are amazing tools, I've built stuff inside days which would have taken months without it.
(
G/PP 💩💩💩💩💩€, Sat 16 Oct 2010, 18:34,
Reply)
I'm struggling to get my head around ModX at the momentI think a sojourn into constructing PHP apps is a little out of my comfort zone =o)
(
Noeli overtheshoulderboulderholderthingstraplatchboobs, Sat 16 Oct 2010, 18:36,
Reply)
I just googled ModX, it's almost identical, in the respect that it's an MVC PHP system, but it looks more complicated.They both use ActiveRecord syntax for database stuff though, which is cool.
(
G/PP 💩💩💩💩💩€, Sat 16 Oct 2010, 18:46,
Reply)
« Go Back | See The Full Thread