[Release] Anik's Registration system ( GUI - 04rel004 )

Started by Anik, Mar 28, 2017, 09:35 AM

Previous topic - Next topic

Mohamed Boubekri

Quote from: Xmair on Nov 02, 2017, 09:09 AM
Quote from: [MCO]We3da on Nov 02, 2017, 07:11 AM
Quote from: [MCO]We3da on Nov 01, 2017, 08:12 PM
Quote from: Shadow on Nov 01, 2017, 04:04 PMI find it admirable that you thought of escaping the strings before doing the select query but you should've also escaped the name in the update query. Otherwise, BAD things can happen...
I never Never  Never Never Never Never  Understand Anithingggggggggggggggggggggggggggg
Please @Xmair Give me Example Bro :(
Imagine you have a command /gotoloc which executes the following query:
"SELECT XYZ FROM Locations WHERE Name = '" + locationName + "'"
where locationName is a string input by the user in the gotoloc command. Imagine there's a bad guy who uses /gotoloc '; DROP TABLE Accounts; instead of a location, this'll get executed:
"SELECT XYZ FROM Locations WHERE Name = ''; DROP TABLE Accounts;"
This'll ultimately execute both of the queries as there is a semicolon right after the SELECT query. To avoid this, you use mysql_escape in mySQL and escapeSQLString in SQLite.
You must be using SQLite so I'm going to put on an example in which can be used by the default SQLite plugin for VCMP.
Instead of:
QuerySQL( database, "SELECT XYZ FROM Locations WHERE Name = '" + locationName + "'" );
Use:
QuerySQL( database, "SELECT XYZ FROM Locations WHERE Name = '" + escapeSQLString( locationName ) + "'" );
Simple, isn't it? I've tried my best to explain it as easy as I could, if you still don't get it, meh.
@Xmair You Are Besstteeee ONe Help Me im Happyyyyyy And im Learned Now.
Thanks for helping my friend :D
| What now ? | Not yet ! |
Morrocan:- [ 🇲🇦 ].

=RK=MarineForce

guyz i am add cilent side its error showing

on end
Try to UnderStand ME!

!

Quote from: =RK=MarineForce on Dec 16, 2017, 04:06 PMguyz i am add cilent side its error showing

on end
Why not post the error instead of alerting us.

Discord: zeus#5155

=RK=MarineForce

Luchgox give me script Thankx Goood Lucky Working
Try to UnderStand ME!

Retard

Just another retard roaming around.

!


Discord: zeus#5155

=RK=MarineForce

Try to UnderStand ME!


[KM]Helathien

I dont know why but I am getting a error " The index Stream does not exist" help pls :D
Feel free to PM me for any help.
If I am not available on the forum come to VKs Official Server I am usually there.

Mohamed Boubekri

Quote from: Helathien on Jun 06, 2018, 03:56 PMI dont know why but I am getting a error " The index Stream does not exist" help pls :D
You need to update your server version from rel003 to rel004.
| What now ? | Not yet ! |
Morrocan:- [ 🇲🇦 ].