2011-12-26, 01:11 AM
Hello,
I m making a little application using pagemanager.
I have to connect to a different DB as the one setup in myBB.
And I know to have an error in my sintax, I mean, if someone try to inject me instead of having a mysql error I have nothing, nothing show up.
I would like to know if MyBB or pagemanager does filter automaticly the sql errors ?
In this case, how can I do for them to be visible ?
Thank you
Let me show you how the code looks like :
So, if $_POST['password'] is for exemple " 1 " it should show me "1"
But if $_POST['password'] = " 1' ", I should have an error, but it doesn t show up :o
I m making a little application using pagemanager.
I have to connect to a different DB as the one setup in myBB.
And I know to have an error in my sintax, I mean, if someone try to inject me instead of having a mysql error I have nothing, nothing show up.
I would like to know if MyBB or pagemanager does filter automaticly the sql errors ?
In this case, how can I do for them to be visible ?
Thank you
Let me show you how the code looks like :
$db = mysql_connect('localhost', 'root', '');
mysql_select_db('lvl6',$db);
$sql = "SELECT id FROM password where id = " . $_POST['password'];
$req = mysql_query($sql);
while($dataa = mysql_fetch_assoc($req))
{
// on affiche les informations de l'enregistrement en cours
echo $dataa['id'];
}
mysql_close();
So, if $_POST['password'] is for exemple " 1 " it should show me "1"
But if $_POST['password'] = " 1' ", I should have an error, but it doesn t show up :o