MyBB Community Forums

MyBB Community Forums > Community > General Discussion > Web Development and Administration > website vulnerbility help
Full Version: website vulnerbility help
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

pavemen

2012-06-04, 05:17 PM
If ID is supposed to be an integer (as most IDs are), I'd just use 

$Idata=intval($_GET["id"]);
if($Idata)
{
//do query
}

and be done with it

sunjava1

2012-06-04, 05:20 PM
(2012-06-04, 05:17 PM)pavemen Wrote: [ -> ]If ID is supposed to be an integer (as most IDs are), I'd just use 

$Idata=intval($_GET["id"]);
if($Idata)
{
//do query
}

and be done with it

if not then ? suppose someone enter id='6 (a sql injection attack) then does the same page comes or query again doesn't execute ?

pavemen

2012-06-04, 05:26 PM
the Idata = 0 since the ' is a string. the Id must be an integer for it to be a non-zero return value

sunjava1

2012-06-06, 04:40 PM
Thanks, its not working as I want, but it solves the problem Smile
Pages: 1 2
MyBB Community Forums > Community > General Discussion > Web Development and Administration > website vulnerbility help