MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > SQL Injection Protect Method !!?
Full Version: SQL Injection Protect Method !!?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

beh4R

2014-08-23, 10:46 AM
How you can see i am trying maximum for an better security for my forum.
And i am searching for tutorials and i found a SQL Injection Protect Method,
but i don't know where to find this code below :
[b]<?php

include "conn.php"; //connect to database
$username = $_POST['username'];
$password = $_POST['password'];

.m.

2014-08-23, 11:01 AM
check ./inc/datahandlers/user.php {see also ./inc/member.php}

Matt

2014-08-23, 11:09 AM
Why would you need to replace this code to protect against SQL injection? MyBB doesn't use that code. You realise that the code you've posted is meant to be a generic example of bad code, and not code specifically used by MyBB, right?

beh4R

2014-08-23, 11:12 AM
Matt@ ~ I Founded this tip in Hackforums ,maybe will be helpful ?
(2014-08-23, 11:01 AM).m. Wrote: [ -> ]check ./inc/datahandlers/user.php  {see also ./inc/member.php}
Searched and not found in those options that u said . Undecided

Destroy666

2014-08-23, 12:02 PM
(2014-08-23, 11:12 AM)beh4R Wrote: [ -> ]I Founded this tip in Hackforums ,maybe will be helpful ?

Do you believe in everything found on the Internet? That should be the first thing to correct for a better security of yours, if I should be honest Wink Otherwise you'll end up introducing a 'very secure' mailicious code to your forum which is a part of the easiest and yet quite effective way to attack - social engineering.

(2014-08-23, 11:12 AM)beh4R Wrote: [ -> ]Searched and not found in those options that u said . Undecided

Because this code is not in MyBB as said above.. You should not worry about it.

nth

2014-08-23, 12:09 PM
MySQL is deprecated in latest version of PHP. Use MySQLi or PDO and use prepared statements.

EDIT: I misunderstood the OP, sorry.

Matt

2014-08-23, 12:15 PM
(2014-08-23, 11:12 AM)beh4R Wrote: [ -> ]Matt@ ~ I Founded this tip in Hackforums ,maybe will be helpful ?

Yes, you're missing the point; the code you posted is basically saying "don't use code like this", it doesn't mean that every piece of software, MyBB or otherwise, uses that exact code. MyBB will already protect against SQL injections, it doesn't run this code or any code like it. The place you found this code would have posted it to educate you how to write proper code, you don't then need to go and manually patch established software yourself for something like this Smile

TheGarfield

2014-08-23, 12:31 PM
MyBB uses a Database wrapper class anyway, so you should see something like

$db->some_method($some_parameter);

And don't worry about SQL injections in MyBB, HackForums has been up and running for a decade now.

beh4R

2014-08-23, 01:33 PM
OK THanks guys, because i am trying to do maximum for my protection of my forum , so i can
make anytime weird questions Smile Thanks for your help.
I installed PHP Firewall Web on my forum , now i am trying to install this Firewall and then my Forum it's finished.
http://community.mybb.com/thread-109982.html
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > SQL Injection Protect Method !!?