SQL Injection Problem - HELP IMPORTANT

Status
Not open for further replies.
Flint

Flint

http://Dusk-Hotel.com
Jul 10, 2012
464
48
hey!

well i found this code lying around and i need it to rpevent sql injections
so i put it in
but then my index page just fucked up....
but i think its because the sql injection gets wrid of special characters in index page
heres the code :

Code: 
<?php 
$ip = $_SERVER['REMOTE_ADDR']; 
$time = date("l dS of F Y h:i:s A"); 
$script = $_SERVER[PATH_TRANSLATED]; 
$fp = fopen ("[WEB]SQL_Injection.txt", "a+"); 
$sql_inject_1 = array(";","'","%",'"'); #Whoth need replace 
$sql_inject_2 = array("", "","","&quot;"); #To wont replace 
$GET_KEY = array_keys($_GET); #array keys from $_GET 
$POST_KEY = array_keys($_POST); #array keys from $_POST
$COOKIE_KEY = array_keys($_COOKIE); #array keys from $_COOKIE 
/*begin clear $_GET */ 
for($i=0;$i<count($GET_KEY);$i++) 
{ 
$real_get[$i] = $_GET[$GET_KEY[$i]]; 
$_GET[$GET_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_GET[$GET_KEY[$i]])); 
if($real_get[$i] != $_GET[$GET_KEY[$i]]) 
{ 
fwrite ($fp, "IP: $ip\r\n"); 
fwrite ($fp, "Method: GET\r\n"); 
fwrite ($fp, "Value: $real_get[$i]\r\n"); 
fwrite ($fp, "Script: $script\r\n"); 
fwrite ($fp, "Time: $time\r\n"); 
fwrite ($fp, "==================================\r\n");
} 
} 
/*end clear $_GET */ 
/*begin clear $_POST */ 
for($i=0;$i<count($POST_KEY);$i++) 
{ 
$real_post[$i] = $_POST[$POST_KEY[$i]]; 
$_POST[$POST_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_POST[$POST_KEY[$i]])); 
if($real_post[$i] != $_POST[$POST_KEY[$i]]) 
{ 
fwrite ($fp, "IP: $ip\r\n"); 
fwrite ($fp, "Method: POST\r\n"); 
fwrite ($fp, "Value: $real_post[$i]\r\n"); 
fwrite ($fp, "Script: $script\r\n"); 
fwrite ($fp, "Time: $time\r\n"); 
fwrite ($fp, "==================================\r\n");
} 
} 
/*end clear $_POST */ 
/*begin clear $_COOKIE */ 
for($i=0;$i<count($COOKIE_KEY);$i++) 
{ 
$real_cookie[$i] = $_COOKIE[$COOKIE_KEY[$i]]; 
$_COOKIE[$COOKIE_KEY[$i]] = str_replace($sql_inject_1, $sql_inject_2, HtmlSpecialChars($_COOKIE[$COOKIE_KEY[$i]])); 
if($real_cookie[$i] != $_COOKIE[$COOKIE_KEY[$i]]) 
{ 
fwrite ($fp, "IP: $ip\r\n"); 
fwrite ($fp, "Method: COOKIE\r\n"); 
fwrite ($fp, "Value: $real_cookie[$i]\r\n"); 
fwrite ($fp, "Script: $script\r\n"); 
fwrite ($fp, "Time: $time\r\n"); 
fwrite ($fp, "==================================\r\n");
} 
} 
 
/*end clear $_COOKIE */ 
fclose ($fp); 
?>

To view wat my index looks like here it is :

You must be registered for see links
 
Sort by date Sort by votes
Xenous

Xenous

o shi
Nov 15, 2011
383
101
I don't really see why you have all that loool.
To avoid injections just add
PHP: 
foreach($_GET as $key => $value){
    $_GET[$key]=mysql_real_escape_string(stripslashes(htmlspecialchars($value)));
}
foreach($_POST as $key => $value){
    $_POST[$key]=mysql_real_escape_string(stripslashes(htmlspecialchars($value)));
}
to global.php or whatever all the main files require, it should avoid unintential backdoors exploits xss etc.
 
Upvote 0 Downvote
Flint

Flint

http://Dusk-Hotel.com
Jul 10, 2012
464
48
Xenous said:
I don't really see why you have all that loool.
To avoid injections just add
PHP: 
foreach($_GET as $key => $value){
    $_GET[$key]=mysql_real_escape_string(stripslashes(htmlspecialchars($value)));
}
foreach($_POST as $key => $value){
    $_POST[$key]=mysql_real_escape_string(stripslashes(htmlspecialchars($value)));
}
to global.php or whatever all the main files require, it should avoid unintential backdoors exploits xss etc.
Click to expand...
Thanks
Do i put it in
<?php foreach($_GET as $key => $value){
$_GET[$key]=mysql_real_escape_string(stripslashes(htmlspecialchars($value)));
}
foreach($_POST as $key => $value){
$_POST[$key]=mysql_real_escape_string(stripslashes(htmlspecialchars($value)));
} ?php>
 
Upvote 0 Downvote
Xenous

Xenous

o shi
Nov 15, 2011
383
101
Flint said:
Thanks
Do i put it in
<?php foreach($_GET as $key => $value){
$_GET[$key]=mysql_real_escape_string(stripslashes(htmlspecialchars($value)));
}
foreach($_POST as $key => $value){
$_POST[$key]=mysql_real_escape_string(stripslashes(htmlspecialchars($value)));
} ?php>
Click to expand...
Yeah just search the index and register for a file they both require, usually global and add that code in there at the bottom. Any other exploits would be put in there intentially and thus you'd have to remove them manually
 
Upvote 0 Downvote
Flint

Flint

http://Dusk-Hotel.com
Jul 10, 2012
464
48
Xenous said:
Yeah just search the index and register for a file they both require, usually global and add that code in there at the bottom. Any other exploits would be put in there intentially and thus you'd have to remove them manually
Click to expand...
Thanks so much for helping me
+1 Follower
 
Upvote 0 Downvote
Status
Not open for further replies.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top