Esempi in PHP per anti_injection_login

Linguaggio di programmazione: PHP

Metodo/funzione: anti_injection_login

Esempi su hotexamples.com: 2

anti_injection_login in PHP: 2 esempi trovati. Questi sono i migliori esempi reali in PHP per anti_injection_login, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Esempio n. 1

Mostra file

File: create_account.php Progetto: akiyokota/UCRacer

// THIS ONE IS JUST FOR THE NICKNAME PROTECTION AGAINST SQL INJECTION
function anti_injection_login($sql, $formUse = true)
{
    $sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\\*|--|\\\\)/i", "", $sql);
    $sql = trim($sql);
    $sql = strip_tags($sql);
    if (!$formUse || !get_magic_quotes_gpc()) {
        $sql = addslashes($sql);
    }
    return $sql;
}
// =============================================================================
$unityHash = anti_injection_login($_POST["myform_hash"]);
$phpHash = "736868697473736563726574";
// same code in here as in your Unity game
$nick = anti_injection_login($_POST["myform_nick"]);
//I use that function to protect against SQL injection
$pass = anti_injection_login_senha($_POST["myform_pass"]);
/*
you can also use this:
$nick = $_POST["myform_nick"];
$pass = $_POST["myform_pass"];
*/
if (!$nick || !$pass) {
    echo "Login or password cant be empty.";
} else {
    if ($unityHash != $phpHash) {
        echo "HASH code is diferent from your game, you infidel.";
    } else {
        // $SQL = "SELECT * FROM scores WHERE name = '" . $nick . "'";
        $SQL = "INSERT INTO scores ( id , name , password ) VALUES (NULL, '" . $nick . "', '" . $pass . "' )";

Esempio n. 2

Mostra file

File: update_scores.php Progetto: akiyokota/UCRacer

    $sql = strip_tags($sql);
    if (!$formUse || !get_magic_quotes_gpc()) {
        $sql = addslashes($sql);
    }
    return $sql;
}
// =============================================================================
$unityHash = anti_injection_login($_POST["myform_hash"]);
$phpHash = "736868697473736563726574";
// same code in here as in your Unity game
$nick = anti_injection_login($_POST["myform_nick"]);
//I use that function to protect against SQL injection
//$pass = anti_injection_login_senha($_POST["myform_pass"]); //THIS IS SO BAD NEVER EVER DO THIS
$tracknum = anti_injection_login($_POST["myform_tracknum"]);
// where $tracknum = "hiscore", "hiscore2", or "hiscore3"
$hiscore_string = anti_injection_login($_POST["myform_hiscore"]);
$hiscore = (double) $hiscore_string;
// mysql TIME format: HH:MM:SS. floating points allowed?
/*
you can also use this:
$nick = $_POST["myform_nick"];
$pass = $_POST["myform_pass"];
*/
if ($unityHash != $phpHash) {
    echo "HASH code is diferent from your game, you infidel.";
} else {
    // $SQL = "SELECT * FROM scores WHERE name = '" . $nick . "'";
    //$SQL = "INSERT INTO scores ( id , name , password ) VALUES (NULL, '" . $nick . "', '" . $pass . "' )";
    $SQL = "SELECT " . $nick . " FROM scores";
    $result_id = @mysql_query($SQL) or die("DATABASE ERROR!" . mySQL_error());
    $total = mysql_num_rows($result_id);