PAGE-2: Secure Php Coding related to user, query, mysql, session

ryanlund2323

Jul 17 2007, 09:07 AM

just checked the MySQL hack in a script that i just created.....for some reason it doesnt actually work. my script does what it was designed to do and block entry but i cant understand why...here is a very simplified version of the script......if -- did kill the rest of the query it should technically be able to hack this script but it doesnt seem to work

ryan

<?PHP

$user=$_POST['user'];
$pass=$_POST['pass'];

if(!$user||!$pass){
......error message
}
else{
$db=mysql_connect('*******','******','****');
$sel=mysql_select_db("*****");
$enc=md5($pass);
$query="SELECT * FROM `users` WHERE `user` = '$user' && `pass` = '$enc'";
$do_query=mysql_query($query);
$num=@mysql_num_rows($do_query);

if($num!="1"){
.......login fail
}
else{
session_start();
$_SESSION["user"]=$user;
header("Location: test.php");
}
}
?>

***************EDIT*********************

$querya="SELECT * FROM `users` WHERE `user` = '$user'";
$do_querya=mysql_query($querya);
$numa=@mysql_num_rows($do_query);
if($numa!="1"){
.....no user
}
else{
$query="SELECT * FROM `users` WHERE `user` = '$user' && `pass` = '$enc'";
$do_query=mysql_query($query);
$num=@mysql_num_rows($do_query);

if($num!="1"){
.....password wrong
}
else{
session_start();
$_SESSION["user"]=$user;
header("Location: test.php");
}
}

this would fix that particular hack even if the user input wasnt checked if im not mistaken

Pages: 1, 2

Recent Queries:-

secure folder with php - 33.59 hr back. (1)
securing a php page - 185.79 hr back. (1)
php secure scripts =$_get[ - 370.62 hr back. (1)
secure php coding tips - 163.98 hr back. (2)

Similar Topics

Keywords : secure php coding tips hints secure phping

Very Simple Login-script - This is a very simple and secure login-script (18)
Little Tips For Php Coder - (3)
When you're coding, you happen to get confused with these features although you may not.
"content" 'content ' These may be looking too simple tip. I know that. The matter is
this can be really useful for most of the times while you're coding in PHP. Try it out when you
were not aware of these features. You will like it for sure. -- Have a nice day! My blog :
silverbluewater.blogspot.com ...

Some Little Php Tips. - (5)

I think this is probably my first article/tutorial on here /smile.gif"
style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />. I have been playing around
with a new site lately, and co-incidentally, as soon as I started with the PHP etc, I have people on
MSN Messenger flooding me with questions, mostly in the form of "help me, help me" etc. Well, a few
small tips and explanations on them I gave over MSN Messenger, gave me the idea of posting an
article/tutorial (or whatever you want to call it) here about it. RELATIVE PATHING : The first
thing to ...

.htaccess Files Usage - tips and examples (3)

In this tutorial you will find a simple way to use .htaccess files on your webspace, .htaccess is an
ascii file, so you will need to upload it in ascii mode and make sure that the file permissions is
644 and it could be read by the server, make sure it has no extension, like some editors just saves
it as htaccess.txt or .php so please remove it, the dot in front does not show an extension, it is a
hidden file. be careful using the .htaccess some servers does not let to use them, because of the
performance, place the file into your domain root or subdomain root director...

Looking for secure, php, coding, tips, hints, secure, phping

*SIMILAR VIDEOS*

Searching Video's for secure, php, coding, tips, hints, secure, phping

Watch the latest videos on YouTube.com

Very Simple
Login-script
This is a
very simple
and secure
login-script

Little Tips
For Php
Coder

Some Little
Php Tips.

.htaccess
Files Usage
tips and
examples

Your Ad Here

Secure Php Coding - tips and hints for more secure PHP'ing

Secure Php Coding - tips and hints for more secure PHP'ing