TalkPHP - View Single Post

CreativeLogic · 05-27-2005, 06:48 PM

A few things. First off, about the parse error. Without seeing code I can't help too much about the problem. Most common parse errors are caused by a missing semi-colon or quotations. Check on the lines above the line the parse error provides you.

As for the blank page. What I would do personnaly is rather than using the die statement, I would check to see if results were returned.

One thing I noticed about your script, you have SQL injections in the queries. This can cause major security situations via the database depending on how exactly PHP is configured. What I mean exactly is the query you're using. You should use addslashes. What that funciton will do is escape the quotes in your post vairables. Let me show you an example of something someone can do:

If someone puts their username as:
admin' AND password <>
And their password as:
AND email <> '

Your query will turn out like this after php parses the query and when MySQL attempts to execute the query:
SELECT * from users WHERE username='admin' AND password <> ' and password=' AND email <> ''
There should be a space before the above line.

So basically the way you have wrote that. All I would have to do is place those two entries above in the username and password field. It will give me access as long as there is a user with the username as admin and it's password does not equal ' and password=' (without the quotes) and that same user's email is not empty.

That would grant me access and actually give me full admin access as long as that was the correct username.

That's just a little help! ;)

Let me know if you have any other questions.

EDIT: I actually tested it and it appears your server has PHP configured to automatically escape post variables, which is good, but you should always addslashes to variables and or intval the variables using intval.

05-27-2005, 06:48 PM	#2 (permalink)
CreativeLogic The Acquainted Join Date: Mar 2005 Posts: 177 Thanks: 0	A few things. First off, about the parse error. Without seeing code I can't help too much about the problem. Most common parse errors are caused by a missing semi-colon or quotations. Check on the lines above the line the parse error provides you. As for the blank page. What I would do personnaly is rather than using the die statement, I would check to see if results were returned. One thing I noticed about your script, you have SQL injections in the queries. This can cause major security situations via the database depending on how exactly PHP is configured. What I mean exactly is the query you're using. You should use addslashes. What that funciton will do is escape the quotes in your post vairables. Let me show you an example of something someone can do: If someone puts their username as: admin' AND password <> And their password as: AND email <> ' Your query will turn out like this after php parses the query and when MySQL attempts to execute the query: SELECT * from users WHERE username='admin' AND password <> ' and password=' AND email <> '' There should be a space before the above line. So basically the way you have wrote that. All I would have to do is place those two entries above in the username and password field. It will give me access as long as there is a user with the username as admin and it's password does not equal ' and password=' (without the quotes) and that same user's email is not empty. That would grant me access and actually give me full admin access as long as that was the correct username. That's just a little help! ;) Let me know if you have any other questions. EDIT: I actually tested it and it appears your server has PHP configured to automatically escape post variables, which is good, but you should always addslashes to variables and or intval the variables using intval.