|
| 02 Oct 2011 11:32 AM |
| I do, and it's the funnest thing evar. |
|
|
| Report Abuse |
|
|
LocalChum
|
  |
| Joined: 04 Mar 2011 |
| Total Posts: 6906 |
|
| |
|
|
| 02 Oct 2011 11:35 AM |
| I hope all of you know what I'm talking about <3 |
|
|
| Report Abuse |
|
|
| |
|
|
| 02 Oct 2011 11:36 AM |
| Injection, I use it on many sites, one was like some indian embassy and got on the news o-o |
|
|
| Report Abuse |
|
|
|
| 02 Oct 2011 11:37 AM |
Injection is easy as hell
I mean srs, it's like the easiest exploit in all history, yet your so damn stupid, you call it "MySQLi" not "SQLi" |
|
|
| Report Abuse |
|
|
|
| 02 Oct 2011 11:38 AM |
Okay, well, I guess I'm done with this conversation.
To the RT! |
|
|
| Report Abuse |
|
|
|
| 02 Oct 2011 11:41 AM |
MySQLi = MySQL improved. SQLi = SQL injection. Learn your acronyms.
PS: Most sites are protected from injection because they're smart and sanitize their code. The only sites that are vulnerable are those where you're not going to have much fun with injections anyways. |
|
|
| Report Abuse |
|
|
|
| 02 Oct 2011 11:43 AM |
Adding slashes in fun, fool.
Also, don't try SQLi on ASP websites - input is always sanitized in ADO.NET |
|
|
| Report Abuse |
|
|
|
| 02 Oct 2011 11:45 AM |
@poke
I usually have alot of fun, I'm a Grey Hat, I don't really bang on websites to destroy them.
I just do things for the lulz. |
|
|
| Report Abuse |
|
|
|
| 02 Oct 2011 12:36 PM |
"Grey Hat" - All you do is be all
OMG OLOLOL ' OR 1=1 ' OMG OLOLOL |
|
|
| Report Abuse |
|
|
|
| 02 Oct 2011 12:39 PM |
| mysql_real_escape_string() is the beastest thing ever made |
|
|
| Report Abuse |
|
|
BenBonez
|
  |
| Joined: 29 Aug 2008 |
| Total Posts: 19362 |
|
| |
|
jode6543
|
  |
| Joined: 16 Jun 2009 |
| Total Posts: 5363 |
|
|
| 02 Oct 2011 02:11 PM |
$input = html_entities(mysql_real_escape_string($input));
~THROW THE CHEEEEEEEEEEEEEEEEEEEESE!~ |
|
|
| Report Abuse |
|
|
|
| 02 Oct 2011 08:02 PM |
"mysql_real_escape_string() is the beastest thing ever made"
This is better:
$db = new mysqli(connection info stuff); $sanitized = $db->real_escape_string(stuff to escape);
Prepared statements are best because they sanitize for you. |
|
|
| Report Abuse |
|
|
geicogeko
|
  |
| Joined: 27 Apr 2010 |
| Total Posts: 2727 |
|
| |
|