great tutorial. glad you mentioned php's magic quotes. when I was setting up a website it took me ages to figure out what it was doing. if only I'd found this first!
The magic quotes feature DOES NOT DO THE SAME as mysql_real_escape_string. You handle it correctly when you add the code, but it's important to note that magic quotes does an addslashes, not a mysql_real_escape_string.
@xXZarlachXx i was wondering because if you save the site and delete (for example) the javascript code that prevents you from entering the chars you want you can simply do the attack anyways.
Well explained !!!!!
TheRayesh 3 weeks ago
please tell me which screen recorder do you use?
shikharsrivastava23 1 month ago in playlist Security
thx so much
jacky9103 1 month ago
LOL hack hacking hacker hackers are in the Tags
leoyt123 1 month ago
This has been flagged as spam show
great tutorial. glad you mentioned php's magic quotes. when I was setting up a website it took me ages to figure out what it was doing. if only I'd found this first!
Thanks
TomJ343 3 months ago
Comment removed
TomJ343 3 months ago
UBUNTU FTW!
MrC0MPUT3R 4 months ago
The magic quotes feature DOES NOT DO THE SAME as mysql_real_escape_string. You handle it correctly when you add the code, but it's important to note that magic quotes does an addslashes, not a mysql_real_escape_string.
stutlet 4 months ago
no more magic quotes? D: noooooooo
abney317 5 months ago
very good explanation..thanks
vinayshah17 5 months ago
Great Visual Tutorial... BAaaaaad accent.. gives u in the nerves..... Grrrrrr.... bloodyyy British....... hahahahahahhahahah...
SaluSnikoS 5 months ago
@threeclock
Yeah? What happens when they disable JavaScript inside their browser?
dbmarquand 5 months ago
very nice, this was very useful for me ;)
gvrlprncp 5 months ago in playlist More videos from phpacademy
TOGETHER TO THE TOP!
dizzylamb 5 months ago 3
@threeclock JavaScript is not for security.
Amother tip.
There is a better solution than mysql_real_escape_string and that is prepared statements, availabe for users of mysqli and PDO.
Unless you're working on a legacy system, one should use the better api!
itpastorn 6 months ago in playlist Security
Just use JavaScript to validate the form before submitting.
threeclock 6 months ago
By the way, you can also add another function:
mysql_real_escape_string(trim($_POST[ 'email' ] ) )
trim() removes leading and trailing spaces.
Grkgermn333 6 months ago
Why do most of your SQL statement variables have { }?, I've never seen PHP modeled with them unless prefixed after a function.
Sagaterious 6 months ago
@Sagaterious me too
Grkgermn333 6 months ago
This has been flagged as spam show
very well done.
Darienbeagle 6 months ago
My login is made so that you can only enter numbers and alphabetic characters.
xXZarlachXx 6 months ago
@xXZarlachXx you did that with a javascript?
and can i have a link to your site ?
daeheadshot 6 months ago
@daeheadshot
I think it does something like @N1ghtSp33D said, checking from a-z A-Z and 0-9.
xXZarlachXx 6 months ago
@xXZarlachXx i was wondering because if you save the site and delete (for example) the javascript code that prevents you from entering the chars you want you can simply do the attack anyways.
daeheadshot 6 months ago
@daeheadshot Firebug is your friend.
killerpacdot 6 months ago
tnx for the video can you do php online rating and taking the voter's ip
noel11105 6 months ago
Ubuntu :)
EnvXOwner 6 months ago
or just do a preg_match allowing a-zA-Z0-9-_
N1ghtSp33D 6 months ago
one could instead use PDO (PHP Data Objects) for interfacing with a database, like mysql for example.
PDO ships with PHP 5.1 and it's prepared statements eliminate any opportunity to change the logic of the SQL.
php(.)net/manual/en/intro.pdo.php
harrei 6 months ago
Great tut, very useful, thankyou :)
RabbitFactoryUK 6 months ago
Wait.. i havent seen any site using id to login?
n0b0dy241 6 months ago
@n0b0dy241 It was just for demonstration purposes...
JamesRCoston 6 months ago
@n0b0dy241 Just an example...
wideload123 6 months ago
Use eclipse! X-Platform + BEST JAVA IDE made IN Java!
NullDeveloper 6 months ago
@NullDeveloper I do for java, but this is not Java ;)
wideload123 6 months ago
Linux is the best!
Btw.: Netbeans is also available on Linux. ;)
MixedPasi 6 months ago
very informative, thank you.
Cezarijus 6 months ago
If you're going to use mysql statements at least use the mysqli class.
Techn0Junki3 6 months ago
@Techn0Junki3 mysql is still faster than mysqli, though mysqli gives back by being more feature rich.
brotherlu 6 months ago
are you using Ubuntu or Mac OS?
GSNTube5 6 months ago
@GSNTube5 Ubuntu.
wideload123 6 months ago
nice video, you're a really good teacher. you and bucky from newboston are great! keep it up
YoungBlood0893 6 months ago
You should all be using prepared statements and avoid the mysql_* functions
Myztik7 6 months ago
@PHPWizz It's me :)
wideload123 6 months ago
@PHPWizz Yes.
YaManTino 6 months ago
lol, "decrypting" the hash with john took 0 seconds :D
m0gria 6 months ago
thanks for the tutorial
alex26toma 6 months ago
You should do tutorials on MySQL database optimization (performance..)
heydude8999 6 months ago 29
@heydude8999 Agreed... that is one thing I would love to learn more about.
theclevercoder 2 months ago
I <3 your tut's
MakeOrange 6 months ago
Linux :D
FloobenShnooben 6 months ago 22
watch?v=rdyQoUNeXSg
defcon 17 Advanced SQL Injection
this is what you can do whit SQL injections
bartalveyhe 6 months ago
Comment removed
ceewwb 6 months ago
sanitize var
c0decub 6 months ago
1st
MakUnited 6 months ago