Re: [klug] sql injection

edgardo bangga Fri, 03 Nov 2006 17:26:29 -0800

tgaan tamo function ana ha... bale kuhaon niya ang
length sa string nga naa sa imong boxes or asa cya
dapit. then ang kana dayon na length mao iyang isulod
sa database.


Function mysql_esc_str(String dirtystring)String
 String strFrom  'SOURCE STRING PASSED TO FUNCTION
 String lngFromLength  'LENGTH OF SOURCE STRING
 String strTo  'DESTINATION STRING COMING FROM
FUNCTION
 Long lngToLength  'LENGTH OF DESTINATION STRING
    
strFrom = dirtystring           'STORE FUNCTION INPUT
lngFromLength = Length(strFrom)    'GET LENGTH OF
INPUT
    
strTo = Space(lngFromLength * 2 + 1) 
 'ALLOCATE A BUFFER FOR OUTPUT OF FUNCTION
 '2 BYTES PER CHARACTER PLUS A BYTE FOR NULL
 'TERMINATOR USED BY FUNCTION
    
lngToLength = api_mysql_escape_string(strTo, strFrom,
lngFromLength) 'CALL API
    
mysql_escape_string = Left(strTo, lngToLength) 
'TRIM NULL TERMINATOR

End 


--- "Matt Arnilo S. Baluyos" <[EMAIL PROTECTED]>
wrote:

> On 11/3/06, mungkey <[EMAIL PROTECTED]> wrote:
> > Hehehe, oo murag inana gyud na toykhu. sa una gani
> naa pud to  nga butangan
> > lang nimo og backlsash zero sa end, then pwede
> nasab la maka butang og new
> > query like insert or update, if naay insert priv
> ang imong gi injekan, sure
> > na. pero usually kanang mga quote gyud ang maka
> tabla. I believe naay filter
> > or sanitizer ginagamit sila ni matt and ardie sa
> ilang mga ajax apps. mas
> > maka explain sila ani og gi una pud nila ... kana
> kung di sila busy. hehehe.
> > busy raba daw tong duha nako ka mga aydol sigi ...
> hehehe.
> 
> It's a framework na pwede makuha sa Internet. kses
> ang ngalan and you
> can get it at http://sourceforge.net/projects/kses
> 
> I think it's the one used by Wordpress. Amo lang
> dayon tong gi-wrap sa
> isa ka class para mubagay sa among API.
> 
> 
> -- 
> Matt Arnilo S. Baluyos <[EMAIL PROTECTED]>
> http://del.icio.us/mbaluyos
> 
>
v3sw3CH+Rhw2ln5pr6OPck5ma7u5Lw5Xm+7l7CRi2e6t5Xb7Oen4g5aIs4r3p6
> hackerkey.com
>       gpg --keyserver pgp.mit.edu --recv-keys 171CD03E
> _________________________________________________
> Kagay-Anon Linux Users' Group (KLUG) Mailing List
> [email protected] (http://cdo.linux.org.ph)
> Searchable Archives: http://archives.free.net.ph
> 



 
____________________________________________________________________________________
Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates 
(http://voice.yahoo.com)

_________________________________________________
Kagay-Anon Linux Users' Group (KLUG) Mailing List
[email protected] (http://cdo.linux.org.ph)
Searchable Archives: http://archives.free.net.ph

Re: [klug] sql injection

Reply via email to