how to prevent sql injection in website

PewN · April 17, 2012

please can anyone help me here cuz my site has been injected and the hackers add commands like @item

please help me here

Pneuma · April 17, 2012

You should have your RO hoster rename your tables and such so its not the same common stuff like ragnarok>inventory and such

Patskie · January 9, 2013

please can anyone help me here cuz my site has been injected and the hackers add commands like @item

please help me here

Pneuma is correct you can also use this http://pastebin.com/P5c1suYU

Patotron · January 9, 2013

Try with

<?php
// Connect
$enlace = mysql_connect('db_mysql', 'user_mysql', 'pass_mysql')
   OR die(mysql_error());
// query
$consulta = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
	    mysql_real_escape_string($usuario),
	    mysql_real_escape_string($contraseña));
?>

Maybe it works

Asura · January 10, 2013

Hi TrojanWorm,

Best way to defend against this is to stop using bad PHP-based scripts/web-sites which link to your RO database. Then edit your MySQL user accounts to be locked in to specific hosts, so that they can not attempt to brute force or attempt to remotely access your MySQL server.

Re-naming the database and such, isn't going to help; since MySQL injection is based off poorly coded PHP scripts/web-sites which already designate what database/tables to access and use.

Also, check if your computer is key-logged; get Malware Detectors.

malufett · January 10, 2013

check all your ports..change your password regularly..and inspect the code of every module that you will install to your site..and lastly never trust other people on giving access you must choose a person you really trust...

:meow:

KeyWorld · January 10, 2013

please can anyone help me here cuz my site has been injected and the hackers add commands like @item

please help me here

How do you know it's a SQL injection in your website ?...

If you know the answer, you will be able to fix it alone.

Why people still continue to believe that the only way to hack is using SQL injection ? There are so more fun and exotic way to have full or partial access to a server.

Mootie · January 10, 2013

please can anyone help me here cuz my site has been injected and the hackers add commands like @item

please help me here

How do you know it's a SQL injection in your website ?...
If you know the answer, you will be able to fix it alone.

Why people still continue to believe that the only way to hack is using SQL injection ? There are so more fun and exotic way to have full or partial access to a server.

agreed

Feefty · January 10, 2013

check

please can anyone help me here cuz my site has been injected and the hackers add commands like @item

please help me here

check your site log

markiez22 · September 4, 2013

please can anyone help me here cuz my site has been injected and the hackers add commands like @item

please help me here

Pneuma is correct you can also use this http://pastebin.com/P5c1suYU

if you using GMprotect is not safe also bcus. if some 1 attack your ragnarok using SQL injector . . .

not only a GM lvl but also the phpmyadmin he/she can delete your phpmyadmin ragnarok files

very safe to do don't trust any people sending web code to aply your server

only cant delete is your trunk

Checkmate · September 4, 2013

Mybe you can try to ask your hoster to check regulary you ended coding like php,js, or some error..
Btw you can try sql your site alone...
WIth the toll the are free on google.com...

Sign In

how to prevent sql injection in website

Question

Link to comment

Share on other sites

10 answers to this question

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Link to comment

Recently Browsing 0 members