PHP Classes
elePHPant
Icontem

Will this block SQL Injections & Shell scripts

Recommend this page to a friend!

      PHP MySQL to MySQLi  >  PHP MySQL to MySQLi package blog  >  How to Convert MySQL ...  >  All threads  >  Will this block SQL Injections &...  >  (Un) Subscribe thread alerts  
Subject:Will this block SQL Injections &...
Summary:Will this block SQL Injections & Shell scripts
Messages:10
Author:Udara Madushan
Date:2017-08-28 15:11:35
 

 


  1. Will this block SQL Injections &...   Reply   Report abuse  
Udara Madushan - 2017-08-28 15:11:35
Will this block SQL Injections & Shell scripts? How to use this in running script ?

  2. Re: Will this block SQL Injections &...   Reply   Report abuse  
Dave Smith - 2017-08-28 16:40:40 - In reply to message 1 from Udara Madushan
It does not automatically prepare statements, it replaces mysql with mysqli when the mysql extension goes away, as it did in php 7.

You simply include the class, and if the mysql extension is not present then it takes over. It should be used as a stop gap to keep scripts running until they can be updated to mysqli or pdo.

Dave

  3. Re: Will this block SQL Injections &...   Reply   Report abuse  
Udara Madushan - 2017-08-30 11:10:09 - In reply to message 2 from Dave Smith
Dear Dave,

Thanks a lot, Is that mean there is no security due to SQL Injunctions or Shell script if we do not adhere prepred statement ? even use mysqli..?

Am I only have to do is,include this library from my 'header.php' file ??? Then it will replace the current mysql_ call to new library format ? isn't it ?

Bye


  4. Re: Will this block SQL Injections &...   Reply   Report abuse  
Dave Smith - 2017-08-30 19:18:11 - In reply to message 3 from Udara Madushan
Using prepared statements automatically sanitizes the query, however this class does not create prepared statements for you. If your script using mysql does not properly sanitize then it will still be vulnerable using mysqli.

Assuming that your header.php file is included in all the source files, then yes you would include this class there. It will only replace mysql with mysqli when the mysql extension is no longer present. If you are running on PHP 5 then this class does nothing until you update to PHP 7.

Dave

  5. Re: Will this block SQL Injections &...   Reply   Report abuse  
Udara Madushan - 2017-08-31 06:49:04 - In reply to message 4 from Dave Smith
Dear Dave,

With your informative comment I tested this class in my test room where platform is PHP 7.

I found certain scripts I happened to change limited areas.

Finally I stucked at where i has used

mysql_result($rslt,$i,'drug_primary_id');

Script gave me error there.. Isn't there any fixed code to rectify that also using your class ?

According to the critical mysql methods I have only used this.. So if i have some solution for this I would be better more..

In update I happened to remove auto_incremental values.. Then it was DONE..

Thanks very much Dave for sharing this kind of element.. Bye


  6. Re: Will this block SQL Injections &...   Reply   Report abuse  
Dave Smith - 2017-09-01 02:44:30 - In reply to message 5 from Udara Madushan
There have been problems with the mysql_result replacement. Some fixes are shown in other threads here. I haven't gotten around to updating the class yet, I will try in the next couple of days.

There is not a replacement in mysqli since it was removed after being the cause of many slow queries.

Dave

  7. Re: Will this block SQL Injections &...   Reply   Report abuse  
Udara Madushan - 2017-09-03 15:29:48 - In reply to message 6 from Dave Smith
Dear Dave,

Thanks a lot.. I'm waiting till you update the class.. Could you please update it soon ???

I think many people may waiting for this..

Thanks a lot. Please update into this thread once you will update it....

Bye

  8. Re: Will this block SQL Injections &...   Reply   Report abuse  
Dave Smith - 2017-09-04 04:15:28 - In reply to message 7 from Udara Madushan
Class updated, let me know if you are still having issues.

Dave

  9. Re: Will this block SQL Injections &...   Reply   Report abuse  
Udara Madushan - 2017-09-04 04:42:28 - In reply to message 8 from Dave Smith
Dear Dave,

Thanks a lot and highly appreciate your quick response.Sure I will test this and let you know further issues or not.. But give me couple of day since I will quite busy next 3 to 4 days...

Thanks again..

  10. Re: Will this block SQL Injections &...   Reply   Report abuse  
Udara Madushan - 2017-09-04 08:36:38 - In reply to message 8 from Dave Smith
Dear Dave,

I replaced the current class files and replaced by new files. Then executed the script.. I couldn't find any progress out of this.. But I'm not sure its due to the mysql_result issue or some other issue in my script..

I simply included you class on my scripts. But I found some ajax calls not operating..

I think I have to manually go through the script.

Bye