Wanted someone who knows about sql injection / cross site scripting

Discussion in 'Programming' started by mattriz, Oct 7, 2010.

0
  1. #1
    We have a near completed site but the login to the control management system we want to see if its possible to get into it via sql injection or cross site scripting. We then would need that code tightened up and secured to prevent any attacks. We don't have a lot of money for this and the job needs to be done very quickly, let me know.

    Thanks,

    Matt.
     
    mattriz, Oct 7, 2010 IP
  2. Michi

    Michi Peon

    Messages:
    40
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #2
    Sql injection can be completely prevented by using the mysql_real_escape() function. Cross site scripting can be prevented with the htmlspecialchars() function. If you need help, feel free to write me a PM.

    Michael
     
    Michi, Oct 7, 2010 IP
  3. theausums

    theausums Peon

    Messages:
    321
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    As Seller:
    100% - 0
    As Buyer:
    100% - 0
    #3
    u need to get a bit more advanced bud ;) mysqli_real_escape_string() and htmlentities() heh :D
     
    theausums, Oct 8, 2010 IP