Hey Programmers. I have heard a lot of good things about this community and I decided to try my luck as I need some help in a little code fixing. I am one of the Game moderators of Stargatewars http://www.stargatewars.com/. And I am requesting help in securing bugs in my game. I have run into a few problems involving SQL injections. To avoid anyone gaining a fair advantage through this method I have disabled the use of and Quotes or symbols to be submitted in the forms. Also some programmers pointed out a few holes in the login procedure. With their help I decided to introduce Session times and advanced login cookies to avoid users replicating cookies. I admit I dont understand the actual code involved but I am thankful for people helping me securing this game. But as always my work is not perfect and someone always manages to mess things up for me. Recently I had to introduce Pin confirmation just to validate simple tasks since people were using Macros. I will be ever grateful if some experienced Programmers took a small peek at my game and helped me secure it. Plz let me know by PM if you can help me. I would be even more grateful if you guys helped me fix the actual bug in question. I will check my Pm daily and of course I can arrange IM chats aswell for more detailed talks. Thanks for reading Yours Chris Jepson.
For email injections I use the following: function validate_fields($s) { $forbidden = array('%', '\r', '\n'); foreach ($forbidden as $f) if (strpos($s, $f) !== false) return false; return true; } if (!validate_fields($_POST['from'])) { echo "<h4>Sorry you have entered an invalid character in your email address, you entered:</h4>"; Code (markup): Ian