There's something in your database that always returns True. You should fix that.
Fixed. Am still looking for someone to do this.
Topic: [WTB]Secure code(sql injection) (Read 491 times)
Fixed. Am still looking for someone to do this.
There's something in your database that always returns True. You should fix that.
Code:
$con = mysql_connect("localhost","db user","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("db_name", $con);
$sql="INSERT INTO `db_name`.`form` (`bitcoinaddress`, `amountinbtc`, `phonenumber`) VALUES
('$_POST[bitcoinaddress]','$_POST[amountinbtc]','$_POST[phonenumber]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo ($_POST['amountinbtc']);
mysql_close($con);
?>
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("db_name", $con);
$sql="INSERT INTO `db_name`.`form` (`bitcoinaddress`, `amountinbtc`, `phonenumber`) VALUES
('$_POST[bitcoinaddress]','$_POST[amountinbtc]','$_POST[phonenumber]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo ($_POST['amountinbtc']);
mysql_close($con);
?>
I need someone who can modify this to stop sql injection.
I also need the data to be saved in sessions so that when the user refreshes the page the same data wont be duplicated in the database.
Willing to pay 15$(negotiable) in btc for this as long as it works as needed.
Jump to: