Dream.In.Code > Programming Help > PHP

Welcome to Dream.In.Code
	Getting PHP Help is Easy! Join 132,331 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 1,124 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert

securest login script

2 Pages

1 2 >

Reply to this topic

Start new topic

securest login script

dreamincodehamza	25 Sep, 2008 - 05:27 PM Post #1
D.I.C Head Joined: 12 Sep, 2008 Posts: 108 Dream Kudos: 75 My Contributions	Is this login way or code is securest from sql injection or any other possible unautherize login . ir not then please tell me where it is lacking and what is the solution of it CODE <?php //striping tag $name = strip_tags($_POST[name]); $pssword = strip_tags( $_POST[password] ); //removing strings $name = mysql_escape_string($name); $pssword = mysql_escape_string($pssword); $result = mysql_query("select name,password from `loingTable` where name='$name' and password='$pssword'"); if ( mysql_num_rows($result) ) { echo 'success'; } else { echo 'wrong name and password'; } ?> <form action="" method="post"> <input type="text" name="name" /><br /> <input type="text" name="password" /> </form>
	This Post Was Helpful! ^New!


Register for Free to Make These Ads Go Away!

akozlik	25 Sep, 2008 - 06:41 PM Post #2
D.I.C Addict Joined: 25 Feb, 2008 Posts: 596 Thanked 22 times Dream Kudos: 750 My Contributions	Yes that looks protected from SQL injection, great job. A lot of people miss out on strip_tags(), let alone mysql_real_escape_string(); Here's a great place to start researching some PHP Security PHP Security Crash Course All in all though what you have should be enough to block most basic attempts.
	This Post Was Helpful! ^New!

pemcconnell	26 Sep, 2008 - 12:42 AM Post #3
D.I.C Regular Joined: 5 Aug, 2008 Posts: 394 Thanked 35 times Dream Kudos: 75 My Contributions	I have a function I put together ages ago which i use on my sites: CODE function formatRemoveSQL($value){ if(function_exists(strip_tags)){ $value = strip_tags($value); } if(function_exists(mysql_real_escape_string)){ $value = mysql_real_escape_string($value); }else if(function_exists(mysql_escape_string)){ $value = mysql_escape_string($value); } if(function_exists(addslashes)){ $value = addslashes($value); }else{ $value = str_replace("'", "´", $value); $value = str_replace('"', '"', $value); } return $value; } Note I keep the function_exists on as I am always working with different servers, with different versions of PHP. If you are always using the same version of PHP, you could remove these to speed it up slightly. This post has been edited by pemcconnell: 26 Sep, 2008 - 07:00 AM
	This Post Was Helpful! ^New!

akozlik	26 Sep, 2008 - 06:10 AM Post #4
D.I.C Addict Joined: 25 Feb, 2008 Posts: 596 Thanked 22 times Dream Kudos: 750 My Contributions	Awesome function. I'm going to add that to my library. Thanks a lot man.
	This Post Was Helpful! ^New!

pemcconnell	26 Sep, 2008 - 06:55 AM Post #5
D.I.C Regular Joined: 5 Aug, 2008 Posts: 394 Thanked 35 times Dream Kudos: 75 My Contributions	You're welcome
	This Post Was Helpful! ^New!

dreamincodehamza	26 Sep, 2008 - 04:02 PM Post #6
D.I.C Head Joined: 12 Sep, 2008 Posts: 108 Dream Kudos: 75 My Contributions	akozlik thanks for the link and i will visit the site for security information. And anything else you like to suggest except that piece of code. pemcconnell Please dont mind but what is so special in these user make functions. You are just use same function like me but just simply check for the existence of the funtions before use it . i really dont think so there is any special in it. with due respect dont mind please.
	This Post Was Helpful! ^New!

akozlik	26 Sep, 2008 - 04:43 PM Post #7
D.I.C Addict Joined: 25 Feb, 2008 Posts: 596 Thanked 22 times Dream Kudos: 750 My Contributions	What makes is function useful is the fact that it does all the escape functions in one function. Rather than calling php $item = mysql_real_escape_string($item); $item = addslashes($item); $item = strip_tags($item); $item = mysql_escape_string($item); $item2 = mysql_real_escape_string($item2); $item2 = addslashes($item2); $item2 = strip_tags($item2); $item2 = mysql_escape_string($item2); You can simply call php $item = formatRemoveSQL($item); $item2 = formatRemoveSQL($item2); You can tell it's a lot less code to have to write, which makes the script easier to maintain and to read.
	This Post Was Helpful! ^New!

pr4y	26 Sep, 2008 - 04:55 PM Post #8
D.I.C Head Joined: 19 Sep, 2008 Posts: 62 Dream Kudos: 50 My Contributions	very helpful libraries! thanks for that, i've been looking for something similar to this for some time now. as far as it seems, that script should be 100% SQL injection proof. doesn't look like you need to cover much else as far as security goes.
	This Post Was Helpful! ^New!

dreamincodehamza	26 Sep, 2008 - 05:07 PM Post #9
D.I.C Head Joined: 12 Sep, 2008 Posts: 108 Dream Kudos: 75 My Contributions	According to my knowledge not every function is 100% fully funtion . if you go to the site php.net then you will see that in front page different function are getting updated day by day because they are not in 100% process. so you can not say that this sql injection is full prove there is little bit or more lacking somewhere i am not expert of this put mysql_escape string escape not strings but if you want to know more about it then you should visit to php.net and search for these funtion in details . hope this will help you little bit I have started this topic of secure login but i have got nothing help from it in this. Everyone is getting help from each other and saying thanks to each other but my point is still there. ooo god where i am .
	This Post Was Helpful! ^New!

pr4y	26 Sep, 2008 - 05:33 PM Post #10
D.I.C Head Joined: 19 Sep, 2008 Posts: 62 Dream Kudos: 50 My Contributions	QUOTE I have started this topic of secure login but i have got nothing help from it in this. Everyone is getting help from each other and saying thanks to each other but my point is still there. ooo god where i am . It seems as though you have a secure login script, which is why you haven't gotten any help... it doesn't seem like anything needs to be changed, but if there is something specific you are wondering about the ask... but for the most part it seems secure.
	This Post Was Helpful! ^New!

dreamincodehamza	26 Sep, 2008 - 05:37 PM Post #11
D.I.C Head Joined: 12 Sep, 2008 Posts: 108 Dream Kudos: 75 My Contributions	Looks secure and having secure quite different statemens . .. . i think i have to go somewhere else for that. QUOTE .
	This Post Was Helpful! ^New!

pemcconnell	1 Oct, 2008 - 05:09 AM Post #12
D.I.C Regular Joined: 5 Aug, 2008 Posts: 394 Thanked 35 times Dream Kudos: 75 My Contributions	Right I just need to double check something. In your initial post you asked 'Is this login way or code is securest from sql injection or any other possible?' akozlik replied quickly with a yes, a compliment and a link to a site where you could read up more if you wanted. I then added a function to make your code shorter and help you out. So you have your initial question answered, with added help and advice. What else could you posibly want from us? QUOTE(dreamincodehamza) i think i have to go somewhere else for that. This post has been edited by pemcconnell: 1 Oct, 2008 - 05:10 AM
	This Post Was Helpful! ^New!

2 Pages

1 2 >

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 11/22/08 03:06AM

Invision Power Board v2.1.7 © 2008 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | PHP Tutorials | Linux Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

Bye Bye Ads

Free DIC T-Shirt

T-Shirt Example

Related Sites

Monthly Drawing

Partners

Top Contributors

Top 10 Kudos This Month