Home > database >  Message, received these at sixes and sevens website is this SQL injection?
Message, received these at sixes and sevens website is this SQL injection?

Time:10-02


CodePudding user response:

This is their SQL injection, the test results for your web site up.

CodePudding user response:

When I use the scanning tools, also can find a mess of data in the database,,,

CodePudding user response:

reference 1st floor trainee response:
this is their SQL injection, the test results for your web site up.


Scared the shit out of people, ha ha, I was reading a book while writing a website, business people, I am a small site, against me,

I didn't even have made the value of the handle is deposited in the data,

<? PHP
If (isset ($_POST [' submit ']))
{
$name=$_POST [' name '];
$email=$_POST [' email '];
$message=$_POST [' message '].

if(! $name | |! $email)
{
if(! $name)
{
Echo "& lt; The h2 & gt; Both Please input your name
}
if(! $email)
{
Echo "& lt; The h2 & gt; Both Please input your email}
?>
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Var reg=new RegExp (" ^ [a - z0-9] + [[. _ \ \ -] * [a - z0-9]) * @ ([a - z0-9] + [9] - a - z0 - */a - z0-9 +.) tobacco on {1} [a - z0-9] + $");//regular expression

if(! Reg. The test (yourEmail. Value))
{
Alert (" Wrong email format, both please email input right!" );//not regular verification, through wrong format
return false;
}
The else
{
//alert (" through!" );
return true;
}

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
$query="insert into the message (name, email, message) values ('". $name. "', '". $email."', '". $message. "') ";

CodePudding user response:

Show your site valuable

CodePudding user response:

How should prevent?

Page link:https//www.codepudding.com/database/47577.html

Prev:How to replace the unpivot functions in the oracle, MySQL?
Next:DB2 v10 authentication question - a V8 DBA card, how to take an examination of v10 senior DBA
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding