How To Prevent Python SQL Inject

[enisina 152]

Consinfo.py add

def GetInjectText(text):
    characters = ["SELECT","TRUNCATE","INSERT","REPLACE","DELETE",'/', '>', '<', '|', ';', ':', '}', '{', '[', ']', '%', '#', '@', '^','&']
    succes = False
    for j in xrange(len(characters)):
        if text.find(characters[j]) != -1:
            succes = True
            break
    return succes

use

def __SendShoutChatPacket(self, text):
    if constInfo.GetInjectText(text):
       chat.AppendChat(chat.CHAT_TYPE_INFO, " SQL INJECT")
       return

quote from turkish forum

[Exygo 1045]

Literally the worst fix ever 

 

void LogManager::ShoutLog(const char * pszName, const char * pszText)
{
    m_sql.EscapeString(__escape_hint, sizeof(__escape_hint), pszText, strlen(pszText));
   // bla bla bla
}

[Helia01 2055]

[enisina 152]

11 hours ago, Exygo said:

Literally the worst fix ever 

 

void LogManager::ShoutLog(const char * pszName, const char * pszText)
{
    m_sql.EscapeString(__escape_hint, sizeof(__escape_hint), pszText, strlen(pszText));
   // bla bla bla
}

very clever friend this was just an example. if you can do better, do it and share

[enisina 152]

On 15.08.2019 at 08:32, Helia01 said:

над чем ты смеешься Тебе нравится детка: D

[Raylee 645]

2 hours ago, enisina said:

над чем ты смеешься Тебе нравится детка: D

Rules

§1 Language

(1.1) Language

The language in this board is english. If you want to post something in your own language always add an english translation. The only exception for this rule is this section: Private Servers

 

Regards
Raylee