Jump to content

Pay2Paid.com - Online trades made easy/ PSC - PP - Bank


Recommended Posts

Posted

Dude...

 

http://pay2paid.com/page.php?pid=6 "

 

qri0c5.jpg

 

http://pay2paid.com/page.php?pid=6'

 

width=904 height=768http://i40.tinypic.com/2z4ag5i.jpg[/img]

 

http://pay2paid.com/page.php?pid=6+order+by+5--

 

width=886 height=768http://i40.tinypic.com/swp7aw.jpg[/img]

 

You really have to prevent SQL Injections by sanitizing the data being sent from $_GET and $_POST Arrays.... its really bad practice to put data directly to your SQL from a GET or POST request.

Posted

fdLP. for me works fine

 

of course the site works perfectly fine if you dont know were to watch and what to do... for plain english if you are a normal user who just want to do his/her job.

 

What im pointing out is for Frank who should take care of this soon.

Posted

Dude...

 

http://pay2paid.com/page.php?pid=6 "

 

qri0c5.jpg

 

http://pay2paid.com/page.php?pid=6'

 

width=904 height=768http://i40.tinypic.com/2z4ag5i.jpg[/img]

 

http://pay2paid.com/page.php?pid=6+order+by+5--

 

width=886 height=768http://i40.tinypic.com/swp7aw.jpg[/img]

 

You really have to prevent SQL Injections by sanitizing the data being sent from $_GET and $_POST Arrays.... its really bad practice to put data directly to your SQL from a GET or POST request.

 

seems strange, since I escaped properly the values. Maybe the hosted php version doesn't support a function I used.. anyway problem fixed, thanks for reporting...

Guest
This topic is now closed to further replies.

×
×
  • Create New...