mysqli_real_escape_string Cant fully prevent SQL Injection

[0944-tw]

mysqli_real_escape_string CAN PREVENT SQL Injection BUT it cant FULLY PREVENT SQL Injection. So,Its Safe But Unsafe? xD https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string

[0944-tw]

Fo FIx It (Copied From Stackoverflow xD) Use Modern Versions of MySQL (late 5.1, all 5.5, 5.6, etc) AND mysql_set_charset() / $mysqli->set_charset() / PDO's DSN charset parameter (in PHP ≥ 5.3.6) Or Don't use a vulnerable character set for connection encoding (you only use utf8 / latin1 / ascii / etc)

[mahtab2003]

Mofhy is expired

[greenreader9]

Wait, so you are no longer supporting it, again?

[ghost]

Mofhy is expired

🤦

[jaikt]

🙄

[mahtab2003]

This time it is permanently closed and will no longer receive any updates from vendor

[jaikt]

why bro?

[mahtab2003]

There are some issues i can't resolve either.

[jaikt]

what are the issues? the community is there 🤔

[0944-tw]

yep

[0944-tw]

its easy to resolve :) just use PDO

[mahtab2003]

Xss and some tokenized system issue. I'm thinking to make a new application based on codeigniter in order to make it work smoother and secure.

[greenreader9]

Go for it!

[jaikt]

tokenized system issue

Like what? I would love to try fix it!

[greenreader9]

Well the client, and admin area login needs to be redone as well. Testing on my own install, both can be hacked. Not sharing details since, well, that should be obvious.

[mahtab2003]

Well the client, and admin area login needs to be redone as well. Testing on my own install, both can be hacked. Not sharing details since, well, that should be obvious.

Yeah that's right and also logic bombs exists in this application

[0944-tw]

wtf it just 1 day then lot of comment

[mahtab2003]

wtf it just 1 day then lot of comment

So what?

[jaikt]

Can something like this being implemented correct? Reference: https://youtu.be/I4JYwRIjX6c?t=996

[mahtab2003]

Can something like this being implemented correct? Reference: https://youtu.be/I4JYwRIjX6c?t=996

Yes can be.

[jaikt]

I am making fix for prepared stmts. https://github.com/MofhyDevs/MofhyCommunity/

[greenreader9]

Um, there already is a community version...

[jaikt]

which no one cares to edit.

[mahtab2003]

which no one cares to edit.

Well nobody cares whatever you are doing for community. They will just tell where you are wrong and will never try to fix it by there own.

[ghost]

which no one cares to edit.

Well nobody cares whatever you are doing for community. They will just tell where you are wrong and will never try to fix it by there own.

That's kinda sad honestly...

[jaikt]

That's kinda sad honestly...

agreed

[greenreader9]

I mean you are not editing it either...

[mahtab2003]

Who are you mentioning

[jaikt]

https://github.com/MyOwnFreeHostCommunity/Mofhy 🤔

[greenreader9]

I am talking to @jaikt

Well the Community version here here: https://github.com/MOFH-Dev

You just made another one, when one already exists.

[mahtab2003]

I am talking to @jaikt

Well the Community version here here: https://github.com/MOFH-Dev

You just made another one, when one already exists.

Well well well. That's a point

[Lebyy]

imo, rewriting the whole project from scratch but better this time is the best we can do rather than forking the same repo under a different organization everytime OR Create one organization where everyone who has already contributed / plans to contribute to the project with edit perms access under a private fork which will patch all security issues then release it after it's stable enough for production.

Ensuring all the security issues are patched this time.