Indie-Resource.com

Today was the first day in about a month I looked into one of my games DB's for the users. I noticed several times that a user tried to create a user account and tried to Truncate the users table. I almost laughed so hard because of all these different tries. I guess I did my job quite well.

Just thought i would share that with everyone. but it did show me one flaw that I will work on by adding specific characters to the blacklist of banned user names.

Hm, this is one issue I've not heard about. Could you share some more details on how to protect against it, how to recognize it etc?

The term is SQLinjection.
http://en.wikipedia.org/wiki/SQL_injection
http://unixwiz.net/techtips/sql-injection.html

that is probably your biggest asset against sql-injection.

edit -
If you ever have all your databases delete randomly it is probably that you didn't use mysql_real_escape_string or didn't serialize your user inputted variables properly, which allowed them to access your database directly.

Ah ok, then I know what you mean.

yea, I realized i was really descriptive in my original post, but in my defense I was tired and couldn't remember the term SQLInjection... *Looks at his feet in disappointment*

ah thanks for posting this. Yes little 12 year old dweebs start hacking this way. Its a poor excuse for hacking but they think they are kewl

We often think of people trying to drop your tables, but there are much less noticeable problems that players can use SQL injection for. This page in the PHP manual outlines the problem near the bottom of the page in the examples. Basically, the user adds SQL code to skip the password check, so they can log in to anyone's account without it

So how could you tell he was doing this?

And how did your name change colors?

well i Have a wiki I setup ages ago for this site that I have done nothing with. Jp asked to work with it so I made him part of the wiki group. I need to change that color, its too bright but anyways he is going to work with the wiki for the site.

Ah, cool - not sure it's too bright, but it is almost invisible sometimes... depending on the background