PHP-Code: <?php $host = "localhost"; // Wird wahrscheinlich so bleiben $user = "username"; // Anpassen $pass = "passwort"; // Anpassen $db = "database"; // Rate! mysql_connect($host, $user, $pass) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); $topic_id = $_GET['topic_id']; $topic_id = mysql_escape_string($topic_id); // SQL Injection is teh shit!1 $result = mysql_query("SELECT `topic_replies` FROM `phpbb_topics` WHERE `topic_id` = '$topic_id'") or die(mysql_error()); $topic_replies = mysql_result($result, 0); echo "Der topic_replies wert von ".$topic_id." ist ".$topic_replies; unset($host); unset($pass); unset($user); unset($db); unset($topic_id); unset($result); unset($topic_replies); ?> So damit haben wir einen satz und alle Variablen gelöscht womit niemand sie einfach so auslesen kann
<?php $host = "localhost"; // Wird wahrscheinlich so bleiben $user = "username"; // Anpassen $pass = "passwort"; // Anpassen $db = "database"; // Rate! mysql_connect($host, $user, $pass) or die(mysql_error()); mysql_select_db($db) or die(mysql_error()); $topic_id = $_GET['topic_id']; $topic_id = mysql_escape_string($topic_id); // SQL Injection is teh shit!1 $result = mysql_query("SELECT `topic_replies` FROM `phpbb_topics` WHERE `topic_id` = '$topic_id'") or die(mysql_error()); $topic_replies = mysql_result($result, 0); echo "Der topic_replies wert von ".$topic_id." ist ".$topic_replies; unset($host); unset($pass); unset($user); unset($db); unset($topic_id); unset($result); unset($topic_replies); ?>
--
Foren-Regeln
Berechtigungen
Zitieren