SQL Injection
Posted: 10 Sep 2010, 01:52
Hi, i was wondering what sort of protection (if any) smartfox server has against sql injection attacks on serverside extentions.
For example, let's say i have a function in a serverside extentsion that logs moves from a game to a MySQL database. So everytime a player makes a move this code gets run (Actionscript)
That will work fine, however if a user were to modify the parameters being sent to SFS then they would be able to perform an SQL Injection.
What would solve this is the equivalent of mysql_real_escape_string() in PHP.
Any ideas?
For example, let's say i have a function in a serverside extentsion that logs moves from a game to a MySQL database. So everytime a player makes a move this code gets run (Actionscript)
Code: Select all
dbase.executeCommand("UPDATE table SET log = CONCAT(log, '"+params.log+"') WHERE match_id = '"+params.match_id+"';");
What would solve this is the equivalent of mysql_real_escape_string() in PHP.
Any ideas?