Hello i did use the search before posting this.
Im new to php/mysql been doing soooo much reading. have been able to make a game that a few friends are playing. its like a pvp game.
Anyway one of the people playing found a way to glitch buying and selling units by putting a . in front of the value. i do have a protect feature for stripping illegal characters
function protect($string) {
return mysql_real_escape_string(strip_tags(addslashes($string)));
}
this works for other characters but not with . im not asking for someone to do it for me just wanted to be pointed in the right direction.
but just encase someone asks here is the code im using
if(isset($_POST['buy'])){
$sword = protect($_POST['sword']);
$shield = protect($_POST['shield']);
$gold_needed = (10 * $sword) + (10 * $shield);
if($sword < 0 || $shield < 0){
output("You must buy a positive number of weapons!");
}elseif($stats['gold'] < $gold_needed){
output("You do not have enough gold!");
}else{
$weapon['sword'] += $sword;
$weapon['shield'] += $shield;
$update_weapons = mysql_query("UPDATE `weapon` SET
`sword`='".$weapon['sword']."',
`shield`='".$weapon['shield']."'
WHERE `id`='".$_SESSION['uid']."'") or die(mysql_error());
$stats['gold'] -= $gold_needed;
$update_gold = mysql_query("UPDATE `stats` SET `gold`='".$stats['gold']."'
WHERE `id`='".$_SESSION['uid']."'") or die(mysql_error());
include("update_stats.php");
output("You have bought weapons!");
}
If anyone could give me a hand i would greatly appreciate it
i did find something "string functions, substr replace and str replace"
but can i use two functions in 1 query? sorry im new
EDIT***
Here is the query posted in update_stats
$update_stats = mysql_query("UPDATE `stats` SET
`income`='".$income."',`farming`='".$farming."',
`attack`='".$attack."',`defense`='".$defense."'
WHERE `id`='".$_SESSION['uid']."'") or die(mysql_error());
one of the people playing found a way to glitch buying and selling units by putting a . in front of the value
Well, you've not disclosed EXACTLY what the vulnerability is, but I'll hazard a guess that by input of a decimal value they run around your pricing/math? So, a number of possibilities, I should think?
if (substr($string, 0, 1) == ".") {
//return false, warn, etc.
}
That could go in your "protect" function.
Likewise, you could use intval() or even is_numeric() ... here I just add it to the assignment:
$sword = protect(intval($_POST['sword']));
You could also play with a regular expression. I'm assuming $value to be numeric? How many digits max? I've used 5:
if (preg_match("%\.\d{1,5}%", $sword)) { //this guy's playing w/us
die("Go away, bad hax0rz! :-P");
}