Hi Guys,
I’m not sure if this is a good forum for this or not,
but I’m sure that there are a few of you
experienced with SQL injection.
Anyway, I’m trying to secure my site from
SQL injection, right now I’m working on
the login area.
[url]http://www.gallatinwebdesign.com/webdevcl/
The real username and password:
user: [B]demo
pass: [B]demo
My question IS,
[U]If you’re bored, would you mind trying to sql inject the
above site???
Anyway, I wrote an install program to reconstruct the
database, and all the data is basically useless (testing only),
so don’t hold back!
Gimme all you got!
Oh, and the forms located after login aren’t secure,
I don’t have any preg_replace/str_replace/magic_quotes for them
yet, but I will, I’m only concerned about the login box.
Oh, and ‘or”=’ wont work, I already tried.
Thanks a lot!
PS. This isn’t important.