Location: PHPKode > projects > Nuke Patched > 76patched3dot3/basic.html
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#CCCCCC" text="#000000" link="#003399" vlink="#006699" alink="#006699">
<hr>
<div align="center"> 
  <h2><br>
    <font color="#0099CC">PHP-Nuke Patched<br>
    2003 chatserv<br>
    <a href="http://www.nukefixes.com/">NukeFixes</a> -- <a href="http://www.nukeresources.com/">NukeResources</a></font></h2>
  <hr>
</div>
<font size="4">Look for unquoted variables in sql queries, in example:<br>
<font color="#0000FF">sql_query(&quot;UPDATE &quot;.$prefix.&quot;_downloads_downloads 
SET downloadratingsummary=$finalrating,totalvotes=$totalvotesDB,totalcomments=$truecomments 
WHERE lid='$lid'&quot;, $dbi);</font><br>
should be:<br>
<font color="#0000FF">sql_query(&quot;UPDATE &quot;.$prefix.&quot;_downloads_downloads 
SET downloadratingsummary=</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">$finalrating</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">,totalvotes=</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">$totalvotesDB</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">,totalcomments=</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF">$truecomments</font><font size="4"><font color="#0000FF"><b><font color="#FF0000">'</font></b></font></font><font color="#0000FF"> 
WHERE lid='$lid'&quot;, $dbi);</font><br>
As you can see single quotes were added to the variables<br><br>
Another example:<br>
<font color="#0000FF">$result=sql_query(&quot;select rid, name, url from &quot;.$prefix.&quot;_related 
where tid=$topicid&quot;, $dbi);</font><br>
should be:<br>
<font color="#0000FF">$result=sql_query(&quot;select rid, name, url from &quot;.$prefix.&quot;_related 
where tid=<b><font color="#FF0000">'</font></b>$topicid<font color="#FF0000"><b>'</b></font>&quot;, 
$dbi);</font><br>
notice <i>$topicid</i> was enclosed between <i>single quotes</i>.<br><br>
This particular query attempts to grab 3 values from a database table, an id, 
a name and a url,<br>
the id is a numerical value:<br>
<font color="#0000FF">while(list($rid, $name, $url) = sql_fetch_row($result, $dbi)) 
{</font> <br>
Results are returned in the format <i>$value</i>, since one of the values is a 
number we add a<br>
php function to make sure only numbers are used, in this case we use <font color="#FF0000">intval()</font>, 
in values<br>
that return emails &amp; urls we can use another function, in this case <font color="#FF0000">stripslashes()</font>,<br>
the result line would now change to:<br>
<font color="#0000FF">while(list($rid, $name, $url) = sql_fetch_row($result, $dbi)) 
{</font><br>
<font color="#FF0000">$rid = <b>intval(</b>$rid<b>)</b>;<br>
$url = <b>stripslashes(</b>$url<b>)</b>;</font> </font><br><br>
<font size="4">There are many more functions one can use to check what gets 
  passed through a<br>
  variable but these should help make the files more secure, anyway here's one 
  more:<br>
Let's say that from our example we know <i>$name</i> will have <i>a maximum allowed<br>
character limit of 12</i>, we can make sure that limit is not exceeded in one<br>
  of several ways, in this case we'll use <font color="#FF0000">substr()</font> 
  so the above will now be:<br>
  <font color="#0000FF">while(list($rid, $name, $url) = sql_fetch_row($result, 
  $dbi)) {<br>
  $rid = intval($rid);<br>
  $name = <font color="#FF0000"><b>substr(&quot;</b></font>$name<font color="#FF0000"><b>&quot;, 
  0,12)</b></font>;<br>
  $url = stripslashes(<font color="#0000FF">$url);</font></font></font><br>
  <br>
<font size="4">In the case of variables for titles and descriptions you could 
mix <font color="#FF0000">stripslashes()</font> with <font color="#FF0000">FixQuotes()</font> 
, but only when inserting data into a table, if extracting only use <font color="#FF0000">stripslashed()</font> 
since <font color="#FF0000">FixQuotes()</font> will duplicate all single quotes, 
in example:<br>
$description = <b><font color="#FF0000">stripslashes(FixQuotes(</font></b>$description<b><font color="#FF0000">))</font></b>;</font> 
<font size="4">- for data to be inserted to a table.<br>
$description = <b><font color="#FF0000">stripslashes(</font></b>$description<b><font color="#FF0000">)</font></b>;</font> 
<font size="4">- for data to be extracted from a table.<br>
</font> 
<hr>
  <center> 
  <h2><font color="#990000">Variables list</font></h2>
</center><hr>
<br>
<font size="4">The following are some of the variables that deal with numerical 
values, you should secure them with the <font color="#FF0000">intval()</font> 
function.</font><br>
<br>
<div align="center">
  <table width="75%" border="1">
    <tr> 
      <td> 
        <div align="center"><b><font color="#FF0000" size="5">Database Table Name</font></b></div>
      </td>
      <td> 
        <div align="center"><b><font color="#FF0000" size="5">Variable(s)</font></b></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_access</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$access_id</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_authors</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$counter<br>
          $radminarticle<br>
          $radmintopic<br>
          $radminuser<br>
          $radminsurvey<br>
          $radminsection<br>
          $radminlink<br>
          $radminephem<br>
          $radminfaq<br>
          $radmindownload<br>
          $radminforum<br>
          $radmincontent<br>
          $radminency<br>
          $radminreviews<br>
          $radminnewsletter<br>
          $radminsuper</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_autonews</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$anid<br>
          $catid<br>
          $ihome</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_banner</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$bid<br>
          $cid<br>
          $imptotal<br>
          $impmade<br>
          $clicks<br>
          $active</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_bannerclient</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$cid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_blocks</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$bid<br>
          $weight<br>
          $active<br>
          $refresh<br>
          $view</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_catagories</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$cat_id</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_comments</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$tid<br>
          $pid<br>
          $sid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_config</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$anonpost<br>
          $commentlimit<br>
          $minpass<br>
          $pollcomm<br>
          $articlecomm<br>
          $broadcast_msg<br>
          $my_headlines<br>
          $top<br>
          $storyhome<br>
          $user_news<br>
          $oldnum<br>
          $ultramode<br>
          $banners<br>
          $multilingual<br>
          $useflags<br>
          $notify<br>
          $email_send<br>
          $attachments<br>
          $attachments_view<br>
          $singleaccount<br>
          $filter_forward<br>
          $moderate<br>
          $admingraphic<br>
          $httpref<br>
          $httprefmax</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_contactbook</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$uid<br>
          $contactid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_counter</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$count</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_downloads_categories</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$cid<br>
          $parentid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_downloads_downloads</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$lid<br>
          $cid<br>
          $sid<br>
          $hits<br>
          $totalvotes<br>
          $totalcomments</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_downloads_editorials</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$downloadid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_downloads_modrequest</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$requestid<br>
          $lid<br>
          $cid<br>
          $sid<br>
          $brokendownload</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_downloads_newdownload</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$lid<br>
          $cid<br>
          $sid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_downloads_votedata</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$ratingdbid<br>
          $ratinglid<br>
          $rating</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_encyclopedia</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$eid<br>
          $active</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_encyclopedia_text</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$tid<br>
          $eid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_ephem</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$eid<br>
          $did<br>
          $mid<br>
          $yid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_faqAnswer</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$id<br>
          $id_cat</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_faqCategories</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$id_cat</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_headlines</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$hid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_journal</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$jid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_journal_comments</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$cid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_journal_stats</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$id</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_links_categories</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$cid<br>
          $parentid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_links_editorials</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$linkid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_links_links</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$lid<br>
          $cid<br>
          $sid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_links_modrequest</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$requestid<br>
          $lid<br>
          $cid<br>
          $sid<br>
          $brokenlink</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_links_newlink</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$lid<br>
          $cid<br>
          $sid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_links_votedata</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$ratingdbid<br>
          $ratinglid<br>
          $rating</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_message</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$mid<br>
          $expire<br>
          $active<br>
          $view</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_modules</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$mid<br>
          $active<br>
          $view<br>
          $inmenu</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_pages</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$pid<br>
          $cid<br>
          $active<br>
          $counter</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_pages_categories</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$cid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_poll_check</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$pollID</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_poll_data</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$pollID<br>
          $optionCount<br>
          $voteID</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_poll_desc</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$pollID<br>
          $voters<br>
          $artid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_pollcomments</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$tid<br>
          $pid<br>
          $pollID</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_public_messages</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$mid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_queue</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$qid<br>
          $uid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_referer</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$rid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_related</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$rid<br>
          $tid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_reviews</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$id<br>
          $score<br>
          $hits</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_reviews_add</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$id<br>
          $score</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_reviews_comments</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$cid<br>
          $rid<br>
          $score</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_seccont</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$artid<br>
          $secid<br>
          $counter</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_sections</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$secid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_stories</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$sid<br>
          $catid<br>
          $comments<br>
          $counter<br>
          $topic<br>
          $ihome<br>
          $acomm<br>
          $haspoll<br>
          $pollID<br>
          $score<br>
          $ratings</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_stories_cat</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$catid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_topics</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$topicid</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_users</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$user_id<br>
          $storynum<br>
          $uorder<br>
          $noscore<br>
          $ublockon<br>
          $commentmax<br>
          $counter<br>
          $newsletter<br>
          $user_posts<br>
          $user_attachsig<br>
          $user_rank<br>
          $user_level<br>
          $broadcast<br>
          $popmeson<br>
          $user_active<br>
          $user_session_time<br>
          $user_session_page<br>
          $user_lastvisit<br>
          $user_new_privmsg<br>
          $user_unread_privmsg<br>
          $user_last_privmsg<br>
          $user_allowhtml<br>
          $user_allowbbcode<br>
          $user_allowsmile<br>
          $user_allowavatar<br>
          $user_allow_pm<br>
          $user_allow_viewonline<br>
          $user_notify<br>
          $user_notify_pm<br>
          $user_popup_pm<br>
          $user_avatar_type</b></font></div>
      </td>
    </tr>
    <tr> 
      <td> 
        <div align="center"><font size="4"><b>nuke_users_temp</b></font></div>
      </td>
      <td> 
        <div align="center"><font size="4"><b>$user_id</b></font></div>
      </td>
    </tr>
  </table>
</div>
<p align="center"><br>
</p>
<hr>
<div align="center"><font size="4"><a href="#top"><i><b>- Back To Top -</b></i></a></font> 
</div>
<hr>
</body>
</html>
Return current item: Nuke Patched