Mirage Source Mirage Source (Nostalgia) Archive (2006-2011) Source Code Development Mirage Source 4 (Visual Basic 6) v
[Download] MS4 MySQL [Updated]

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Linear Mode
[Download] MS4 MySQL [Updated]
phelpsy
Unregistered
 
#5
06-04-2009, 09:29 PM
Asrrin29 Wrote:I see you've put alot of work into it, but it looks like you've handled things a bit inefficiently. It would be faster to use individual columns for each variable under the different types, instead of putting them in a single blob column and using a split string function. you are really hurting performance using strings like that. Also, like I said, it appears as if you have no code to clean injection attacks from any strings you pass to the DB, so the server is very vulnerable to that. I'd heavily recommend taking a look at the 3.0.7 source and see how Shan originally did it. I use that as a basis for my MySQL server, and it works like a charm. Good attempt at MySQL, it's more then most have done, and please don't take offense, but rather use my constructive criticism and make it better!
ok thanks
and the reason i used one big blob is because you end up with alot of lag from the mysql server if you do to many queries
so like every time you save the map youll get aload of lag xD
mine is alot different to 3.0.7
ill look into it Tongue

Code:
Public Function Cleanse(Dirty As String) As String
'****************************************************************
'* WHEN        WHO        WHAT
'* ----        ---        ----
'* 11/15/2003  Shannara   Created Function
'****************************************************************

'THIS FUNCTION WILL ESCAPE ALL SINGLE QUOTE CHARACTERS IN AN EFFORT
'TO PREVENT SQL INJECTION ATTACKS. IT IS RECCOMENDED THAT ALL TAINTED DATA BE
'PASSED THROUGH THIS FUNCTION PRIOR TO BEING USED IN DYNAMIC SQL QUERIES.
'
'*******************************************
'NOTE: YOUR BROWSER MAY SHOW SPACES IN THE STRINGS (I.E.  " '  " ) THERE SHOULD BE NO WHITESPACES IN ANY OF THE STRINGS
'*******************************************
'
'WRITTEN BY: MIKE HILLYER
'LAST MODIFIED: 14JUN2003
    Cleanse = Replace(Dirty, "'", "\'")
'CLEVER HACKERS COULD PASS \' TO THIS FUNCTION, WHICH WOULD BECOME \\'
' \\' GETS INTERPRETED AS \', WITH THE \ BEING IGNORED AND THE ' GETTING
'INTERPRETED, THUS BYPASSING THIS FUNCTION, SO WE SHALL LOOP UNTIL WE ARE LEFT
'WITH JUST \' WHICH ESCAPES THE QUOTE, LOOP IS NEEDED BECAUSE A HACKER COULD TYPE
' \\\' IF WE SIMPLY CHECKED FOR \\' AFTER DOING THE INITIAL REPLACE.
    Do While InStr(Cleanse, "\\'")
        Cleanse = Replace(Cleanse, "\\'", "\'")
    Loop
End Function

this it ?
Reply


Messages In This Thread

Forum Jump:


Users browsing this thread: 1 Guest(s)