$id = $_GET['id'];

if ( !preg_match('/^[-0-9_]*$/', $id) )
**
$url = "http://" .$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; //Get URL address
$ip = $_SERVER['REMOTE_ADDR']; // Get users IP address
$c_time = date('l jS \of F Y h:i:s A'); // Currnet date/time stamp

$to = Email@email.com' . ', '; // note the comm

$email = "Email@email.com"; // From Email
// subject
$subject = 'SQL Injection Attempt';

// message
$message = "Page Head<br><br>

URL: $url<br>
Code Used: $id<br> //What the $id variable is now
IP Address: $ip<br>
Time of attack: $c_time<br>";

// To send HTML mail, the Content-type header must be set
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

// Additional headers
$headers .= 'From: Your Name<$email>' . "\r\n";

// Mail it
mail($to, $subject, $message, $headers);
include 'http://Your Error Page/Error.php'; // Can include a error messages that displays to the hacker
die ();
}

Matt Garcia is the admin and hopefully he'll see your post. You can also send personal message. Matt's great guy and does super job on this forum.

I agree... the forums are ran like a champ.. just hate these script kiddies... have caused me all sorts of headaches. and him as well from what I can see.. lol

Uuugh... I am the lead web developer for my company. We are a DoD contractor, and I am constantly having to battle these little butt holes! However, I am not getting hit with SQL injections. My code that is in place prevents that from happening. It's the latest PHP exploits I have to keep an eye out on.

Thanks. I too cant stand the spammers and script kiddies but it unfortunately comes with the territory when running a forum. I do have anti-spam/script tactics in place but occasionally some will slip by as their methods of intrusion keep adapting.

Often its best to send me a PM as I will get an email on the notification, there are times where I dont check the forums daily. Anyway, hang in there as I am constantly trying to keep the forums spam and free.

spammers should all be shot. Then murdered.

Spammers on this forum or any other should have nothing to do with SQL injection. SQL injection should be a complete thing of the past with any application like vbulletin that has been patched up within the last year or so, maybe even longer.

If you are having a problem with SQL injection on an application you manage, then there is a problem. All modern PHP 5 apps and PHP frameworks would always use some type of data mapper or prepared statements that make SQL injection impossible and those types of checks that you posted completely unnecessary.

There are other exploits you have to watch for, no doubt, its a constant battle.

technology question...

I run the mortgage department for a large bank in the SouthEast.
A couple years back I contracted to have blog site with product and compliance guidelines built.
I was never satisfied so it was never deployed.
Do you know of any template type of forum/blog site with capasity similar to the Tige site exists and can be customized for industry profile?
It would be a great internal tool if i do not have to spend a fortune building capacity from ground up.
Thanks for any suggestion, direction, or advice.
Rob Henger

If you want to contact me directly, I can give you more info. The tige site is built on a CMS, like you would be looking for. Probably shouldn't divulge details on a public forum. There are many flavors, depending on your needs/budget.

robert - at - wake9 - dot - com

Rob, from what I understand Ragboy is not only a Tige Jedi, but an IT one as well.

I can offer up my services / expertise and can even collaborate with Ragboy (been trying to find a way to get his attention with this). I work for a DoD contractor here Reno, and I build, or have built, and maintain all of our online applications both internally and externally.

CMS or not it can be exploited. that much we agree on. (and can see here at times.)

that code I posted was over a year old.. not an issue for us. but looks like vbulletins roots have had those issues, and wondered since this rev is a bit down level.

vbulletin 3 may be using old methods still, not sure. I use V4, and SQL injection is not an issue, spam is, not injection.

What do you mean get my attention? Sorry if I missed a message. Feel free to email me direct.