Sabtu, 05 Oktober 2013

SCRIPT CODE LOGIN ANTI SQL INJECTION


Agar lebih kebal dari SQL injection, scrip code untuk login dapat anda buat lebih spesifik yang mengquery tabel login/user. Isian text oleh user jika dieksekusi tidak mengakibatkan SQL injection, karena proses validasi ada pada pencocokan isi tabel login/user. Berdasar kriteria filter tersebut kemudian cocokan recorset field USER dan PASSWORD nya. Jika cocok maka proses login dapat Anda terusan ke aplikasi berikutnya, jika tidak maka keluar.

Databse yg digunakan PBL.MDB berisi Tabel PUser dgn field UserName(text 20), Password(text 20).
Buatlag form spt diatas dan code program sbb:
Option Explicit
Dim cnPBL As ADODB.Connection
Dim rsPuser As ADODB.Recordset
----------------
Private Sub cmdExit_Click()
End
End Sub
---------------------------
Private Sub cmdOK_Click()
On Error GoTo PP
Dim coba As Integer
Dim Uname As String
Dim Pwd As String
Dim SQL As String

Uname = Trim(txtPuser.Text)
Pwd = Trim(txtPassword.Text)

SQL = "SELECT * FROM PUSER WHERE UserName=" & "'" & Uname & "' AND Password=" & "'" & Pwd & "'"
rsPuser.Open SQL, cnPBL, adOpenKeyset, adLockOptimistic
If Not (txtPuser.Text = rsPuser!UserName And txtPassword.Text = rsPuser!Password) Then
txtPuser.Text = ""
txtPassword.Text = ""
txtPuser.SetFocus
MsgBox "USER NAME ATAU PASSWORD SALAH", vbCritical, "INFO"
Exit Sub
End If
If txtPuser.Text = "" Or txtPassword.Text = "" Then
txtPuser.SetFocus
Exit Sub
End If
frmLogin.Hide
frmBarang.Show ' jika benar buka form aplikasi
PP:
Select Case Err.Number
Case 3705
rsPuser.Close
Resume
End Select
End Sub
-----------------------------
Private Sub Form_Load()
Set cnPBL = New ADODB.Connection
Set rsPuser = New ADODB.Recordset

cnPBL.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source= " & App.Path & "\PBL.mdb;Persist Security Info=False"
rsPuser.Open "SELECT * FROM Puser", cnPBL, adOpenKeyset, adLockOptimistic
End Sub
----------------------------------------------------
Private Sub txtPassword_KeyPress(KeyAscii As Integer)
If KeyAscii = 13 Then
cmdOK.SetFocus
End If
End Sub
--------------------------------------------------
Private Sub txtPuser_KeyPress(KeyAscii As Integer)
If KeyAscii = 13 Then
txtPassword.SetFocus
End If
End Sub

Sumber ==>> https://www.facebook.com/groups/hacker.community.pinrang/
Diposting oleh di 10/05/2013 11:09:00 AM
Label: , ,

Tidak ada komentar:

Posting Komentar

Moga Saya Bisa memberi Solusi Yang Bermanfaat

By.Admin

Langganan: Posting Komentar (Atom)