Registracijos anketoj meta error'a

Sveiki iškilo programa,turiu web VIP sistema cs 1.6 ir registracijos puslapy kai vedu duomenis juos bandau pateikti paspausęs "registruoti" man išmeta tokį errorą

ERROR. Cannot query list: SELECT * FROM clientai where email like '[email protected]'

Galite parsisiųsti ir pažiūrėti: http://zp.alone.lt/vip/VIP_Sistema/nickreg.rar

Va pažiūrėkit visus failus kaip atrodo toje svetainėje

( http://zp.alone.lt/vip/VIP_Sistema/nickreg/ )

index.php

<?php
require("config.php");
require("mySQL.php");

function validemail(& $email, & $config)
{
   $conn = new mySQLConn($config['mysql']);
   $sql = "SELECT * FROM " . $config['USER_TABLE'] . " where email like '" . $email . "'";
   $conn->query($sql);
   if($conn->numRows() > 0)
       return "Kita Email, nes toks Email jau egzistuoja musu sistemoje!";

   if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email))
       return "";
   return "Kita Email,nes Emailas nuroditas neteisingai!";
}

function validName(& $name, & $config)
{
   $conn = new mySQLConn($config['mysql']);
   if((strpos($name, "`") !== FALSE) || (strpos($name, "'") !== FALSE) ) 
       return "Nick nurodytas neteisingai,nicke yra neleistu zenklu!";

   $sql = "SELECT * FROM " . $config['USER_TABLE'] . " WHERE name like '" . $name . "'";
   $conn->query($sql);
   if($conn->numRows() > 0)
       return "Toks Nick jau egzistuoja musu sistemoje! Spausk > <a href='http://aha.projektas.biz/regsistema/fragas/vip1.php'>Cia</a> <";
   return "";

}


if($_POST['check'])
{
   $name = trim($_POST['name']);
   $pass1 = trim($_POST['pass1']);
   $pass2 = trim($_POST['pass2']);
   $skype = trim($_POST['skype']);
   $email = trim($_POST['email']);
   $err = "";
   // validate entries
   if(!$name)
       $err .= "-Nick<br/>";
   if(!$pass1)
       $err .= "-Slaptazodis<br/>";
   if(!$pass2)
       $err .= "-Pakartokite Slaptazodis<br/>";
   if(!$skype)
       $err .= "-Skype Nick<br/>";
   if($email)
       $err .= validEmail($email, $config);


   if($err != "")
       $err = "Prasome ivesti:<br>" . $err;
   else
   {


       $conn = new mySQLConn($config['mysql']);
       $err = validName($name, $config);
       if($err == "")
       {
           $table = $config['USER_TABLE'];
           $done = true;

           if($done)
           {


              $sql = "INSERT INTO " . $table . "(name, pass, skype, email) values('" . $name . "','" . $pass1 . "','" . $skype . "','" . $email . "')";
              $conn->query($sql);
              $success = "Jusu zaidimo slapyvardis sekmingai uzregistruota.<br>Toliau registruokite V.I.P > <a href='http://aha.projektas.biz/regsistema/fragas/vip1.php'>Cia</a> < " . $success; 

           }

       }
   }

}
?>

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0 Transitional//EN'
'http://www.w3.org/TR/REC-html40/loose.dtd'><HTML>
<HEAD>
<TITLE>
   Zaidimo Nick & V.I.P Registracja by aha
</TITLE>
<META HTTP-EQUIV='Content-Type' CONTENT='text/html; charset=iso-8859-1'>

<script Language="JavaScript" type="text/JavaScript">
<!--
   function trim(str)
   {
       return str.replace(/^\s+/,'').replace(/\s+$/,'');
   }

   function validate()
   {
       err = '';
       <?php 
       if($config['email']['verify'])
       {
       ?>
       document.forms[0].email.value
           = trim(document.forms[0].email.value);
       if (document.forms[0].email.value == '')
           err += '  -email\n';
       <?php
       }
       ?>

       document.forms[0].name.value
           = trim(document.forms[0].name.value);
       document.forms[0].pass1.value
           = trim(document.forms[0].pass1.value);
       document.forms[0].pass2.value
           = trim(document.forms[0].pass2.value);
       document.forms[0].skype.value
           = trim(document.forms[0].skype.value);
       document.forms[0].email.value
           = trim(document.forms[0].email.value);
       if (document.forms[0].name.value == '')
           err += '  -Nick\n';
       if (document.forms[0].pass1.value == '')
           err += '  -Slaptazodi\n';
       if (document.forms[0].pass2.value == '')
           err += '  -Pakartokite Slaptazodi\n';
       if(document.forms[0].pass1.value != document.forms[0].pass2.value)
           err += '  -Neteisingai pakartojat antra slaptazodi\n';
       if(document.forms[0].skype.value == '')
           err += '  -Skype Nick\n';
       if(document.forms[0].email.value == '')
           err += '  -Email Adresa\n';

       if (err != '')
       {
           alert('Prasome ivesti:\n' + err);
           return false;
       }
       return true;
   }
-->
</SCRIPT>
<link href='style.css' rel='stylesheet' type='text/css'>

</HEAD>

<BODY>
   <H2>Zaidimo NICK Registracija</H2>
   <?php
   if($success)
   {
       echo ("<div class=\"success\">" . $success . "</div>");
       $name = "";
       $email = "";
   }
   if($err)
   {
       echo ("<div class=\"error\">" . $err . "</div>");
   }
   ?>


   <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>" onsubmit="return validate()">
   <table>



   <tr class="formField">
   	<td class="fieldName">Nick</td>
   	<td class="fieldContent"><input type="text" name="name" autocomplete="off" value="<?php echo $name?>" size="50"></td>
   </tr>
   <tr class="formField">
   	<td class="fieldName">Slaptazodis</td>
   	<td class="fieldContent"><input type="password" name="pass1" autocomplete="off" size="50"></td>
   </tr>
   <tr class="formField">
   	<td class="fieldName">Pakartokite Slaptazodi</td>
   	<td class="fieldContent"><input type="password" name="pass2" autocomplete="off" size="50"></td>
   </tr>
   <tr class="formField">
   	<td class="fieldName">Skype Nick</td>
   	<td class="fieldContent"><input type="skype" name="skype" autocomplete="off" size="50"></td>
   </tr>
   <tr class="formField">
   	<td class="fieldName">Email Adres</td>
   	<td class="fieldContent"><input type="email" name="email" autocomplete="off" size="50"></td>
   </tr>
   <INPUT type="hidden" name="check" value="1">
   <tr class="formField">
   	<td class="fieldName"> </td>
   	<td class="fieldContent"><INPUT type="Submit" class="button" value="Registruoti"></td>
   </tr>
   </table>
   </form>
</BODY>
</HTML>

mySQL.php

<?php

class mySQLConn
{
   var $conn;
   var $db;
   var $rs;

   function mySQLConn($config)
   {
       $where = $config['where'];
       $user = $config['user'];
       $pass = $config['pass'];
       $db = $config['DB'];
#         echo "<pre>";
#         print_r($config);
#         echo "</pre>";
//        echo "$user | $pass";
       $this->conn = mysql_connect($where, $user, $pass)
       or die("ERROR. Cannot connect to server...<BR>");
       $this->db = $db;
       $this->db_connect();
   }

   function db_connect()
   {
       @mysql_select_db($this->db, $this->conn)
       or die("ERROR. Cannot connect to database<BR>");
   }

   function set_db($db)
   {
       $this->db = $db;
   }

   function get_db()
   {
       return $this->db;
   }

   function query($sql)
   {
       $this->rs = @mysql_query($sql, $this->conn)
       or die ("ERROR. Cannot query list: $sql");
       return $this->rs;
   }

   function getRow()
   {
       return @mysql_fetch_assoc($this->rs);
   }

   function numRows()
   {
       return @mysql_num_rows($this->rs);
   }
}
?>

config.php

<?php

// mysql config
$config['mysql']['DB'] = "";             // database of where your tables are
$config['mysql']['where'] = "";    // location of mysql server
$config['mysql']['user'] = "";          // user name to log into
$config['mysql']['pass'] = "";              // password associated to the user name
$config['USER_TABLE'] = "";


?>

Nu tai config'e mysql duomenys prisijungimo nenurodyti.

Man vienam atrodo, kad sistemoj yra SQL injekcijos pažeidžiamumas? :)

Man vienam atrodo, kad sistemoj yra SQL injekcijos pažeidžiamumas? :)

Ne tau vienam, ne tau vienam... :rolleyes: