· 7 years ago · May 20, 2018, 07:50 PM
1<?php
2 //error_reporting(E_ALL);
3 // ini_set("error_reporting", E_ALL);
4 // ini_set("display_errors", 1);
5
6 $db = mysql_connect('localhost', 'krillbite_com', 'C7BkFHhb') or die('Could not connect: ' . mysql_error());
7 mysql_select_db('krillbite_com') or die('Could not select database');
8
9 // Strings must be escaped to prevent SQL injection attack.
10 $name = mysql_real_escape_string($_GET['name'], $db);
11 $score = mysql_real_escape_string($_GET['score'], $db);
12 $level = mysql_real_escape_string($_GET['level'], $db);
13 $hash = $_GET['hash'];
14
15 $secretKey="mySecretKey"; # Change this value to match the value stored in the client javascript below
16
17 $real_hash = md5($name . $score . $name . $secretKey);
18 if($real_hash == $hash) {
19 // Send variables for the MySQL database class.
20 $query = "insert into Scores_".$level." values (NULL, '$name', '$score');";
21 $result = mysql_query($query) or die('Query failed: ' . mysql_error());
22 }
23?>