~Removed.

What did you lose?

http://www.cisco.com/web/about/security/intelligence/sql_injection.html

There's no step to step guide, but it gives you a general idea of how to do it. It's basically implementing exceptions with conditions between application/website etcetc to database. (Standard exceptions is not such a good idea as it usually prints out the whole SQL error, a validation PHP class with parameter methods along with queries are better)

An example of standard exception errors~ straight from the back of my mind tho, they look different depending on the situation and language.

PHP example($var SQLQUERY): SQLQUERY = 'INSERT into POOPHEAD(NAME) VALUES ('Masinero');'

SQL Error: POOPHEAD table not found in ILIKETOPOOP

And no, I haven't used phpBB, but the most logical theory is that the data is stored in a database. Always make sure the sensitive information is encrypted as well.

~Removed.

Masinero

Encrypt and implement exceptions the way I said and they won't be able to retrieve any info or make fake fetches.

~Removed.

You'd have to go into the PHP source code, make a class that validates the incoming info and insert it into the main class.

I don't have time to show you how the PHP code looks as I would need to program new code... but I do have some old java code(all programming languages are similar.. there are minor differences in declaring etc) to just make you understand what I mean. Masinero

The first method checks whether the email is correct.

http://i45.tinypic.com/k1wbr7.png

~Removed.

Since all database queries look the same, I'd suggest CTRL+F "Insert into" in the PHP code and look for where theyre handled. And what do you mean solved by requiring activation?

Step1. (Everyone who has a database should do this, no matter what) Google for SQL encryption
Step2. Get into the PHP code and search for insert into
Step3. Create a new class for validation purposes (could go into the exception class and change messages as well)
Step4. Implement it in your main class on all SQL query methods.
Step5. You're partly protected, congratulations. :)

~Removed.

I could but youd have to wait 1-2 weeks, currently doing a program on my own regarding database interaction.. I'm also moving to a new apartment on Sunday lol. I'm also going to invite the freshmen to my university during one month, so I'll be out partying a lot. Masinero

~Removed.

Depends, would have to study PHPBB's database class & exception class in order to know which methods do what. Including creating a brand new validation class implementation which'd validate the current code in the main class.

Could take everything from 1-10 hours depending how complex the code is.

Masinero

~Removed.