MySQL DB is hackable?

During some days I had faced some big issues in my app. Some users are increasing their referral joining and bypass the referral code system and I don’t understand what happened.
One user had mailed me and said I can bypass your app’s referral system and then I contact him.
They said my app and database is very easy to hack.
Please Help Me!
I am nothing understand what am I do now?

Can you specify what exactly happened like what data was hacked?

1 Like

They easily bypass referral system in login screen and add unlimited joining and referral points.

One form of invasion, but it is not related to MYSQL, but with its code is the invasion by SQL INJECTION.
Review your code. Read about SQL Injection and see if this is the problem.

Maybe you set blocks incorrectly means you just inserting and updating in mysql without validation logic

1 Like

99% of chances, user know your table name and inject her own insert update query.
Its good that he doesn’t run drop database or table query so you lost all your data.
You need to write new powerful backend which prevents sql injections.

1 Like

This is my login screen blocks

@ShaikhSajidAli Please Correct Me!

Referral Points and Joining of users. Basically they are increasing their points and referrals.

@Rogerio_Rios How to fix SQL INJECTION? I am little bit understood about SQL Injection? Now How am i fix this

I wrote something about that in chapter “PHP Script” here App Inventor Tutorials and Examples: MySQL | Pura Vida Apps
Taifun

Thanks @Taifun
But how to prevent in kodular?

Sorry, I posted on the wrong topic. @Kodular
The right topic is this:


It’s not the Mysql bank.
If your code is not done well they invade. One way is SQL INJECTION (ORACLE, MYSQL, POSTGREE …)

Friend, the examples of links explain how it happens and what we should and should not do.
:+1:
https://www.w3schools.com/sql/sql_injection.asp

1 Like

@Rogerio_Rios I am still not find any solution. Now what should do I for protection.

I already mentioned

3 Likes

I found the problem.
SQL INJECTION is not a problem.
The problem is they are capturing our Http data by using HttpCanary App.
They get every query and all data from the database.

Now How to prevent from this?
Please Help Me

1 Like

Please don’t tag people to get attention.

I am not get any attention.
I am just want to solution

1 Like

By tagging people you send a notification to them. Imagine everybody to tag the same users if they have a problem. By tagging kodular you notify 9 people at once. They already see your topic. If they want to answer they will, no need to tag them.

Ok I am apologize.