Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Php Effective Anti Injection Script -> No symbol block

Junior Spellweaver
Loyal Member
Joined
Dec 27, 2004
Messages
108
Reaction score
16
I've been seeing all kinds of stuff about this topic.. Everyone gets his site hijacked in a way.. So here is a script that should put an end to this.
This script is 100% effective, does not block/replace any symbols (including the "'"). The scripts is a part of my web's security but i decided to share it.
Just put in the file that connects to the mssql server or ODBC data source.

PHP:
// Begin
/*
    The muonline xweb base injection filter script
        Mssql Injection Filter, Includes arrays
-----------------------------------------------------------------
           Changelog: mu.vachev.net?mod=xweb
*/

function xw_sanitycheck($str){
    if(strpos(str_replace("''",""," $str"),"'")!=false)
        return str_replace("'", "''", $str);
    else
        return $str;
}

function secure($str){
    // Case of an array
    if (is_array($str)) {
        foreach($str AS $id => $value) {
            $str[$id] = secure($value);
        }
    }
    else
        $str = xw_sanitycheck($str);

    return $str;
}

// Get Filter
$xweb_AI    = array_keys($_GET);
$i=0;
while($i<count($xweb_AI)) {
    $_GET[$xweb_AI[$i]]=secure($_GET[$xweb_AI[$i]]);
    $i++;
}
unset($xweb_AI);

// Request Filter
$xweb_AI    = array_keys($_REQUEST);
$i=0;
while($i<count($xweb_AI)) {
    $_REQUEST[$xweb_AI[$i]]=secure($_REQUEST[$xweb_AI[$i]]);
    $i++;
}
unset($xweb_AI);

// Post Filter
$xweb_AI    = array_keys($_POST);
$i=0;
while($i<count($xweb_AI)) {
    $_POST[$xweb_AI[$i]]=secure($_POST[$xweb_AI[$i]]);
    $i++;
}

// Cookie Filter (do we have a login system?)
$xweb_AI    = array_keys($_COOKIE);
$i=0;
while($i<count($xweb_AI)) {
    $_COOKIE[$xweb_AI[$i]]=secure($_COOKIE[$xweb_AI[$i]]);
    $i++;
}
// End
The script executed in less than 0.01 seconds.

Compatible with: PHP 4.x.x/5.x.x+
Credits: Savoy
 
Junior Spellweaver
Loyal Member
Joined
Dec 27, 2004
Messages
108
Reaction score
16
Re: [Release]Php Effective Anti Injection Script -> No symbol block

good release, next time add a [release] tag

Totally forgot about that.. will have that in mind next time
 
I'll take you all on.
Loyal Member
Joined
May 11, 2004
Messages
3,253
Reaction score
6
Re: [Release]Php Effective Anti Injection Script -> No symbol block

great man, thanks
 
Newbie Spellweaver
Joined
Oct 23, 2005
Messages
33
Reaction score
0
Re: [Release] Php Effective Anti Injection Script -> No symbol block

xtremely nice :X :D thank you savoy!
 
Newbie Spellweaver
Joined
Apr 6, 2007
Messages
12
Reaction score
0
Re: [Release] Php Effective Anti Injection Script -> No symbol block

Savoy rulz !
 
Legendary Battlemage
Loyal Member
Joined
Nov 3, 2006
Messages
648
Reaction score
2
Re: [Release] Php Effective Anti Injection Script -> No symbol block

Nice release man.
 
Newbie Spellweaver
Joined
Nov 11, 2006
Messages
58
Reaction score
0
Re: [Release] Php Effective Anti Injection Script -> No symbol block

Thanks, very usefull
 
Newbie Spellweaver
Joined
Nov 28, 2006
Messages
9
Reaction score
0
Re: [Release] Php Effective Anti Injection Script -> No symbol block

I dont understand were i put pls help me were I put this pllssssss
 
Junior Spellweaver
Joined
May 26, 2006
Messages
148
Reaction score
1
Re: [Release] Php Effective Anti Injection Script -> No symbol block

Very nice and useful, keep up the good work! ^^
 
Newbie Spellweaver
Joined
Nov 28, 2006
Messages
9
Reaction score
0
Re: [Release] Php Effective Anti Injection Script -> No symbol block

Hello ppl , can you help me !!!
 
Newbie Spellweaver
Joined
Nov 28, 2006
Messages
9
Reaction score
0
Re: [Release] Php Effective Anti Injection Script -> No symbol block

pfff help pls i dont understand were i put this cods !
 
Junior Spellweaver
Joined
Jun 5, 2005
Messages
142
Reaction score
0
Re: [Release] Php Effective Anti Injection Script -> No symbol block

this can be used in any kind of script?
btw gj
 
Newbie Spellweaver
Joined
Dec 14, 2005
Messages
25
Reaction score
0
Re: [Release] Php Effective Anti Injection Script -> No symbol block

Thanks, Good Job :]
Which files connecting to mssql/ODBC ?
 
Banned
Banned
Joined
Feb 21, 2007
Messages
360
Reaction score
28
Re: [Release] Php Effective Anti Injection Script -> No symbol block

ENG: Great 10/10 !
BG: bravo 10/10 !
 
Newbie Spellweaver
Joined
Jul 18, 2004
Messages
61
Reaction score
1
Re: [Release] Php Effective Anti Injection Script -> No symbol block

sorry my noob question but..

where i paste this script?
 
Newbie Spellweaver
Joined
Mar 24, 2007
Messages
88
Reaction score
0
Re: [Release] Php Effective Anti Injection Script -> No symbol block

good release , useful :))
 
Back
Top