Experienced Elementalist
- Joined
- Apr 13, 2009
- Messages
- 247
- Reaction score
- 95
Hello all,
Ive been working on a site recently and made up this script to backslash unwanted characters. It also then can remove the backslash. This is pritty much like mysql_escape_string but with a few added words and characters/symbols.
Add this at the top of the page:
It is case sensitive, so if someone trys to get around it by typing InSERT or INserT it wont work.
You use this as follows, for inserting information in to the database:
For reading information from a database:
Please dont flame me, im a beginner to PHP and only trying to help fellow members. Im sure theres easyer ways, if there is please tell me and I can improve on my skills.
Ive been working on a site recently and made up this script to backslash unwanted characters. It also then can remove the backslash. This is pritty much like mysql_escape_string but with a few added words and characters/symbols.
Add this at the top of the page:
PHP:
function escape($str) // Adds backslashes to exploitable text
{
$str = strtolower($str);
$search=array("\\","\0","\n","\r","\x1a","'",'"', ';', 'insert', 'select', 'delete', 'or');
$replace=array("\\\\","\\0","\\n","\\r","\Z","\'",'\"', '\;', '\insert', '\select', '\delete', '\or');
return str_replace($search,$replace,$str);
}
function remove($str) // Removes backslashes
{
$str = strtolower($str);
$search=array("\\\\","\\0","\\n","\\r","\Z","\'",'\"', '\;', '\insert', '\select', '\delete', '\or');
$replace=array("\\","\0","\n","\r","\x1a","'",'"', ';', 'insert', 'select', 'delete', 'or');
return str_replace($search,$replace,$str);
}
It is case sensitive, so if someone trys to get around it by typing InSERT or INserT it wont work.
You use this as follows, for inserting information in to the database:
PHP:
$var = escape($_POST['name']);
For reading information from a database:
PHP:
$var = remove($var);
Please dont flame me, im a beginner to PHP and only trying to help fellow members. Im sure theres easyer ways, if there is please tell me and I can improve on my skills.