1.look at this antiinjectsql
this is a good one?Code:function antisql($sql) { $sql = preg_replace(sql_regcase("(select|union|0x|cast|exec|varchar|insert into|delete from|update account|update login|update character|ugradeid|drop table|show tables)"),"",$sql); $sql = trim($sql); $sql = strip_tags($sql); $sql = addslashes($sql); return $sql; }
if not you can give me one better?
2. i got the file zitem.xml, i can mef it? to zitem.xml.mef?
if yes, can you tell me how?
MEF is no encryption, if that's what you're thinking. I think GunZ already has the XML's in memory, MAIET just made a foolish attempt to kid us.
..Or so I think.
antiinjection.. 80%,
Still can inject some things.
function antisql($sql) {
$sql = preg_replace(sql_regcase("(select|union|0x|cast|exec|varchar|insert into|delete from|update account|update login|update character|ugradeid|drop table|show tables)"),"",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
$sql = addslashes($sql);
return $sql;
}
is a php statement, which I'm guessing is used for wiz kids register page.
Anyway, here's a short description of what is does.
function antisql($sql) = Create a function, where $sql is the input..
preg_replace = freplaces all the words/strings in the first parameter by the second parameter.
trim = remove whitespace from beginning and end of the script. (Eg: " good " becomes "good").
strip_tags = unvalidate HTML and PHP codes, makes them unusable.
addslahes = puts a slash (\) before every quote ( ' and " ).
u really din't read the question did you?Originally Posted by CobraCom
He asked if its good, not an explanation..
Tip :
Still can inject : Perl,PHP,telnet.
Reply With Quote![[Question] this anti inject sql good, and mef file](http://ragezone.com/hyper728.png)