[SQL]Automatic sql Injection protection

Results 1 to 4 of 4
  1. 01-09-08 #1
    Hidden
    Sorcerer Supreme Hidden is offline
    Member +Rank
    Apr 2008 Join Date
    .Location
    367Posts

    [SQL]Automatic sql Injection protection

    So i created a script you could put into your header or something :
    PHP Code:
    function protection($object){
    if(    $_POST){
    htmlspecialchars($object);
    mysql_real_escape_string($object);
    stripslashes($object);
    strip_tags($object);
    return     $object; } }
    function     sql($sql){
    if(    $_GET){
    if(    $_GET 1){
    mysql_real_escape_string($sql);
    return     $sql; } }
    }
    {    $_POST=protection($_POST); }
    {    $_GET=sql($_GET); } 
    For a automatic sql injection protection :D
    but it won't work for $_GET or $_POST
    Reply With Quote Reply With Quote
  2. Check out our sponsor
    [SQL]Automatic sql Injection protection
  3. 01-09-08 #2
    hotelunderwar
    Grand Master hotelunderwar is offline
    Grand MasterRank
    Sep 2007 Join Date
    506Posts

    Re: [SQL]Automatic sql Injection protection

    ty that is usefull
    Reply With Quote Reply With Quote
  4. 01-09-08 #3
    Hidden
    Sorcerer Supreme Hidden is offline
    Member +Rank
    Apr 2008 Join Date
    .Location
    367Posts

    Re: [SQL]Automatic sql Injection protection

    Quote Originally Posted by hotelunderwar View Post
    ty that is usefull
    it doesn't work, yet
    unless you use protection($_POST['user']) or something
    Reply With Quote Reply With Quote
  5. 01-09-08 #4
    Daevius
    Grand Master Daevius is offline
    Grand MasterRank
    Jun 2007 Join Date
    NetherlandsLocation
    3,252Posts

    Re: [SQL]Automatic sql Injection protection

    And what if both $_POST and $_GET are set but you pass a $_POST value?
    Reply With Quote Reply With Quote


« Previous Thread | Next Thread »

Advertisement