[PHP] Anti-SQL Injection

**Ace-SG1-** · 11-09-07

PHP Code:


<?php

// Anti-SQL Injection 
function check_inject() 
  { 
    $badchars = array(";", "'", " \ ", "DROP", "SELECT", "drop", "select"); 
   
    foreach($_POST as $value) 
    { 
    $value = clean_variable($value);

    if(in_array($value, $badchars)) 
      { 
        die("SQL Injection Detected - Make sure only to use letters and numbers!\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']);
      } 
      else 
      { 
        $check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
        foreach($check as $char) 
        { 
          if(in_array($char, $badchars)) 
          { 
            die("SQL Injection Detected - Make sure only to use letters and numbers!\n<br />\nIP: ".$_SERVER['REMOTE_ADDR']); 
          } 
        } 
      } 
    } 
  } 
function clean_variable($var) 
    { 
    $newvar = preg_replace('/[^a-zA-Z0-9\_\-]/', '', $var); 
    return $newvar; 
    }

?>

Have fun kids.

**MentaL**

**Boarderkoen** · 11-09-07

If this works it would be nice :D

**Jangan** · 11-09-07

good job, hope it works, i will tell luca to test it out =D

**NarutaruTR** · 15-09-07

Is this now Working?

**HandsOfGod** · 15-09-07

Should work :P

for now

**Ace-SG1-** · 18-09-07

it beter work... lol.

**Shortor** · 18-09-07

you call us kids?

Originally Posted by AceSG on Coders Paradise

hmm any one? no one can tell me if this well block SQL injections??!!??!!

you can't do shit yourself :) you pasted some public reg script and the others made it secure for you..

source: http://forum.ragezone.com/f144/php-s...0/#post2493050

**xghDixi** · 18-09-07

thanks for that Ace - SG1

i hope it works xD

[PHP] Anti-SQL Injection

Thread Tools

Search Thread

[PHP] Anti-SQL Injection

Re: [PHP] Anti-SQL Injection

Re: [PHP] Anti-SQL Injection

Re: [PHP] Anti-SQL Injection

Re: [PHP] Anti-SQL Injection

Re: [PHP] Anti-SQL Injection

Re: [PHP] Anti-SQL Injection

Re: [PHP] Anti-SQL Injection

Advertisement