Saturday, August 7, 2010

Anti sql injection

ANTI SQL INJECTION Function


PHP Code:
function check_injection()
  {
    $badchars = array("DROP""SELECT""UPDATE""DELETE""DELETE" "UNION""WHERE""FROM");

    foreach($_REQUEST  as $value)
    {
      if(in_array(strtoupper($value), $badchars))
      {
      $logfile'log/log.txt'//chmod 777 $IP $_SERVER['REMOTE_ADDR']; $logdetailsdate("F j, Y, g:i a") . ': ' '.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].''$fp fopen($logfile"r+"); fwrite($fp$logdetailsstrlen($logdetails)); fclose($fp);

       header('Location:http://go-to-hell.com');

      }
      else
      {
        $check preg_split("//"$value, -1PREG_SPLIT_OFFSET_CAPTURE);
        foreach($check as $char)
        {
         if(in_array(strtoupper($char), $badchars))
          {
      $logfile'log/log.txt'$IP $_SERVER['REMOTE_ADDR']; $logdetailsdate("F j, Y, g:i a") . ': ' '.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].''$fp fopen($logfile"r+"); fwrite($fp$logdetailsstrlen($logdetails)); fclose($fp);

            header('Location:http://go-to-hell.com');
     }
    }
   }
  }
  }  
and add in the begining of your script:

PHP Code:
check_injection();  
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)